Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
z37CurriculumVitaeIsabelGonzalez.exe

Overview

General Information

Sample name:z37CurriculumVitaeIsabelGonzalez.exe
Analysis ID:1579936
MD5:cebc14097108206cf2149465b7ac4a23
SHA1:033a1ef67618c81ecc07d2be9816c387e00226c2
SHA256:59f94ff9fa02e65e2ccaa22af592a32088ed265f82b43a369ef811150f65b381
Tags:exeuser-Porcupine
Infos:

Detection

FormBook
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • z37CurriculumVitaeIsabelGonzalez.exe (PID: 6832 cmdline: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe" MD5: CEBC14097108206CF2149465B7AC4A23)
    • svchost.exe (PID: 6880 cmdline: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000001.00000002.2351028222.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.2351306500.0000000003080000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      SourceRuleDescriptionAuthorStrings
      1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        1.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

          System Summary

          barindex
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe", CommandLine: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe", ParentImage: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe, ParentProcessId: 6832, ParentProcessName: z37CurriculumVitaeIsabelGonzalez.exe, ProcessCommandLine: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe", ProcessId: 6880, ProcessName: svchost.exe
          Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe", CommandLine: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe", ParentImage: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe, ParentProcessId: 6832, ParentProcessName: z37CurriculumVitaeIsabelGonzalez.exe, ProcessCommandLine: "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe", ProcessId: 6880, ProcessName: svchost.exe
          No Suricata rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: z37CurriculumVitaeIsabelGonzalez.exeReversingLabs: Detection: 21%
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.2351028222.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.2351306500.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: z37CurriculumVitaeIsabelGonzalez.exeJoe Sandbox ML: detected
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: Binary string: wntdll.pdbUGP source: z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1692672154.0000000003710000.00000004.00001000.00020000.00000000.sdmp, z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1692925341.0000000003570000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2019823966.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2351336591.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2351336591.000000000339E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2021938398.0000000003000000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1692672154.0000000003710000.00000004.00001000.00020000.00000000.sdmp, z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1692925341.0000000003570000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.2019823966.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2351336591.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2351336591.000000000339E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2021938398.0000000003000000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1449B GetFileAttributesW,FindFirstFileW,FindClose,0_2_00B1449B
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1C7E8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00B1C7E8
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1C75D FindFirstFileW,FindClose,0_2_00B1C75D
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1F021 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B1F021
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1F17E SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B1F17E
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1F47F FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00B1F47F
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B13833 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B13833
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B13B56 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B13B56
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1BD48 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00B1BD48
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B22404 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_00B22404
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B2407C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00B2407C
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B2427A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00B2427A
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B2407C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00B2407C
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1003A GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00B1003A
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B3CB26 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00B3CB26

          E-Banking Fraud

          barindex
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.2351028222.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.2351306500.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: This is a third-party compiled AutoIt script.0_2_00AB3B4C
          Source: z37CurriculumVitaeIsabelGonzalez.exeString found in binary or memory: This is a third-party compiled AutoIt script.
          Source: z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e738e21f-f
          Source: z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer"memstr_8d599635-2
          Source: z37CurriculumVitaeIsabelGonzalez.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_6eed23e3-3
          Source: z37CurriculumVitaeIsabelGonzalez.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer"memstr_1258a4b4-8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042C9C3 NtClose,1_2_0042C9C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272B60 NtClose,LdrInitializeThunk,1_2_03272B60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_03272DF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032735C0 NtCreateMutant,LdrInitializeThunk,1_2_032735C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03274340 NtSetContextThread,1_2_03274340
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03274650 NtSuspendThread,1_2_03274650
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272BA0 NtEnumerateValueKey,1_2_03272BA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272B80 NtQueryInformationFile,1_2_03272B80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272BE0 NtQueryValueKey,1_2_03272BE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272BF0 NtAllocateVirtualMemory,1_2_03272BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272AB0 NtWaitForSingleObject,1_2_03272AB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272AF0 NtWriteFile,1_2_03272AF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272AD0 NtReadFile,1_2_03272AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272F30 NtCreateSection,1_2_03272F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272F60 NtCreateProcessEx,1_2_03272F60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272FA0 NtQuerySection,1_2_03272FA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272FB0 NtResumeThread,1_2_03272FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272F90 NtProtectVirtualMemory,1_2_03272F90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272FE0 NtCreateFile,1_2_03272FE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272E30 NtWriteVirtualMemory,1_2_03272E30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272EA0 NtAdjustPrivilegesToken,1_2_03272EA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272E80 NtReadVirtualMemory,1_2_03272E80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272EE0 NtQueueApcThread,1_2_03272EE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272D30 NtUnmapViewOfSection,1_2_03272D30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272D00 NtSetInformationFile,1_2_03272D00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272D10 NtMapViewOfSection,1_2_03272D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272DB0 NtEnumerateKey,1_2_03272DB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272DD0 NtDelayExecution,1_2_03272DD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272C00 NtQueryInformationProcess,1_2_03272C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272C60 NtCreateKey,1_2_03272C60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272C70 NtFreeVirtualMemory,1_2_03272C70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272CA0 NtQueryInformationToken,1_2_03272CA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272CF0 NtOpenProcess,1_2_03272CF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272CC0 NtQueryVirtualMemory,1_2_03272CC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03273010 NtOpenDirectoryObject,1_2_03273010
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03273090 NtSetValueKey,1_2_03273090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032739B0 NtGetContextThread,1_2_032739B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03273D10 NtOpenProcessToken,1_2_03273D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03273D70 NtOpenThread,1_2_03273D70
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1A279: GetFullPathNameW,__swprintf,CreateDirectoryW,CreateFileW,_memset,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00B1A279
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B08638 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00B08638
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B15264 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00B15264
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ABE8000_2_00ABE800
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADDAF50_2_00ADDAF5
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ABE0600_2_00ABE060
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AC41400_2_00AC4140
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AD23450_2_00AD2345
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B304650_2_00B30465
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AE64520_2_00AE6452
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AE25AE0_2_00AE25AE
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AD277A0_2_00AD277A
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B308E20_2_00B308E2
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AC68410_2_00AC6841
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AE69C40_2_00AE69C4
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B189320_2_00B18932
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B0E9280_2_00B0E928
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AE890F0_2_00AE890F
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AC89680_2_00AC8968
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADCCA10_2_00ADCCA1
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AE6F360_2_00AE6F36
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AC70FE0_2_00AC70FE
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AC31900_2_00AC3190
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AB12870_2_00AB1287
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADF3590_2_00ADF359
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AC56800_2_00AC5680
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AD16040_2_00AD1604
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AC58C00_2_00AC58C0
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AD78130_2_00AD7813
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AD1AF80_2_00AD1AF8
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AE9C350_2_00AE9C35
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B37E0D0_2_00B37E0D
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ABFE400_2_00ABFE40
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADBF260_2_00ADBF26
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AD1F100_2_00AD1F10
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00D19FF00_2_00D19FF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004100D31_2_004100D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004100D21_2_004100D2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004011901_2_00401190
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004022501_2_00402250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E2D31_2_0040E2D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004102F31_2_004102F3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416A8E1_2_00416A8E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416A931_2_00416A93
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402B191_2_00402B19
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402B201_2_00402B20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004024491_2_00402449
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E4171_2_0040E417
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040E4231_2_0040E423
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040242E1_2_0040242E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004024301_2_00402430
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402F801_2_00402F80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042EFB31_2_0042EFB3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FA3521_2_032FA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324E3F01_2_0324E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_033003E61_2_033003E6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E02741_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C02C01_2_032C02C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032301001_2_03230100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DA1181_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C81581_2_032C8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F41A21_2_032F41A2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_033001AA1_2_033001AA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F81CC1_2_032F81CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D20001_2_032D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032407701_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032647501_2_03264750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323C7C01_2_0323C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325C6E01_2_0325C6E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032405351_2_03240535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_033005911_2_03300591
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E44201_2_032E4420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F24461_2_032F2446
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EE4F61_2_032EE4F6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FAB401_2_032FAB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F6BD71_2_032F6BD7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA801_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032569621_2_03256962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A01_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0330A9A61_2_0330A9A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324A8401_2_0324A840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032428401_2_03242840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032268B81_2_032268B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E8F01_2_0326E8F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03282F281_2_03282F28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03260F301_2_03260F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E2F301_2_032E2F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B4F401_2_032B4F40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BEFA01_2_032BEFA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03232FC81_2_03232FC8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FEE261_2_032FEE26
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240E591_2_03240E59
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03252E901_2_03252E90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FCE931_2_032FCE93
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FEEDB1_2_032FEEDB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324AD001_2_0324AD00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DCD1F1_2_032DCD1F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03258DBF1_2_03258DBF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323ADE01_2_0323ADE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240C001_2_03240C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0CB51_2_032E0CB5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03230CF21_2_03230CF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F132D1_2_032F132D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322D34C1_2_0322D34C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0328739A1_2_0328739A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032452A01_2_032452A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E12ED1_2_032E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325B2C01_2_0325B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0327516C1_2_0327516C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322F1721_2_0322F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0330B16B1_2_0330B16B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324B1B01_2_0324B1B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F70E91_2_032F70E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FF0E01_2_032FF0E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EF0CC1_2_032EF0CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032470C01_2_032470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FF7B01_2_032FF7B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032856301_2_03285630
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F16CC1_2_032F16CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F75711_2_032F7571
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DD5B01_2_032DD5B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_033095C31_2_033095C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FF43F1_2_032FF43F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032314601_2_03231460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FFB761_2_032FFB76
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325FB801_2_0325FB80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B5BF01_2_032B5BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0327DBF91_2_0327DBF9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B3A6C1_2_032B3A6C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FFA491_2_032FFA49
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F7A461_2_032F7A46
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DDAAC1_2_032DDAAC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03285AA01_2_03285AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E1AA31_2_032E1AA3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EDAC61_2_032EDAC6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D59101_2_032D5910
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032499501_2_03249950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325B9501_2_0325B950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AD8001_2_032AD800
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032438E01_2_032438E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FFF091_2_032FFF09
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FFFB11_2_032FFFB1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03241F921_2_03241F92
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03203FD21_2_03203FD2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03203FD51_2_03203FD5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03249EB01_2_03249EB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F7D731_2_032F7D73
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03243D401_2_03243D40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F1D5A1_2_032F1D5A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325FDC01_2_0325FDC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B9C321_2_032B9C32
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FFCF21_2_032FFCF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03287E54 appears 108 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03275130 appears 58 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0322B970 appears 265 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 032AEA12 appears 86 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 032BF290 appears 105 times
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: String function: 00AD8A80 appears 42 times
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: String function: 00AB7F41 appears 35 times
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: String function: 00AD0C63 appears 70 times
          Source: z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1692215589.0000000003693000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs z37CurriculumVitaeIsabelGonzalez.exe
          Source: z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1693027930.000000000383D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs z37CurriculumVitaeIsabelGonzalez.exe
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: classification engineClassification label: mal80.troj.evad.winEXE@3/4@0/0
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1A0F4 GetLastError,FormatMessageW,0_2_00B1A0F4
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B084F3 AdjustTokenPrivileges,CloseHandle,0_2_00B084F3
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B08AA3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00B08AA3
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1B3BF SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00B1B3BF
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B2EF21 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00B2EF21
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B284D0 CoInitialize,CoUninitialize,CoCreateInstance,IIDFromString,VariantInit,VariantClear,0_2_00B284D0
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AB4FE9 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00AB4FE9
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeFile created: C:\Users\user\AppData\Local\Temp\aut69DA.tmpJump to behavior
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: z37CurriculumVitaeIsabelGonzalez.exeReversingLabs: Detection: 21%
          Source: unknownProcess created: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe"
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe"
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe"Jump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: ntmarta.dllJump to behavior
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic file information: File size 1183232 > 1048576
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: wntdll.pdbUGP source: z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1692672154.0000000003710000.00000004.00001000.00020000.00000000.sdmp, z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1692925341.0000000003570000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2019823966.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2351336591.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2351336591.000000000339E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2021938398.0000000003000000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1692672154.0000000003710000.00000004.00001000.00020000.00000000.sdmp, z37CurriculumVitaeIsabelGonzalez.exe, 00000000.00000003.1692925341.0000000003570000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.2019823966.0000000002E00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2351336591.0000000003200000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2351336591.000000000339E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2021938398.0000000003000000.00000004.00000020.00020000.00000000.sdmp
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: z37CurriculumVitaeIsabelGonzalez.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B2C104 LoadLibraryA,GetProcAddress,0_2_00B2C104
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B18538 push FFFFFF8Bh; iretd 0_2_00B1853A
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADE88F push edi; ret 0_2_00ADE891
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADE9A8 push esi; ret 0_2_00ADE9AA
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AD8AC5 push ecx; ret 0_2_00AD8AD8
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADEB83 push esi; ret 0_2_00ADEB85
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADEC6C push edi; ret 0_2_00ADEC6E
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00D16013 pushad ; retf 0_2_00D1606D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00422952 push esi; ret 1_2_0042295A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004031F0 push eax; ret 1_2_004031F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004252F3 push esp; retf 1_2_00425304
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041EB4C push ebp; ret 1_2_0041EBEC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00413B13 push eax; ret 1_2_00413B4C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D3F3 push es; ret 1_2_0040D3F4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041EB90 push ebp; ret 1_2_0041EBEC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041EC10 push ebp; ret 1_2_0041EBEC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0320225F pushad ; ret 1_2_032027F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032027FA pushad ; ret 1_2_032027F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032309AD push ecx; mov dword ptr [esp], ecx1_2_032309B6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0320283D push eax; iretd 1_2_03202858
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0320135E push eax; iretd 1_2_03201369
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AB4A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00AB4A35
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B353DF IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00B353DF
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeAPI/Special instruction interceptor: Address: D19C14
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0327096E rdtsc 1_2_0327096E
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeAPI coverage: 4.9 %
          Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.6 %
          Source: C:\Windows\SysWOW64\svchost.exe TID: 6900Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1449B GetFileAttributesW,FindFirstFileW,FindClose,0_2_00B1449B
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1C7E8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00B1C7E8
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1C75D FindFirstFileW,FindClose,0_2_00B1C75D
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1F021 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B1F021
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1F17E SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B1F17E
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1F47F FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00B1F47F
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B13833 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B13833
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B13B56 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B13B56
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B1BD48 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00B1BD48
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AB4AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AB4AFE
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeAPI call chain: ExitProcess graph end nodegraph_0-97633
          Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0327096E rdtsc 1_2_0327096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417A23 LdrLoadDll,1_2_00417A23
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B2401F BlockInput,0_2_00B2401F
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AB3B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00AB3B4C
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AE5BFC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00AE5BFC
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B2C104 LoadLibraryA,GetProcAddress,0_2_00B2C104
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00D18870 mov eax, dword ptr fs:[00000030h]0_2_00D18870
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00D19EE0 mov eax, dword ptr fs:[00000030h]0_2_00D19EE0
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00D19E80 mov eax, dword ptr fs:[00000030h]0_2_00D19E80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03308324 mov eax, dword ptr fs:[00000030h]1_2_03308324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03308324 mov ecx, dword ptr fs:[00000030h]1_2_03308324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03308324 mov eax, dword ptr fs:[00000030h]1_2_03308324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03308324 mov eax, dword ptr fs:[00000030h]1_2_03308324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A30B mov eax, dword ptr fs:[00000030h]1_2_0326A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A30B mov eax, dword ptr fs:[00000030h]1_2_0326A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A30B mov eax, dword ptr fs:[00000030h]1_2_0326A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322C310 mov ecx, dword ptr fs:[00000030h]1_2_0322C310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03250310 mov ecx, dword ptr fs:[00000030h]1_2_03250310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D437C mov eax, dword ptr fs:[00000030h]1_2_032D437C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B2349 mov eax, dword ptr fs:[00000030h]1_2_032B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B035C mov eax, dword ptr fs:[00000030h]1_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B035C mov eax, dword ptr fs:[00000030h]1_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B035C mov eax, dword ptr fs:[00000030h]1_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B035C mov ecx, dword ptr fs:[00000030h]1_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B035C mov eax, dword ptr fs:[00000030h]1_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B035C mov eax, dword ptr fs:[00000030h]1_2_032B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FA352 mov eax, dword ptr fs:[00000030h]1_2_032FA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D8350 mov ecx, dword ptr fs:[00000030h]1_2_032D8350
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0330634F mov eax, dword ptr fs:[00000030h]1_2_0330634F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322E388 mov eax, dword ptr fs:[00000030h]1_2_0322E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322E388 mov eax, dword ptr fs:[00000030h]1_2_0322E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322E388 mov eax, dword ptr fs:[00000030h]1_2_0322E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325438F mov eax, dword ptr fs:[00000030h]1_2_0325438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325438F mov eax, dword ptr fs:[00000030h]1_2_0325438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03228397 mov eax, dword ptr fs:[00000030h]1_2_03228397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03228397 mov eax, dword ptr fs:[00000030h]1_2_03228397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03228397 mov eax, dword ptr fs:[00000030h]1_2_03228397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032403E9 mov eax, dword ptr fs:[00000030h]1_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032403E9 mov eax, dword ptr fs:[00000030h]1_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032403E9 mov eax, dword ptr fs:[00000030h]1_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032403E9 mov eax, dword ptr fs:[00000030h]1_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032403E9 mov eax, dword ptr fs:[00000030h]1_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032403E9 mov eax, dword ptr fs:[00000030h]1_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032403E9 mov eax, dword ptr fs:[00000030h]1_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032403E9 mov eax, dword ptr fs:[00000030h]1_2_032403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324E3F0 mov eax, dword ptr fs:[00000030h]1_2_0324E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324E3F0 mov eax, dword ptr fs:[00000030h]1_2_0324E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324E3F0 mov eax, dword ptr fs:[00000030h]1_2_0324E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032663FF mov eax, dword ptr fs:[00000030h]1_2_032663FF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EC3CD mov eax, dword ptr fs:[00000030h]1_2_032EC3CD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A3C0 mov eax, dword ptr fs:[00000030h]1_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A3C0 mov eax, dword ptr fs:[00000030h]1_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A3C0 mov eax, dword ptr fs:[00000030h]1_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A3C0 mov eax, dword ptr fs:[00000030h]1_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A3C0 mov eax, dword ptr fs:[00000030h]1_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A3C0 mov eax, dword ptr fs:[00000030h]1_2_0323A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032383C0 mov eax, dword ptr fs:[00000030h]1_2_032383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032383C0 mov eax, dword ptr fs:[00000030h]1_2_032383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032383C0 mov eax, dword ptr fs:[00000030h]1_2_032383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032383C0 mov eax, dword ptr fs:[00000030h]1_2_032383C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B63C0 mov eax, dword ptr fs:[00000030h]1_2_032B63C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE3DB mov eax, dword ptr fs:[00000030h]1_2_032DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE3DB mov eax, dword ptr fs:[00000030h]1_2_032DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE3DB mov ecx, dword ptr fs:[00000030h]1_2_032DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE3DB mov eax, dword ptr fs:[00000030h]1_2_032DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D43D4 mov eax, dword ptr fs:[00000030h]1_2_032D43D4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D43D4 mov eax, dword ptr fs:[00000030h]1_2_032D43D4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322823B mov eax, dword ptr fs:[00000030h]1_2_0322823B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03234260 mov eax, dword ptr fs:[00000030h]1_2_03234260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03234260 mov eax, dword ptr fs:[00000030h]1_2_03234260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03234260 mov eax, dword ptr fs:[00000030h]1_2_03234260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322826B mov eax, dword ptr fs:[00000030h]1_2_0322826B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E0274 mov eax, dword ptr fs:[00000030h]1_2_032E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B8243 mov eax, dword ptr fs:[00000030h]1_2_032B8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B8243 mov ecx, dword ptr fs:[00000030h]1_2_032B8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0330625D mov eax, dword ptr fs:[00000030h]1_2_0330625D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322A250 mov eax, dword ptr fs:[00000030h]1_2_0322A250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236259 mov eax, dword ptr fs:[00000030h]1_2_03236259
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EA250 mov eax, dword ptr fs:[00000030h]1_2_032EA250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EA250 mov eax, dword ptr fs:[00000030h]1_2_032EA250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032402A0 mov eax, dword ptr fs:[00000030h]1_2_032402A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032402A0 mov eax, dword ptr fs:[00000030h]1_2_032402A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C62A0 mov eax, dword ptr fs:[00000030h]1_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C62A0 mov ecx, dword ptr fs:[00000030h]1_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C62A0 mov eax, dword ptr fs:[00000030h]1_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C62A0 mov eax, dword ptr fs:[00000030h]1_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C62A0 mov eax, dword ptr fs:[00000030h]1_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C62A0 mov eax, dword ptr fs:[00000030h]1_2_032C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E284 mov eax, dword ptr fs:[00000030h]1_2_0326E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E284 mov eax, dword ptr fs:[00000030h]1_2_0326E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B0283 mov eax, dword ptr fs:[00000030h]1_2_032B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B0283 mov eax, dword ptr fs:[00000030h]1_2_032B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B0283 mov eax, dword ptr fs:[00000030h]1_2_032B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032402E1 mov eax, dword ptr fs:[00000030h]1_2_032402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032402E1 mov eax, dword ptr fs:[00000030h]1_2_032402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032402E1 mov eax, dword ptr fs:[00000030h]1_2_032402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A2C3 mov eax, dword ptr fs:[00000030h]1_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A2C3 mov eax, dword ptr fs:[00000030h]1_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A2C3 mov eax, dword ptr fs:[00000030h]1_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A2C3 mov eax, dword ptr fs:[00000030h]1_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A2C3 mov eax, dword ptr fs:[00000030h]1_2_0323A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_033062D6 mov eax, dword ptr fs:[00000030h]1_2_033062D6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03260124 mov eax, dword ptr fs:[00000030h]1_2_03260124
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov eax, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov ecx, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov eax, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov eax, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov ecx, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov eax, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov eax, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov ecx, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov eax, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE10E mov ecx, dword ptr fs:[00000030h]1_2_032DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DA118 mov ecx, dword ptr fs:[00000030h]1_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DA118 mov eax, dword ptr fs:[00000030h]1_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DA118 mov eax, dword ptr fs:[00000030h]1_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DA118 mov eax, dword ptr fs:[00000030h]1_2_032DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F0115 mov eax, dword ptr fs:[00000030h]1_2_032F0115
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304164 mov eax, dword ptr fs:[00000030h]1_2_03304164
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304164 mov eax, dword ptr fs:[00000030h]1_2_03304164
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C4144 mov eax, dword ptr fs:[00000030h]1_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C4144 mov eax, dword ptr fs:[00000030h]1_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C4144 mov ecx, dword ptr fs:[00000030h]1_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C4144 mov eax, dword ptr fs:[00000030h]1_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C4144 mov eax, dword ptr fs:[00000030h]1_2_032C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322C156 mov eax, dword ptr fs:[00000030h]1_2_0322C156
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C8158 mov eax, dword ptr fs:[00000030h]1_2_032C8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236154 mov eax, dword ptr fs:[00000030h]1_2_03236154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236154 mov eax, dword ptr fs:[00000030h]1_2_03236154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03270185 mov eax, dword ptr fs:[00000030h]1_2_03270185
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EC188 mov eax, dword ptr fs:[00000030h]1_2_032EC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EC188 mov eax, dword ptr fs:[00000030h]1_2_032EC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D4180 mov eax, dword ptr fs:[00000030h]1_2_032D4180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D4180 mov eax, dword ptr fs:[00000030h]1_2_032D4180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B019F mov eax, dword ptr fs:[00000030h]1_2_032B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B019F mov eax, dword ptr fs:[00000030h]1_2_032B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B019F mov eax, dword ptr fs:[00000030h]1_2_032B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B019F mov eax, dword ptr fs:[00000030h]1_2_032B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322A197 mov eax, dword ptr fs:[00000030h]1_2_0322A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322A197 mov eax, dword ptr fs:[00000030h]1_2_0322A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322A197 mov eax, dword ptr fs:[00000030h]1_2_0322A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_033061E5 mov eax, dword ptr fs:[00000030h]1_2_033061E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032601F8 mov eax, dword ptr fs:[00000030h]1_2_032601F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F61C3 mov eax, dword ptr fs:[00000030h]1_2_032F61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F61C3 mov eax, dword ptr fs:[00000030h]1_2_032F61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE1D0 mov eax, dword ptr fs:[00000030h]1_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE1D0 mov eax, dword ptr fs:[00000030h]1_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE1D0 mov ecx, dword ptr fs:[00000030h]1_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE1D0 mov eax, dword ptr fs:[00000030h]1_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE1D0 mov eax, dword ptr fs:[00000030h]1_2_032AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322A020 mov eax, dword ptr fs:[00000030h]1_2_0322A020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322C020 mov eax, dword ptr fs:[00000030h]1_2_0322C020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C6030 mov eax, dword ptr fs:[00000030h]1_2_032C6030
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B4000 mov ecx, dword ptr fs:[00000030h]1_2_032B4000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D2000 mov eax, dword ptr fs:[00000030h]1_2_032D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D2000 mov eax, dword ptr fs:[00000030h]1_2_032D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D2000 mov eax, dword ptr fs:[00000030h]1_2_032D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D2000 mov eax, dword ptr fs:[00000030h]1_2_032D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D2000 mov eax, dword ptr fs:[00000030h]1_2_032D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D2000 mov eax, dword ptr fs:[00000030h]1_2_032D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D2000 mov eax, dword ptr fs:[00000030h]1_2_032D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D2000 mov eax, dword ptr fs:[00000030h]1_2_032D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324E016 mov eax, dword ptr fs:[00000030h]1_2_0324E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324E016 mov eax, dword ptr fs:[00000030h]1_2_0324E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324E016 mov eax, dword ptr fs:[00000030h]1_2_0324E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324E016 mov eax, dword ptr fs:[00000030h]1_2_0324E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325C073 mov eax, dword ptr fs:[00000030h]1_2_0325C073
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03232050 mov eax, dword ptr fs:[00000030h]1_2_03232050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B6050 mov eax, dword ptr fs:[00000030h]1_2_032B6050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032280A0 mov eax, dword ptr fs:[00000030h]1_2_032280A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C80A8 mov eax, dword ptr fs:[00000030h]1_2_032C80A8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F60B8 mov eax, dword ptr fs:[00000030h]1_2_032F60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F60B8 mov ecx, dword ptr fs:[00000030h]1_2_032F60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323208A mov eax, dword ptr fs:[00000030h]1_2_0323208A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322A0E3 mov ecx, dword ptr fs:[00000030h]1_2_0322A0E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032380E9 mov eax, dword ptr fs:[00000030h]1_2_032380E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B60E0 mov eax, dword ptr fs:[00000030h]1_2_032B60E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322C0F0 mov eax, dword ptr fs:[00000030h]1_2_0322C0F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032720F0 mov ecx, dword ptr fs:[00000030h]1_2_032720F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B20DE mov eax, dword ptr fs:[00000030h]1_2_032B20DE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326C720 mov eax, dword ptr fs:[00000030h]1_2_0326C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326C720 mov eax, dword ptr fs:[00000030h]1_2_0326C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326273C mov eax, dword ptr fs:[00000030h]1_2_0326273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326273C mov ecx, dword ptr fs:[00000030h]1_2_0326273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326273C mov eax, dword ptr fs:[00000030h]1_2_0326273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AC730 mov eax, dword ptr fs:[00000030h]1_2_032AC730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326C700 mov eax, dword ptr fs:[00000030h]1_2_0326C700
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03230710 mov eax, dword ptr fs:[00000030h]1_2_03230710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03260710 mov eax, dword ptr fs:[00000030h]1_2_03260710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03238770 mov eax, dword ptr fs:[00000030h]1_2_03238770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240770 mov eax, dword ptr fs:[00000030h]1_2_03240770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326674D mov esi, dword ptr fs:[00000030h]1_2_0326674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326674D mov eax, dword ptr fs:[00000030h]1_2_0326674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326674D mov eax, dword ptr fs:[00000030h]1_2_0326674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03230750 mov eax, dword ptr fs:[00000030h]1_2_03230750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BE75D mov eax, dword ptr fs:[00000030h]1_2_032BE75D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272750 mov eax, dword ptr fs:[00000030h]1_2_03272750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272750 mov eax, dword ptr fs:[00000030h]1_2_03272750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B4755 mov eax, dword ptr fs:[00000030h]1_2_032B4755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032307AF mov eax, dword ptr fs:[00000030h]1_2_032307AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E47A0 mov eax, dword ptr fs:[00000030h]1_2_032E47A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D678E mov eax, dword ptr fs:[00000030h]1_2_032D678E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032527ED mov eax, dword ptr fs:[00000030h]1_2_032527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032527ED mov eax, dword ptr fs:[00000030h]1_2_032527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032527ED mov eax, dword ptr fs:[00000030h]1_2_032527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BE7E1 mov eax, dword ptr fs:[00000030h]1_2_032BE7E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032347FB mov eax, dword ptr fs:[00000030h]1_2_032347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032347FB mov eax, dword ptr fs:[00000030h]1_2_032347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323C7C0 mov eax, dword ptr fs:[00000030h]1_2_0323C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B07C3 mov eax, dword ptr fs:[00000030h]1_2_032B07C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324E627 mov eax, dword ptr fs:[00000030h]1_2_0324E627
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03266620 mov eax, dword ptr fs:[00000030h]1_2_03266620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03268620 mov eax, dword ptr fs:[00000030h]1_2_03268620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323262C mov eax, dword ptr fs:[00000030h]1_2_0323262C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE609 mov eax, dword ptr fs:[00000030h]1_2_032AE609
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324260B mov eax, dword ptr fs:[00000030h]1_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324260B mov eax, dword ptr fs:[00000030h]1_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324260B mov eax, dword ptr fs:[00000030h]1_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324260B mov eax, dword ptr fs:[00000030h]1_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324260B mov eax, dword ptr fs:[00000030h]1_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324260B mov eax, dword ptr fs:[00000030h]1_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324260B mov eax, dword ptr fs:[00000030h]1_2_0324260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03272619 mov eax, dword ptr fs:[00000030h]1_2_03272619
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F866E mov eax, dword ptr fs:[00000030h]1_2_032F866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F866E mov eax, dword ptr fs:[00000030h]1_2_032F866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A660 mov eax, dword ptr fs:[00000030h]1_2_0326A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A660 mov eax, dword ptr fs:[00000030h]1_2_0326A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03262674 mov eax, dword ptr fs:[00000030h]1_2_03262674
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0324C640 mov eax, dword ptr fs:[00000030h]1_2_0324C640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326C6A6 mov eax, dword ptr fs:[00000030h]1_2_0326C6A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032666B0 mov eax, dword ptr fs:[00000030h]1_2_032666B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03234690 mov eax, dword ptr fs:[00000030h]1_2_03234690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03234690 mov eax, dword ptr fs:[00000030h]1_2_03234690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE6F2 mov eax, dword ptr fs:[00000030h]1_2_032AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE6F2 mov eax, dword ptr fs:[00000030h]1_2_032AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE6F2 mov eax, dword ptr fs:[00000030h]1_2_032AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE6F2 mov eax, dword ptr fs:[00000030h]1_2_032AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B06F1 mov eax, dword ptr fs:[00000030h]1_2_032B06F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B06F1 mov eax, dword ptr fs:[00000030h]1_2_032B06F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A6C7 mov ebx, dword ptr fs:[00000030h]1_2_0326A6C7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A6C7 mov eax, dword ptr fs:[00000030h]1_2_0326A6C7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240535 mov eax, dword ptr fs:[00000030h]1_2_03240535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240535 mov eax, dword ptr fs:[00000030h]1_2_03240535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240535 mov eax, dword ptr fs:[00000030h]1_2_03240535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240535 mov eax, dword ptr fs:[00000030h]1_2_03240535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240535 mov eax, dword ptr fs:[00000030h]1_2_03240535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240535 mov eax, dword ptr fs:[00000030h]1_2_03240535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E53E mov eax, dword ptr fs:[00000030h]1_2_0325E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E53E mov eax, dword ptr fs:[00000030h]1_2_0325E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E53E mov eax, dword ptr fs:[00000030h]1_2_0325E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E53E mov eax, dword ptr fs:[00000030h]1_2_0325E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E53E mov eax, dword ptr fs:[00000030h]1_2_0325E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C6500 mov eax, dword ptr fs:[00000030h]1_2_032C6500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304500 mov eax, dword ptr fs:[00000030h]1_2_03304500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304500 mov eax, dword ptr fs:[00000030h]1_2_03304500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304500 mov eax, dword ptr fs:[00000030h]1_2_03304500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304500 mov eax, dword ptr fs:[00000030h]1_2_03304500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304500 mov eax, dword ptr fs:[00000030h]1_2_03304500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304500 mov eax, dword ptr fs:[00000030h]1_2_03304500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304500 mov eax, dword ptr fs:[00000030h]1_2_03304500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326656A mov eax, dword ptr fs:[00000030h]1_2_0326656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326656A mov eax, dword ptr fs:[00000030h]1_2_0326656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326656A mov eax, dword ptr fs:[00000030h]1_2_0326656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03238550 mov eax, dword ptr fs:[00000030h]1_2_03238550
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03238550 mov eax, dword ptr fs:[00000030h]1_2_03238550
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B05A7 mov eax, dword ptr fs:[00000030h]1_2_032B05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B05A7 mov eax, dword ptr fs:[00000030h]1_2_032B05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B05A7 mov eax, dword ptr fs:[00000030h]1_2_032B05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032545B1 mov eax, dword ptr fs:[00000030h]1_2_032545B1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032545B1 mov eax, dword ptr fs:[00000030h]1_2_032545B1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03232582 mov eax, dword ptr fs:[00000030h]1_2_03232582
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03232582 mov ecx, dword ptr fs:[00000030h]1_2_03232582
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03264588 mov eax, dword ptr fs:[00000030h]1_2_03264588
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E59C mov eax, dword ptr fs:[00000030h]1_2_0326E59C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E5E7 mov eax, dword ptr fs:[00000030h]1_2_0325E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E5E7 mov eax, dword ptr fs:[00000030h]1_2_0325E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E5E7 mov eax, dword ptr fs:[00000030h]1_2_0325E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E5E7 mov eax, dword ptr fs:[00000030h]1_2_0325E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E5E7 mov eax, dword ptr fs:[00000030h]1_2_0325E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E5E7 mov eax, dword ptr fs:[00000030h]1_2_0325E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E5E7 mov eax, dword ptr fs:[00000030h]1_2_0325E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325E5E7 mov eax, dword ptr fs:[00000030h]1_2_0325E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032325E0 mov eax, dword ptr fs:[00000030h]1_2_032325E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326C5ED mov eax, dword ptr fs:[00000030h]1_2_0326C5ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326C5ED mov eax, dword ptr fs:[00000030h]1_2_0326C5ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E5CF mov eax, dword ptr fs:[00000030h]1_2_0326E5CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E5CF mov eax, dword ptr fs:[00000030h]1_2_0326E5CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032365D0 mov eax, dword ptr fs:[00000030h]1_2_032365D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A5D0 mov eax, dword ptr fs:[00000030h]1_2_0326A5D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A5D0 mov eax, dword ptr fs:[00000030h]1_2_0326A5D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322E420 mov eax, dword ptr fs:[00000030h]1_2_0322E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322E420 mov eax, dword ptr fs:[00000030h]1_2_0322E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322E420 mov eax, dword ptr fs:[00000030h]1_2_0322E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322C427 mov eax, dword ptr fs:[00000030h]1_2_0322C427
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B6420 mov eax, dword ptr fs:[00000030h]1_2_032B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B6420 mov eax, dword ptr fs:[00000030h]1_2_032B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B6420 mov eax, dword ptr fs:[00000030h]1_2_032B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B6420 mov eax, dword ptr fs:[00000030h]1_2_032B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B6420 mov eax, dword ptr fs:[00000030h]1_2_032B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B6420 mov eax, dword ptr fs:[00000030h]1_2_032B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B6420 mov eax, dword ptr fs:[00000030h]1_2_032B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A430 mov eax, dword ptr fs:[00000030h]1_2_0326A430
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03268402 mov eax, dword ptr fs:[00000030h]1_2_03268402
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03268402 mov eax, dword ptr fs:[00000030h]1_2_03268402
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03268402 mov eax, dword ptr fs:[00000030h]1_2_03268402
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BC460 mov ecx, dword ptr fs:[00000030h]1_2_032BC460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325A470 mov eax, dword ptr fs:[00000030h]1_2_0325A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325A470 mov eax, dword ptr fs:[00000030h]1_2_0325A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325A470 mov eax, dword ptr fs:[00000030h]1_2_0325A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E443 mov eax, dword ptr fs:[00000030h]1_2_0326E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E443 mov eax, dword ptr fs:[00000030h]1_2_0326E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E443 mov eax, dword ptr fs:[00000030h]1_2_0326E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E443 mov eax, dword ptr fs:[00000030h]1_2_0326E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E443 mov eax, dword ptr fs:[00000030h]1_2_0326E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E443 mov eax, dword ptr fs:[00000030h]1_2_0326E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E443 mov eax, dword ptr fs:[00000030h]1_2_0326E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326E443 mov eax, dword ptr fs:[00000030h]1_2_0326E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EA456 mov eax, dword ptr fs:[00000030h]1_2_032EA456
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322645D mov eax, dword ptr fs:[00000030h]1_2_0322645D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325245A mov eax, dword ptr fs:[00000030h]1_2_0325245A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032364AB mov eax, dword ptr fs:[00000030h]1_2_032364AB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032644B0 mov ecx, dword ptr fs:[00000030h]1_2_032644B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BA4B0 mov eax, dword ptr fs:[00000030h]1_2_032BA4B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032EA49A mov eax, dword ptr fs:[00000030h]1_2_032EA49A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032304E5 mov ecx, dword ptr fs:[00000030h]1_2_032304E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325EB20 mov eax, dword ptr fs:[00000030h]1_2_0325EB20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325EB20 mov eax, dword ptr fs:[00000030h]1_2_0325EB20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F8B28 mov eax, dword ptr fs:[00000030h]1_2_032F8B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032F8B28 mov eax, dword ptr fs:[00000030h]1_2_032F8B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304B00 mov eax, dword ptr fs:[00000030h]1_2_03304B00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AEB1D mov eax, dword ptr fs:[00000030h]1_2_032AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AEB1D mov eax, dword ptr fs:[00000030h]1_2_032AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AEB1D mov eax, dword ptr fs:[00000030h]1_2_032AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AEB1D mov eax, dword ptr fs:[00000030h]1_2_032AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AEB1D mov eax, dword ptr fs:[00000030h]1_2_032AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AEB1D mov eax, dword ptr fs:[00000030h]1_2_032AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AEB1D mov eax, dword ptr fs:[00000030h]1_2_032AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AEB1D mov eax, dword ptr fs:[00000030h]1_2_032AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AEB1D mov eax, dword ptr fs:[00000030h]1_2_032AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0322CB7E mov eax, dword ptr fs:[00000030h]1_2_0322CB7E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E4B4B mov eax, dword ptr fs:[00000030h]1_2_032E4B4B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E4B4B mov eax, dword ptr fs:[00000030h]1_2_032E4B4B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03302B57 mov eax, dword ptr fs:[00000030h]1_2_03302B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03302B57 mov eax, dword ptr fs:[00000030h]1_2_03302B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03302B57 mov eax, dword ptr fs:[00000030h]1_2_03302B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03302B57 mov eax, dword ptr fs:[00000030h]1_2_03302B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C6B40 mov eax, dword ptr fs:[00000030h]1_2_032C6B40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C6B40 mov eax, dword ptr fs:[00000030h]1_2_032C6B40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FAB40 mov eax, dword ptr fs:[00000030h]1_2_032FAB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D8B42 mov eax, dword ptr fs:[00000030h]1_2_032D8B42
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03228B50 mov eax, dword ptr fs:[00000030h]1_2_03228B50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DEB50 mov eax, dword ptr fs:[00000030h]1_2_032DEB50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240BBE mov eax, dword ptr fs:[00000030h]1_2_03240BBE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240BBE mov eax, dword ptr fs:[00000030h]1_2_03240BBE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E4BB0 mov eax, dword ptr fs:[00000030h]1_2_032E4BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032E4BB0 mov eax, dword ptr fs:[00000030h]1_2_032E4BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03238BF0 mov eax, dword ptr fs:[00000030h]1_2_03238BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03238BF0 mov eax, dword ptr fs:[00000030h]1_2_03238BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03238BF0 mov eax, dword ptr fs:[00000030h]1_2_03238BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325EBFC mov eax, dword ptr fs:[00000030h]1_2_0325EBFC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BCBF0 mov eax, dword ptr fs:[00000030h]1_2_032BCBF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03250BCB mov eax, dword ptr fs:[00000030h]1_2_03250BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03250BCB mov eax, dword ptr fs:[00000030h]1_2_03250BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03250BCB mov eax, dword ptr fs:[00000030h]1_2_03250BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03230BCD mov eax, dword ptr fs:[00000030h]1_2_03230BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03230BCD mov eax, dword ptr fs:[00000030h]1_2_03230BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03230BCD mov eax, dword ptr fs:[00000030h]1_2_03230BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DEBD0 mov eax, dword ptr fs:[00000030h]1_2_032DEBD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326CA24 mov eax, dword ptr fs:[00000030h]1_2_0326CA24
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0325EA2E mov eax, dword ptr fs:[00000030h]1_2_0325EA2E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03254A35 mov eax, dword ptr fs:[00000030h]1_2_03254A35
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03254A35 mov eax, dword ptr fs:[00000030h]1_2_03254A35
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326CA38 mov eax, dword ptr fs:[00000030h]1_2_0326CA38
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BCA11 mov eax, dword ptr fs:[00000030h]1_2_032BCA11
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326CA6F mov eax, dword ptr fs:[00000030h]1_2_0326CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326CA6F mov eax, dword ptr fs:[00000030h]1_2_0326CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326CA6F mov eax, dword ptr fs:[00000030h]1_2_0326CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DEA60 mov eax, dword ptr fs:[00000030h]1_2_032DEA60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032ACA72 mov eax, dword ptr fs:[00000030h]1_2_032ACA72
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032ACA72 mov eax, dword ptr fs:[00000030h]1_2_032ACA72
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236A50 mov eax, dword ptr fs:[00000030h]1_2_03236A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236A50 mov eax, dword ptr fs:[00000030h]1_2_03236A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236A50 mov eax, dword ptr fs:[00000030h]1_2_03236A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236A50 mov eax, dword ptr fs:[00000030h]1_2_03236A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236A50 mov eax, dword ptr fs:[00000030h]1_2_03236A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236A50 mov eax, dword ptr fs:[00000030h]1_2_03236A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03236A50 mov eax, dword ptr fs:[00000030h]1_2_03236A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240A5B mov eax, dword ptr fs:[00000030h]1_2_03240A5B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03240A5B mov eax, dword ptr fs:[00000030h]1_2_03240A5B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03238AA0 mov eax, dword ptr fs:[00000030h]1_2_03238AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03238AA0 mov eax, dword ptr fs:[00000030h]1_2_03238AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03286AA4 mov eax, dword ptr fs:[00000030h]1_2_03286AA4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA80 mov eax, dword ptr fs:[00000030h]1_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA80 mov eax, dword ptr fs:[00000030h]1_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA80 mov eax, dword ptr fs:[00000030h]1_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA80 mov eax, dword ptr fs:[00000030h]1_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA80 mov eax, dword ptr fs:[00000030h]1_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA80 mov eax, dword ptr fs:[00000030h]1_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA80 mov eax, dword ptr fs:[00000030h]1_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA80 mov eax, dword ptr fs:[00000030h]1_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323EA80 mov eax, dword ptr fs:[00000030h]1_2_0323EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304A80 mov eax, dword ptr fs:[00000030h]1_2_03304A80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03268A90 mov edx, dword ptr fs:[00000030h]1_2_03268A90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326AAEE mov eax, dword ptr fs:[00000030h]1_2_0326AAEE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326AAEE mov eax, dword ptr fs:[00000030h]1_2_0326AAEE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03286ACC mov eax, dword ptr fs:[00000030h]1_2_03286ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03286ACC mov eax, dword ptr fs:[00000030h]1_2_03286ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03286ACC mov eax, dword ptr fs:[00000030h]1_2_03286ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03230AD0 mov eax, dword ptr fs:[00000030h]1_2_03230AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03264AD0 mov eax, dword ptr fs:[00000030h]1_2_03264AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03264AD0 mov eax, dword ptr fs:[00000030h]1_2_03264AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B892A mov eax, dword ptr fs:[00000030h]1_2_032B892A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C892B mov eax, dword ptr fs:[00000030h]1_2_032C892B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE908 mov eax, dword ptr fs:[00000030h]1_2_032AE908
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032AE908 mov eax, dword ptr fs:[00000030h]1_2_032AE908
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BC912 mov eax, dword ptr fs:[00000030h]1_2_032BC912
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03228918 mov eax, dword ptr fs:[00000030h]1_2_03228918
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03228918 mov eax, dword ptr fs:[00000030h]1_2_03228918
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03256962 mov eax, dword ptr fs:[00000030h]1_2_03256962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03256962 mov eax, dword ptr fs:[00000030h]1_2_03256962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03256962 mov eax, dword ptr fs:[00000030h]1_2_03256962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0327096E mov eax, dword ptr fs:[00000030h]1_2_0327096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0327096E mov edx, dword ptr fs:[00000030h]1_2_0327096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0327096E mov eax, dword ptr fs:[00000030h]1_2_0327096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D4978 mov eax, dword ptr fs:[00000030h]1_2_032D4978
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D4978 mov eax, dword ptr fs:[00000030h]1_2_032D4978
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BC97C mov eax, dword ptr fs:[00000030h]1_2_032BC97C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B0946 mov eax, dword ptr fs:[00000030h]1_2_032B0946
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03304940 mov eax, dword ptr fs:[00000030h]1_2_03304940
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032429A0 mov eax, dword ptr fs:[00000030h]1_2_032429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032309AD mov eax, dword ptr fs:[00000030h]1_2_032309AD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032309AD mov eax, dword ptr fs:[00000030h]1_2_032309AD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B89B3 mov esi, dword ptr fs:[00000030h]1_2_032B89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B89B3 mov eax, dword ptr fs:[00000030h]1_2_032B89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032B89B3 mov eax, dword ptr fs:[00000030h]1_2_032B89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BE9E0 mov eax, dword ptr fs:[00000030h]1_2_032BE9E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032629F9 mov eax, dword ptr fs:[00000030h]1_2_032629F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032629F9 mov eax, dword ptr fs:[00000030h]1_2_032629F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032C69C0 mov eax, dword ptr fs:[00000030h]1_2_032C69C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A9D0 mov eax, dword ptr fs:[00000030h]1_2_0323A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A9D0 mov eax, dword ptr fs:[00000030h]1_2_0323A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A9D0 mov eax, dword ptr fs:[00000030h]1_2_0323A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A9D0 mov eax, dword ptr fs:[00000030h]1_2_0323A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A9D0 mov eax, dword ptr fs:[00000030h]1_2_0323A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0323A9D0 mov eax, dword ptr fs:[00000030h]1_2_0323A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032649D0 mov eax, dword ptr fs:[00000030h]1_2_032649D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032FA9D3 mov eax, dword ptr fs:[00000030h]1_2_032FA9D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03252835 mov eax, dword ptr fs:[00000030h]1_2_03252835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03252835 mov eax, dword ptr fs:[00000030h]1_2_03252835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03252835 mov eax, dword ptr fs:[00000030h]1_2_03252835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03252835 mov ecx, dword ptr fs:[00000030h]1_2_03252835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03252835 mov eax, dword ptr fs:[00000030h]1_2_03252835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03252835 mov eax, dword ptr fs:[00000030h]1_2_03252835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0326A830 mov eax, dword ptr fs:[00000030h]1_2_0326A830
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D483A mov eax, dword ptr fs:[00000030h]1_2_032D483A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D483A mov eax, dword ptr fs:[00000030h]1_2_032D483A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BC810 mov eax, dword ptr fs:[00000030h]1_2_032BC810
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032BE872 mov eax, dword ptr fs:[00000030h]1_2_032BE872
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B081D4 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00B081D4
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADA2A4 SetUnhandledExceptionFilter,0_2_00ADA2A4
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00ADA2D5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00ADA2D5

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2710008Jump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B08A73 LogonUserW,0_2_00B08A73
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AB3B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00AB3B4C
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AB4A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00AB4A35
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B14CFA mouse_event,0_2_00B14CFA
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe"Jump to behavior
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B081D4 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00B081D4
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B14A08 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00B14A08
          Source: z37CurriculumVitaeIsabelGonzalez.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
          Source: z37CurriculumVitaeIsabelGonzalez.exeBinary or memory string: Shell_TrayWnd
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AD87AB cpuid 0_2_00AD87AB
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AE5007 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00AE5007
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AF215F GetUserNameW,0_2_00AF215F
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AE40BA __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00AE40BA
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00AB4AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AB4AFE

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.2351028222.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.2351306500.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: z37CurriculumVitaeIsabelGonzalez.exeBinary or memory string: WIN_81
          Source: z37CurriculumVitaeIsabelGonzalez.exeBinary or memory string: WIN_XP
          Source: z37CurriculumVitaeIsabelGonzalez.exeBinary or memory string: WIN_XPe
          Source: z37CurriculumVitaeIsabelGonzalez.exeBinary or memory string: WIN_VISTA
          Source: z37CurriculumVitaeIsabelGonzalez.exeBinary or memory string: WIN_7
          Source: z37CurriculumVitaeIsabelGonzalez.exeBinary or memory string: WIN_8
          Source: z37CurriculumVitaeIsabelGonzalez.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.2351028222.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.2351306500.0000000003080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B26399 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00B26399
          Source: C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exeCode function: 0_2_00B2685D socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00B2685D
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure2
          Valid Accounts
          1
          Native API
          2
          Valid Accounts
          2
          Valid Accounts
          2
          Valid Accounts
          21
          Input Capture
          2
          System Time Discovery
          Remote Services21
          Input Capture
          1
          Encrypted Channel
          Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          DLL Side-Loading
          1
          Exploitation for Privilege Escalation
          1
          Disable or Modify Tools
          LSASS Memory15
          Security Software Discovery
          Remote Desktop Protocol1
          Archive Collected Data
          1
          Ingress Tool Transfer
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)21
          Access Token Manipulation
          2
          Virtualization/Sandbox Evasion
          Security Account Manager2
          Virtualization/Sandbox Evasion
          SMB/Windows Admin Shares3
          Clipboard Data
          SteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook212
          Process Injection
          21
          Access Token Manipulation
          NTDS3
          Process Discovery
          Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
          DLL Side-Loading
          212
          Process Injection
          LSA Secrets1
          Application Window Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Deobfuscate/Decode Files or Information
          Cached Domain Credentials1
          Account Discovery
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
          Obfuscated Files or Information
          DCSync1
          System Owner/User Discovery
          Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading
          Proc Filesystem1
          File and Directory Discovery
          Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow115
          System Information Discovery
          Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          z37CurriculumVitaeIsabelGonzalez.exe21%ReversingLabsWin32.Trojan.AutoitInject
          z37CurriculumVitaeIsabelGonzalez.exe100%Joe Sandbox ML
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          No contacted domains info
          No contacted IP infos
          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1579936
          Start date and time:2024-12-23 16:07:40 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 7m 16s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Run name:Run with higher sleep bypass
          Number of analysed new started processes analysed:6
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:z37CurriculumVitaeIsabelGonzalez.exe
          Detection:MAL
          Classification:mal80.troj.evad.winEXE@3/4@0/0
          EGA Information:
          • Successful, ratio: 100%
          HCA Information:
          • Successful, ratio: 98%
          • Number of executed functions: 59
          • Number of non-executed functions: 272
          Cookbook Comments:
          • Found application associated with file extension: .exe
          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
          • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing disassembly code.
          • VT rate limit hit for: z37CurriculumVitaeIsabelGonzalez.exe
          No simulations
          No context
          No context
          No context
          No context
          No context
          Process:C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe
          File Type:ASCII text, with very long lines (65536), with no line terminators
          Category:dropped
          Size (bytes):172054
          Entropy (8bit):3.181092087628872
          Encrypted:false
          SSDEEP:48:sb3feqfCpfS6ftqfA0f9fWf9fZ1fi20fq0fFfY6fofi51fK0fi0fCfZ1fK0f70fL:iaNhCHcZLfaDfJQNy7Ha6yCkJ0FZIklX
          MD5:7063D89C64D778F86C16A9E343488B56
          SHA1:5BD12F313C58BCFF01342F4AC689F60E3D41A461
          SHA-256:DF6AED00078DB8C50D34BF629513B66077F2751E0378E7F3045EC9A79144EB5C
          SHA-512:69BC4FE51C3AD8C765A1F21534A708CA308C5584BF27DDC9511C1483882E91C28694D7E8562FFDF303C5A8655B3240154478361269ACBEC60483B1AE23DDDE9C
          Malicious:false
          Reputation:low
          Preview:hixjs0hixjsxhixjs5hixjs5hixjs8hixjsbhixjsehixjschixjs8hixjs1hixjsehixjschixjschixjschixjs0hixjs2hixjs0hixjs0hixjs0hixjs0hixjs5hixjs6hixjs5hixjs7hixjsbhixjs8hixjs6hixjsbhixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjs5hixjs8hixjs4hixjsbhixjs9hixjs6hixjs5hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjsdhixjs8hixjs6hixjsbhixjsahixjs7hixjs2hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs5hixjs5hixjs8hixjs8hixjsbhixjs8hixjs6hixjsehixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjs5hixjs8hixjsahixjsbhixjs9hixjs6hixjs5hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjsdhixjs8hixjschixjsbhixjsahixjs6hixjschixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs5hixjs5hixjs8hixjsehixjsbhixjs8hixjs3hixjs3hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjs5hixjs9hixjs0hixjsbhixjs9hixjs3hixjs2hixjs0hixjs0hixjs0hixjs0hixjs0hixjs0hixjs6hixjs6hixjs8hixjs9hixjs4hixjsdhixj
          Process:C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe
          File Type:data
          Category:dropped
          Size (bytes):15020
          Entropy (8bit):7.581048659255774
          Encrypted:false
          SSDEEP:384:M9/RwgFdNQgZsxLOxw37junLf45nP/0w5blUYd9Gpp:MR/fQgOOQfgcnPceBBqpp
          MD5:692ECBDB4E6518580D2CFD455000E13E
          SHA1:2AA74C276B06DD7C2F70FA9743817B48AD7B8227
          SHA-256:FBE8DA0F7751B56809C51B6E071F29233E7985E7898A8AE968EF75DC19D07532
          SHA-512:E8E50FDA706BD372644681CC9624891ABBE6749BCB47C9CC20571A06240993333EF3C0D9D8D96D832CDBA82D2DC595DF496B4E4A33CDE7D29300CEC83518414A
          Malicious:false
          Reputation:low
          Preview:EA06.....Zo.........SP.n......5e...`.....|....T...3...(.6&.....9vp.=...G.....7@..9......$..k...........c}V.....?.P...p...Y@Q?.{..'..c.D.&.N. .'.9e.D.&`...D..' ...D...s...D...S.(......sP...h...M.Q?.y..G.c.D....Q.......O......60..........vh...0.7..!.....)^...t.C........$..C......l>[......!....|.0...&d.....Hz..a....l?..uo.....P......V0....j......|......l.....A.?.. Bg.8.l.E..Ed.L...?.. Bg.....Y..>@.............@..'.....8|.?..u.........l. O..]e...O..!e...& ....#s.......3.Y....9.......9..M.7?............l?...F..........C7....g .........x2..8.a...?..j..+4.....W?..j....Y..M. ?.0....Q...d}S0{.......M.".@...Z........V....n.....Q>...'.N...r..(.-........0W.........(....... 6..p.....6zh......?.....O8....lCN....i..?..8}@L..E.i.....61...f#q....>.N....4..M.Q?.q.........D..0N..V.A..M.>K0i..d.h.&...%.Y...|.*..<..aw.].3c..H.@B?...G..1...' ....k|.A.O..#.....}V`....#..H|.P!..d....0z....Y..>K..G.*/....G.7c.H..b....W..1....?.01..b.!...@.?..o.F|....p9......S.!..nb.!....zb0..
          Process:C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe
          File Type:data
          Category:dropped
          Size (bytes):288256
          Entropy (8bit):7.995202592634109
          Encrypted:true
          SSDEEP:6144:393Zj6+FcjIyG1k31pByg4OKq4+x85cqCUv7VwbE5KrQC:39pj6w8H3XByXn+x85VCUD2okMC
          MD5:A05BCA2EC1756C2A2F7782C98DA1B0C3
          SHA1:1850C225BC149BD8B584074DA12D4B42BB6E7AD3
          SHA-256:398D51B21AA49DF70D71469DBFEA4B3DBD1D38771742647DC15C3B713FF3A708
          SHA-512:CC30F2CE486C982737736293D5CE44F70D6D57137E2BD878DA88864F93E31580EDE897A02C737E303FB0BA704B4B56C4C82D2C6B8FE235B15630C52BF372DE39
          Malicious:false
          Reputation:low
          Preview:...7ESLSRU38..8Q.0R6YCZ7.SLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6.CZ7HL.]V.:.m.9....^00zG4<+!78.[-/V>7.0Sy1/Yf:"s..`.!.\4m=_<}CZ7FSLS/T:.q!_.~P5.d#=.\..l5T.V..P5.C...z3+..<PPq!_.C0R6YCZ7..LS.T28%..1C0R6YCZ7.SNR]T88L.<QC0R6YCZ76GLSVE38L1<QC0.6YSZ7FQLSPU38LA8QE0R6YCZ7F#HSVW38LA8QA0..YCJ7FCLSVU#8LQ8QC0R6ICZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38b5])70R6..^7FCLSV.78LQ8QC0R6YCZ7FSLSvU3XLA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6
          Process:C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe
          File Type:data
          Category:dropped
          Size (bytes):288256
          Entropy (8bit):7.995202592634109
          Encrypted:true
          SSDEEP:6144:393Zj6+FcjIyG1k31pByg4OKq4+x85cqCUv7VwbE5KrQC:39pj6w8H3XByXn+x85VCUD2okMC
          MD5:A05BCA2EC1756C2A2F7782C98DA1B0C3
          SHA1:1850C225BC149BD8B584074DA12D4B42BB6E7AD3
          SHA-256:398D51B21AA49DF70D71469DBFEA4B3DBD1D38771742647DC15C3B713FF3A708
          SHA-512:CC30F2CE486C982737736293D5CE44F70D6D57137E2BD878DA88864F93E31580EDE897A02C737E303FB0BA704B4B56C4C82D2C6B8FE235B15630C52BF372DE39
          Malicious:false
          Reputation:low
          Preview:...7ESLSRU38..8Q.0R6YCZ7.SLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6.CZ7HL.]V.:.m.9....^00zG4<+!78.[-/V>7.0Sy1/Yf:"s..`.!.\4m=_<}CZ7FSLS/T:.q!_.~P5.d#=.\..l5T.V..P5.C...z3+..<PPq!_.C0R6YCZ7..LS.T28%..1C0R6YCZ7.SNR]T88L.<QC0R6YCZ76GLSVE38L1<QC0.6YSZ7FQLSPU38LA8QE0R6YCZ7F#HSVW38LA8QA0..YCJ7FCLSVU#8LQ8QC0R6ICZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38b5])70R6..^7FCLSV.78LQ8QC0R6YCZ7FSLSvU3XLA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6YCZ7FSLSVU38LA8QC0R6
          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):7.164331304312863
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:z37CurriculumVitaeIsabelGonzalez.exe
          File size:1'183'232 bytes
          MD5:cebc14097108206cf2149465b7ac4a23
          SHA1:033a1ef67618c81ecc07d2be9816c387e00226c2
          SHA256:59f94ff9fa02e65e2ccaa22af592a32088ed265f82b43a369ef811150f65b381
          SHA512:f7bd2f64c567aa09aeec24659213862a020e5b6ecffa517487bacdf0c14d73d4d7734eca104adfc7d98d0a99a9f2710b3f76c56f61115c4206421e6cc7353604
          SSDEEP:24576:aCdxte/80jYLT3U1jfsWatZ6Wy2Gh8j6/6VKQ:7w80cTsjkWatZ612Gh8jH
          TLSH:DA45CE2273DDC371CB769173BF6AB7012EBB78610630B85B1F881D7DA950161262DBA3
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..
          Icon Hash:aaf3e3e3938382a0
          Entrypoint:0x427f4a
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
          Time Stamp:0x67696D79 [Mon Dec 23 14:02:33 2024 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:1
          File Version Major:5
          File Version Minor:1
          Subsystem Version Major:5
          Subsystem Version Minor:1
          Import Hash:afcdf79be1557326c854b6e20cb900a7
          Instruction
          call 00007EFDA4F07D4Dh
          jmp 00007EFDA4EFAB14h
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          int3
          push edi
          push esi
          mov esi, dword ptr [esp+10h]
          mov ecx, dword ptr [esp+14h]
          mov edi, dword ptr [esp+0Ch]
          mov eax, ecx
          mov edx, ecx
          add eax, esi
          cmp edi, esi
          jbe 00007EFDA4EFAC9Ah
          cmp edi, eax
          jc 00007EFDA4EFAFFEh
          bt dword ptr [004C31FCh], 01h
          jnc 00007EFDA4EFAC99h
          rep movsb
          jmp 00007EFDA4EFAFACh
          cmp ecx, 00000080h
          jc 00007EFDA4EFAE64h
          mov eax, edi
          xor eax, esi
          test eax, 0000000Fh
          jne 00007EFDA4EFACA0h
          bt dword ptr [004BE324h], 01h
          jc 00007EFDA4EFB170h
          bt dword ptr [004C31FCh], 00000000h
          jnc 00007EFDA4EFAE3Dh
          test edi, 00000003h
          jne 00007EFDA4EFAE4Eh
          test esi, 00000003h
          jne 00007EFDA4EFAE2Dh
          bt edi, 02h
          jnc 00007EFDA4EFAC9Fh
          mov eax, dword ptr [esi]
          sub ecx, 04h
          lea esi, dword ptr [esi+04h]
          mov dword ptr [edi], eax
          lea edi, dword ptr [edi+04h]
          bt edi, 03h
          jnc 00007EFDA4EFACA3h
          movq xmm1, qword ptr [esi]
          sub ecx, 08h
          lea esi, dword ptr [esi+08h]
          movq qword ptr [edi], xmm1
          lea edi, dword ptr [edi+08h]
          test esi, 00000007h
          je 00007EFDA4EFACF5h
          bt esi, 03h
          Programming Language:
          • [ASM] VS2013 build 21005
          • [ C ] VS2013 build 21005
          • [C++] VS2013 build 21005
          • [ C ] VS2008 SP1 build 30729
          • [IMP] VS2008 SP1 build 30729
          • [ASM] VS2013 UPD5 build 40629
          • [RES] VS2013 build 21005
          • [LNK] VS2013 UPD5 build 40629
          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xba44c0x17c.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x58508.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1200000x7130.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa48700x40.rdata
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x8dd2e0x8de00c2c2260508750422d20cd5cbb116b146False0.5729952505506608data6.675875439961112IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0x8f0000x2e10e0x2e2004513b58651e3d8d87c81a396e5b2f1d1False0.3353340955284553OpenPGP Public Key5.760731648769018IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0xbe0000x8f740x5200c2de4a3d214eae7e87c7bfc06bd79775False0.1017530487804878data1.1988106744719143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .rsrc0xc70000x585080x58600bc78d3fb726e1ed1f05b3175aaa7ead9False0.9255353827793493data7.888738586332471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x1200000x71300x72001254908a9a03d2bcf12045d49cd572b9False0.7703536184210527data6.782377328042204IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0xc75a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
          RT_ICON0xc76d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
          RT_ICON0xc77f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
          RT_ICON0xc79200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
          RT_ICON0xc7c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
          RT_ICON0xc7d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
          RT_ICON0xc8bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
          RT_ICON0xc94800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
          RT_ICON0xc99e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
          RT_ICON0xcbf900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
          RT_ICON0xcd0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
          RT_MENU0xcd4a00x50dataEnglishGreat Britain0.9
          RT_STRING0xcd4f00x594dataEnglishGreat Britain0.3333333333333333
          RT_STRING0xcda840x68adataEnglishGreat Britain0.2747909199522103
          RT_STRING0xce1100x490dataEnglishGreat Britain0.3715753424657534
          RT_STRING0xce5a00x5fcdataEnglishGreat Britain0.3087467362924282
          RT_STRING0xceb9c0x65cdataEnglishGreat Britain0.34336609336609336
          RT_STRING0xcf1f80x466dataEnglishGreat Britain0.3605683836589698
          RT_STRING0xcf6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
          RT_RCDATA0xcf7b80x4f7cedata1.0003255708239398
          RT_GROUP_ICON0x11ef880x76dataEnglishGreat Britain0.6610169491525424
          RT_GROUP_ICON0x11f0000x14dataEnglishGreat Britain1.25
          RT_GROUP_ICON0x11f0140x14dataEnglishGreat Britain1.15
          RT_GROUP_ICON0x11f0280x14dataEnglishGreat Britain1.25
          RT_VERSION0x11f03c0xdcdataEnglishGreat Britain0.6181818181818182
          RT_MANIFEST0x11f1180x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
          DLLImport
          WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
          VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
          MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
          WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
          PSAPI.DLLGetProcessMemoryInfo
          IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
          USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
          UxTheme.dllIsThemeActive
          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
          USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
          GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
          COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
          SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
          OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit
          Language of compilation systemCountry where language is spokenMap
          EnglishGreat Britain
          No network behavior found

          Click to jump to process

          Click to jump to process

          Click to dive into process behavior distribution

          Click to jump to process

          Target ID:0
          Start time:10:08:32
          Start date:23/12/2024
          Path:C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe"
          Imagebase:0xab0000
          File size:1'183'232 bytes
          MD5 hash:CEBC14097108206CF2149465B7AC4A23
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low
          Has exited:true

          Target ID:1
          Start time:10:08:33
          Start date:23/12/2024
          Path:C:\Windows\SysWOW64\svchost.exe
          Wow64 process (32bit):true
          Commandline:"C:\Users\user\Desktop\z37CurriculumVitaeIsabelGonzalez.exe"
          Imagebase:0x520000
          File size:46'504 bytes
          MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2351028222.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2351306500.0000000003080000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
          Reputation:high
          Has exited:true

          Reset < >

            Execution Graph

            Execution Coverage:4%
            Dynamic/Decrypted Code Coverage:1.3%
            Signature Coverage:4.6%
            Total number of Nodes:2000
            Total number of Limit Nodes:32
            execution_graph 97484 abe70b 97487 abd260 97484->97487 97486 abe719 97488 abd27d 97487->97488 97489 abd4dd 97487->97489 97490 af29ea 97488->97490 97491 af2a39 97488->97491 97519 abd2a4 97488->97519 97502 abd6ab 97489->97502 97576 b19ed4 89 API calls 4 library calls 97489->97576 97494 af29ed 97490->97494 97500 af2a08 97490->97500 97567 b2a4fb 331 API calls __cinit 97491->97567 97495 af29f9 97494->97495 97494->97519 97565 b2ab0f 331 API calls 97495->97565 97499 af2c0e 97499->97499 97500->97489 97566 b2afb7 331 API calls 3 library calls 97500->97566 97501 abd594 97556 ab8bb2 68 API calls 97501->97556 97502->97486 97506 abd5a3 97506->97486 97507 af2b55 97575 b2a866 89 API calls 97507->97575 97519->97489 97519->97501 97519->97502 97519->97507 97521 ab8620 97519->97521 97525 ab88a0 97519->97525 97532 ab86a2 68 API calls 97519->97532 97533 aba000 97519->97533 97557 ab859a 68 API calls 97519->97557 97558 abd0dc 331 API calls 97519->97558 97559 ab9f3a 59 API calls Mailbox 97519->97559 97560 ad2ec0 97519->97560 97563 abd060 89 API calls 97519->97563 97564 abcedd 331 API calls 97519->97564 97568 ab8bb2 68 API calls 97519->97568 97569 ab9e9c 60 API calls Mailbox 97519->97569 97570 b06ae3 60 API calls 97519->97570 97571 ab81a7 97519->97571 97522 ab862b 97521->97522 97524 ab8652 97522->97524 97577 ab8b13 97522->97577 97524->97519 97526 ab88b3 97525->97526 97527 ab8a81 97525->97527 97528 ab77c7 59 API calls 97526->97528 97531 ab88c4 97526->97531 97527->97519 97529 ab8ae3 97528->97529 97530 ad2ec0 __cinit 67 API calls 97529->97530 97530->97531 97531->97519 97532->97519 97534 aba01f 97533->97534 97551 aba04d Mailbox 97533->97551 97535 ad0f36 Mailbox 59 API calls 97534->97535 97535->97551 97536 abb5d5 97537 ab81a7 59 API calls 97536->97537 97550 aba1b7 97537->97550 97538 b071e5 59 API calls 97538->97551 97539 ad0f36 59 API calls Mailbox 97539->97551 97540 ab77c7 59 API calls 97540->97551 97543 ab81a7 59 API calls 97543->97551 97545 af03ae 97641 b19ed4 89 API calls 4 library calls 97545->97641 97548 af03bd 97548->97519 97549 ad2ec0 67 API calls __cinit 97549->97551 97550->97519 97551->97536 97551->97538 97551->97539 97551->97540 97551->97543 97551->97545 97551->97549 97551->97550 97552 af0d2f 97551->97552 97554 aba6ba 97551->97554 97555 abb5da 97551->97555 97639 abca20 331 API calls 2 library calls 97551->97639 97640 abba60 60 API calls Mailbox 97551->97640 97643 b19ed4 89 API calls 4 library calls 97552->97643 97642 b19ed4 89 API calls 4 library calls 97554->97642 97644 b19ed4 89 API calls 4 library calls 97555->97644 97556->97506 97557->97519 97558->97519 97559->97519 97645 ad2dc4 97560->97645 97562 ad2ecb 97562->97519 97563->97519 97564->97519 97565->97502 97566->97489 97567->97519 97568->97519 97569->97519 97570->97519 97572 ab81ba 97571->97572 97573 ab81b2 97571->97573 97572->97519 97723 ab80d7 59 API calls 2 library calls 97573->97723 97575->97489 97576->97499 97578 ab88a0 68 API calls 97577->97578 97579 ab8b23 97578->97579 97580 ab8b9d 97579->97580 97581 ab8b2d 97579->97581 97610 ab9e9c 60 API calls Mailbox 97580->97610 97593 ad0f36 97581->97593 97584 ab8b3e 97586 ab8b4c 97584->97586 97603 ab77c7 97584->97603 97585 ab8b8d 97585->97524 97588 ab8b5b 97586->97588 97608 ab80d7 59 API calls 2 library calls 97586->97608 97590 ad0f36 Mailbox 59 API calls 97588->97590 97591 ab8b65 97590->97591 97609 ab87c0 68 API calls 97591->97609 97595 ad0f3e 97593->97595 97596 ad0f58 97595->97596 97598 ad0f5c std::exception::exception 97595->97598 97611 ad588c 97595->97611 97628 ad3521 DecodePointer 97595->97628 97596->97584 97629 ad871b RaiseException 97598->97629 97600 ad0f86 97630 ad8651 58 API calls _free 97600->97630 97602 ad0f98 97602->97584 97604 ad0f36 Mailbox 59 API calls 97603->97604 97605 ab77e8 97604->97605 97606 ad0f36 Mailbox 59 API calls 97605->97606 97607 ab77f6 97606->97607 97607->97586 97608->97588 97609->97585 97610->97585 97612 ad5907 97611->97612 97617 ad5898 97611->97617 97637 ad3521 DecodePointer 97612->97637 97614 ad58a3 97614->97617 97631 ada2eb 58 API calls __NMSG_WRITE 97614->97631 97632 ada348 58 API calls 4 library calls 97614->97632 97633 ad321f GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 97614->97633 97615 ad590d 97638 ad8ca8 58 API calls __getptd_noexit 97615->97638 97617->97614 97619 ad58cb RtlAllocateHeap 97617->97619 97622 ad58f3 97617->97622 97626 ad58f1 97617->97626 97634 ad3521 DecodePointer 97617->97634 97619->97617 97621 ad58ff 97619->97621 97621->97595 97635 ad8ca8 58 API calls __getptd_noexit 97622->97635 97636 ad8ca8 58 API calls __getptd_noexit 97626->97636 97628->97595 97629->97600 97630->97602 97631->97614 97632->97614 97634->97617 97635->97626 97636->97621 97637->97615 97638->97621 97639->97551 97640->97551 97641->97548 97642->97550 97643->97555 97644->97550 97646 ad2dd0 _fprintf 97645->97646 97653 ad3397 97646->97653 97652 ad2df7 _fprintf 97652->97562 97670 ad9d8b 97653->97670 97655 ad2dd9 97656 ad2e08 DecodePointer DecodePointer 97655->97656 97657 ad2e35 97656->97657 97658 ad2de5 97656->97658 97657->97658 97716 ad8924 59 API calls __filbuf 97657->97716 97667 ad2e02 97658->97667 97660 ad2e98 EncodePointer EncodePointer 97660->97658 97661 ad2e47 97661->97660 97662 ad2e6c 97661->97662 97717 ad89e4 61 API calls 2 library calls 97661->97717 97662->97658 97665 ad2e86 EncodePointer 97662->97665 97718 ad89e4 61 API calls 2 library calls 97662->97718 97665->97660 97666 ad2e80 97666->97658 97666->97665 97719 ad33a0 97667->97719 97671 ad9d9c 97670->97671 97672 ad9daf EnterCriticalSection 97670->97672 97677 ad9e13 97671->97677 97672->97655 97674 ad9da2 97674->97672 97701 ad3235 58 API calls 3 library calls 97674->97701 97678 ad9e1f _fprintf 97677->97678 97679 ad9e28 97678->97679 97680 ad9e40 97678->97680 97702 ada2eb 58 API calls __NMSG_WRITE 97679->97702 97688 ad9e61 _fprintf 97680->97688 97705 ad899d 58 API calls __malloc_crt 97680->97705 97683 ad9e2d 97703 ada348 58 API calls 4 library calls 97683->97703 97684 ad9e55 97686 ad9e5c 97684->97686 97687 ad9e6b 97684->97687 97706 ad8ca8 58 API calls __getptd_noexit 97686->97706 97691 ad9d8b __lock 58 API calls 97687->97691 97688->97674 97689 ad9e34 97704 ad321f GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 97689->97704 97693 ad9e72 97691->97693 97695 ad9e7f 97693->97695 97696 ad9e97 97693->97696 97707 ad9fab InitializeCriticalSectionAndSpinCount 97695->97707 97708 ad2ed5 97696->97708 97699 ad9e8b 97714 ad9eb3 LeaveCriticalSection _doexit 97699->97714 97702->97683 97703->97689 97705->97684 97706->97688 97707->97699 97709 ad2ede RtlFreeHeap 97708->97709 97710 ad2f07 __dosmaperr 97708->97710 97709->97710 97711 ad2ef3 97709->97711 97710->97699 97715 ad8ca8 58 API calls __getptd_noexit 97711->97715 97713 ad2ef9 GetLastError 97713->97710 97714->97688 97715->97713 97716->97661 97717->97662 97718->97666 97722 ad9ef5 LeaveCriticalSection 97719->97722 97721 ad2e07 97721->97652 97722->97721 97723->97572 97724 ab568a 97731 ab5c18 97724->97731 97729 ab56ba Mailbox 97732 ad0f36 Mailbox 59 API calls 97731->97732 97733 ab5c2b 97732->97733 97734 ad0f36 Mailbox 59 API calls 97733->97734 97735 ab569c 97734->97735 97736 ab5632 97735->97736 97750 ab5a2f 97736->97750 97740 ab5674 97740->97729 97742 ab81c1 MultiByteToWideChar 97740->97742 97741 ab5643 97741->97740 97757 ab5d20 97741->97757 97763 ab5bda 97741->97763 97743 ab822e 97742->97743 97744 ab81e7 97742->97744 97792 ab7eec 97743->97792 97746 ad0f36 Mailbox 59 API calls 97744->97746 97748 ab81fc MultiByteToWideChar 97746->97748 97747 ab8220 97747->97729 97780 ab78ad 97748->97780 97751 aedf95 97750->97751 97752 ab5a40 97750->97752 97772 b06223 59 API calls Mailbox 97751->97772 97752->97741 97754 aedf9f 97755 ad0f36 Mailbox 59 API calls 97754->97755 97756 aedfab 97755->97756 97758 ab5d93 97757->97758 97761 ab5d2e 97757->97761 97773 ab5dae SetFilePointerEx 97758->97773 97760 ab5d56 97760->97741 97761->97760 97762 ab5d66 ReadFile 97761->97762 97762->97760 97762->97761 97764 ab5bee 97763->97764 97765 aee047 97763->97765 97774 ab5b19 97764->97774 97779 b06223 59 API calls Mailbox 97765->97779 97768 ab5bfa 97768->97741 97769 aee052 97770 ad0f36 Mailbox 59 API calls 97769->97770 97771 aee067 _memmove 97770->97771 97772->97754 97773->97761 97775 ab5b31 97774->97775 97778 ab5b2a _memmove 97774->97778 97776 ad0f36 Mailbox 59 API calls 97775->97776 97777 aedfd7 97775->97777 97776->97778 97778->97768 97779->97769 97781 ab792f 97780->97781 97782 ab78bc 97780->97782 97800 ab7e8c 97781->97800 97782->97781 97784 ab78c8 97782->97784 97785 ab78d2 97784->97785 97786 ab7900 97784->97786 97796 ab8087 59 API calls Mailbox 97785->97796 97797 ab8189 97786->97797 97789 ab790a 97791 ad0f36 Mailbox 59 API calls 97789->97791 97790 ab78da _memmove 97790->97747 97791->97790 97793 ab7f06 97792->97793 97795 ab7ef9 97792->97795 97794 ad0f36 Mailbox 59 API calls 97793->97794 97794->97795 97795->97747 97796->97790 97798 ad0f36 Mailbox 59 API calls 97797->97798 97799 ab8193 97798->97799 97799->97789 97801 ab7e9a 97800->97801 97803 ab7ea3 _memmove 97800->97803 97801->97803 97804 ab7faf 97801->97804 97803->97790 97805 ab7fc2 97804->97805 97807 ab7fbf _memmove 97804->97807 97806 ad0f36 Mailbox 59 API calls 97805->97806 97806->97807 97807->97803 97808 d18db0 97822 d16a00 97808->97822 97810 d18e51 97825 d18ca0 97810->97825 97828 d19e80 GetPEB 97822->97828 97824 d1708b 97824->97810 97826 d18ca9 Sleep 97825->97826 97827 d18cb7 97826->97827 97829 d19eaa 97828->97829 97829->97824 97830 d1935b 97833 d18fd0 97830->97833 97832 d193a7 97834 d16a00 GetPEB 97833->97834 97837 d1906f 97834->97837 97836 d190a0 CreateFileW 97836->97837 97843 d190ad 97836->97843 97838 d190c9 VirtualAlloc 97837->97838 97837->97843 97844 d191d0 CloseHandle 97837->97844 97845 d191e0 VirtualFree 97837->97845 97846 d19ee0 GetPEB 97837->97846 97839 d190ea ReadFile 97838->97839 97838->97843 97842 d19108 VirtualAlloc 97839->97842 97839->97843 97840 d192ca 97840->97832 97841 d192bc VirtualFree 97841->97840 97842->97837 97842->97843 97843->97840 97843->97841 97844->97837 97845->97837 97847 d19f0a 97846->97847 97847->97836 97848 ab1066 97853 abf8cf 97848->97853 97850 ab106c 97851 ad2ec0 __cinit 67 API calls 97850->97851 97852 ab1076 97851->97852 97854 abf8f0 97853->97854 97886 ad0083 97854->97886 97858 abf937 97859 ab77c7 59 API calls 97858->97859 97860 abf941 97859->97860 97861 ab77c7 59 API calls 97860->97861 97862 abf94b 97861->97862 97863 ab77c7 59 API calls 97862->97863 97864 abf955 97863->97864 97865 ab77c7 59 API calls 97864->97865 97866 abf993 97865->97866 97867 ab77c7 59 API calls 97866->97867 97868 abfa5e 97867->97868 97896 ac60e7 97868->97896 97872 abfa90 97873 ab77c7 59 API calls 97872->97873 97874 abfa9a 97873->97874 97924 acff1e 97874->97924 97876 abfae1 97877 abfaf1 GetStdHandle 97876->97877 97878 abfb3d 97877->97878 97879 af4904 97877->97879 97881 abfb45 OleInitialize 97878->97881 97879->97878 97880 af490d 97879->97880 97931 b16be1 64 API calls Mailbox 97880->97931 97881->97850 97883 af4914 97932 b172b0 CreateThread 97883->97932 97885 af4920 CloseHandle 97885->97881 97933 ad015c 97886->97933 97889 ad015c 59 API calls 97890 ad00c5 97889->97890 97891 ab77c7 59 API calls 97890->97891 97892 ad00d1 97891->97892 97940 ab7d2c 97892->97940 97894 abf8f6 97895 ad02e2 6 API calls 97894->97895 97895->97858 97897 ab77c7 59 API calls 97896->97897 97898 ac60f7 97897->97898 97899 ab77c7 59 API calls 97898->97899 97900 ac60ff 97899->97900 97950 ac5bfd 97900->97950 97903 ac5bfd 59 API calls 97904 ac610f 97903->97904 97905 ab77c7 59 API calls 97904->97905 97906 ac611a 97905->97906 97907 ad0f36 Mailbox 59 API calls 97906->97907 97908 abfa68 97907->97908 97909 ac6259 97908->97909 97910 ac6267 97909->97910 97911 ab77c7 59 API calls 97910->97911 97912 ac6272 97911->97912 97913 ab77c7 59 API calls 97912->97913 97914 ac627d 97913->97914 97915 ab77c7 59 API calls 97914->97915 97916 ac6288 97915->97916 97917 ab77c7 59 API calls 97916->97917 97918 ac6293 97917->97918 97919 ac5bfd 59 API calls 97918->97919 97920 ac629e 97919->97920 97921 ad0f36 Mailbox 59 API calls 97920->97921 97922 ac62a5 RegisterWindowMessageW 97921->97922 97922->97872 97925 acff2e 97924->97925 97926 b05ac5 97924->97926 97927 ad0f36 Mailbox 59 API calls 97925->97927 97953 b19b90 60 API calls 97926->97953 97930 acff36 97927->97930 97929 b05ad0 97930->97876 97931->97883 97932->97885 97954 b17296 65 API calls 97932->97954 97934 ab77c7 59 API calls 97933->97934 97935 ad0167 97934->97935 97936 ab77c7 59 API calls 97935->97936 97937 ad016f 97936->97937 97938 ab77c7 59 API calls 97937->97938 97939 ad00bb 97938->97939 97939->97889 97941 ab7d38 __NMSG_WRITE 97940->97941 97942 ab7da5 97940->97942 97944 ab7d4e 97941->97944 97945 ab7d73 97941->97945 97943 ab7e8c 59 API calls 97942->97943 97948 ab7d56 _memmove 97943->97948 97949 ab8087 59 API calls Mailbox 97944->97949 97946 ab8189 59 API calls 97945->97946 97946->97948 97948->97894 97949->97948 97951 ab77c7 59 API calls 97950->97951 97952 ac5c05 97951->97952 97952->97903 97953->97929 97955 ab107d 97960 ab71eb 97955->97960 97957 ab108c 97958 ad2ec0 __cinit 67 API calls 97957->97958 97959 ab1096 97958->97959 97961 ab71fb __ftell_nolock 97960->97961 97962 ab77c7 59 API calls 97961->97962 97963 ab72b1 97962->97963 97991 ab4864 97963->97991 97965 ab72ba 97998 ad068b 97965->97998 97972 ab77c7 59 API calls 97973 ab72eb 97972->97973 97974 ab7eec 59 API calls 97973->97974 97975 ab72f4 RegOpenKeyExW 97974->97975 97976 aeec0a RegQueryValueExW 97975->97976 97981 ab7316 Mailbox 97975->97981 97977 aeec9c RegCloseKey 97976->97977 97978 aeec27 97976->97978 97979 aeecae _wcscat Mailbox __NMSG_WRITE 97977->97979 97977->97981 97980 ad0f36 Mailbox 59 API calls 97978->97980 97979->97981 97985 ab7b52 59 API calls 97979->97985 97990 ab3f84 59 API calls 97979->97990 98020 ab7f41 97979->98020 97982 aeec40 97980->97982 97981->97957 98017 ab538e 97982->98017 97985->97979 97986 aeec68 97987 ab7d2c 59 API calls 97986->97987 97988 aeec82 97987->97988 97988->97977 97990->97979 98024 ae1ac0 97991->98024 97994 ab7f41 59 API calls 97995 ab4897 97994->97995 98026 ab48ae 97995->98026 97997 ab48a1 Mailbox 97997->97965 97999 ae1ac0 __ftell_nolock 97998->97999 98000 ad0698 GetFullPathNameW 97999->98000 98001 ad06ba 98000->98001 98002 ab7d2c 59 API calls 98001->98002 98003 ab72c5 98002->98003 98004 ab7e0b 98003->98004 98005 ab7e1f 98004->98005 98006 aef0a3 98004->98006 98040 ab7db0 98005->98040 98008 ab8189 59 API calls 98006->98008 98010 aef0ae __NMSG_WRITE _memmove 98008->98010 98009 ab72d3 98011 ab3f84 98009->98011 98012 ab3f92 98011->98012 98016 ab3fb4 _memmove 98011->98016 98014 ad0f36 Mailbox 59 API calls 98012->98014 98013 ad0f36 Mailbox 59 API calls 98015 ab3fc8 98013->98015 98014->98016 98015->97972 98016->98013 98018 ad0f36 Mailbox 59 API calls 98017->98018 98019 ab53a0 RegQueryValueExW 98018->98019 98019->97986 98019->97988 98021 ab7f50 __NMSG_WRITE _memmove 98020->98021 98022 ad0f36 Mailbox 59 API calls 98021->98022 98023 ab7f8e 98022->98023 98023->97979 98025 ab4871 GetModuleFileNameW 98024->98025 98025->97994 98027 ae1ac0 __ftell_nolock 98026->98027 98028 ab48bb GetFullPathNameW 98027->98028 98029 ab48da 98028->98029 98030 ab48f7 98028->98030 98032 ab7d2c 59 API calls 98029->98032 98031 ab7eec 59 API calls 98030->98031 98033 ab48e6 98031->98033 98032->98033 98036 ab7886 98033->98036 98037 ab7894 98036->98037 98038 ab7e8c 59 API calls 98037->98038 98039 ab48f2 98038->98039 98039->97997 98041 ab7dbf __NMSG_WRITE 98040->98041 98042 ab8189 59 API calls 98041->98042 98043 ab7dd0 _memmove 98041->98043 98044 aef060 _memmove 98042->98044 98043->98009 98045 ab3633 98046 ab366a 98045->98046 98047 ab3688 98046->98047 98048 ab36e7 98046->98048 98086 ab36e5 98046->98086 98052 ab375d PostQuitMessage 98047->98052 98053 ab3695 98047->98053 98050 aed24c 98048->98050 98051 ab36ed 98048->98051 98049 ab36ca DefWindowProcW 98059 ab36d8 98049->98059 98095 ac11d0 10 API calls Mailbox 98050->98095 98054 ab36f2 98051->98054 98055 ab3715 SetTimer RegisterWindowMessageW 98051->98055 98052->98059 98056 aed2bf 98053->98056 98057 ab36a0 98053->98057 98060 aed1ef 98054->98060 98061 ab36f9 KillTimer 98054->98061 98055->98059 98062 ab373e CreatePopupMenu 98055->98062 98110 b1281f 71 API calls _memset 98056->98110 98063 ab36a8 98057->98063 98064 ab3767 98057->98064 98068 aed228 MoveWindow 98060->98068 98069 aed1f4 98060->98069 98090 ab44cb Shell_NotifyIconW _memset 98061->98090 98062->98059 98071 ab36b3 98063->98071 98072 aed2a4 98063->98072 98093 ab4531 64 API calls _memset 98064->98093 98066 aed273 98096 ac11f3 331 API calls Mailbox 98066->98096 98068->98059 98076 aed1f8 98069->98076 98077 aed217 SetFocus 98069->98077 98079 ab374b 98071->98079 98080 ab36be 98071->98080 98072->98049 98109 b07f5e 59 API calls Mailbox 98072->98109 98073 aed2d1 98073->98049 98073->98059 98075 ab375b 98075->98059 98076->98080 98081 aed201 98076->98081 98077->98059 98078 ab370c 98091 ab3114 DeleteObject DestroyWindow Mailbox 98078->98091 98092 ab45df 81 API calls _memset 98079->98092 98080->98049 98097 ab44cb Shell_NotifyIconW _memset 98080->98097 98094 ac11d0 10 API calls Mailbox 98081->98094 98086->98049 98088 aed298 98098 ab43db 98088->98098 98090->98078 98091->98059 98092->98075 98093->98075 98094->98059 98095->98066 98096->98080 98097->98088 98099 ab4406 _memset 98098->98099 98111 ab4213 98099->98111 98102 ab448b 98104 ab44c1 Shell_NotifyIconW 98102->98104 98105 ab44a5 Shell_NotifyIconW 98102->98105 98106 ab44b3 98104->98106 98105->98106 98115 ab410d 98106->98115 98108 ab44ba 98108->98086 98109->98086 98110->98073 98112 aed568 98111->98112 98113 ab4227 98111->98113 98112->98113 98114 aed571 DestroyIcon 98112->98114 98113->98102 98137 b1302e 62 API calls _W_store_winword 98113->98137 98114->98113 98116 ab4129 98115->98116 98136 ab4200 Mailbox 98115->98136 98138 ab7b76 98116->98138 98119 aed50d LoadStringW 98123 aed527 98119->98123 98120 ab4144 98121 ab7d2c 59 API calls 98120->98121 98122 ab4159 98121->98122 98122->98123 98124 ab416a 98122->98124 98125 ab7c8e 59 API calls 98123->98125 98126 ab4205 98124->98126 98127 ab4174 98124->98127 98130 aed531 98125->98130 98128 ab81a7 59 API calls 98126->98128 98143 ab7c8e 98127->98143 98132 ab417e _memset _wcscpy 98128->98132 98131 ab7e0b 59 API calls 98130->98131 98130->98132 98133 aed553 98131->98133 98134 ab41e6 Shell_NotifyIconW 98132->98134 98135 ab7e0b 59 API calls 98133->98135 98134->98136 98135->98132 98136->98108 98137->98102 98139 ad0f36 Mailbox 59 API calls 98138->98139 98140 ab7b9b 98139->98140 98141 ab8189 59 API calls 98140->98141 98142 ab4137 98141->98142 98142->98119 98142->98120 98144 aeefc4 98143->98144 98145 ab7ca0 98143->98145 98158 b07f03 59 API calls _memmove 98144->98158 98152 ab7bb1 98145->98152 98148 ab7cac 98148->98132 98149 aeefce 98150 ab81a7 59 API calls 98149->98150 98151 aeefd6 Mailbox 98150->98151 98153 ab7bbf 98152->98153 98154 ab7be5 _memmove 98152->98154 98153->98154 98155 ad0f36 Mailbox 59 API calls 98153->98155 98154->98148 98156 ab7c34 98155->98156 98157 ad0f36 Mailbox 59 API calls 98156->98157 98157->98154 98158->98149 98159 af0155 98166 abae4f Mailbox 98159->98166 98160 abb6d1 98313 b19ed4 89 API calls 4 library calls 98160->98313 98162 af0bb5 98314 b063f2 98162->98314 98164 af0bbe 98166->98160 98166->98162 98166->98164 98171 b2e037 98166->98171 98174 ac2123 98166->98174 98214 b1d106 98166->98214 98261 b1d107 98166->98261 98308 ab9df0 98166->98308 98317 b2cbf1 98171->98317 98173 b2e047 98173->98166 98461 ab9bf8 98174->98461 98177 af68de 98180 ac2189 98177->98180 98515 b1f600 59 API calls 98177->98515 98179 ad0f36 Mailbox 59 API calls 98181 ac2154 98179->98181 98191 ac2196 98180->98191 98516 ab9c9c 59 API calls 98180->98516 98182 ac2164 98181->98182 98494 ab5906 60 API calls Mailbox 98181->98494 98184 ab9997 84 API calls 98182->98184 98186 ac2172 98184->98186 98495 ab5956 98186->98495 98187 af6926 98190 af692e 98187->98190 98187->98191 98517 ab9c9c 59 API calls 98190->98517 98474 ab5e3f 98191->98474 98195 ac219d 98196 ac21b7 98195->98196 98197 af6940 98195->98197 98198 ab77c7 59 API calls 98196->98198 98199 ad0f36 Mailbox 59 API calls 98197->98199 98200 ac21bf 98198->98200 98201 af6946 98199->98201 98479 ab56d2 98200->98479 98202 af695a 98201->98202 98518 ab59b0 ReadFile SetFilePointerEx 98201->98518 98208 af695e _memmove 98202->98208 98519 b1776d 59 API calls 2 library calls 98202->98519 98206 ac21ce 98206->98208 98508 ab9b9c 59 API calls Mailbox 98206->98508 98209 ac21e2 Mailbox 98210 ac221c 98209->98210 98509 ab5dcf 98209->98509 98210->98166 98215 b1d131 98214->98215 98216 b1d126 98214->98216 98219 ab77c7 59 API calls 98215->98219 98259 b1d20b Mailbox 98215->98259 98560 ab9c9c 59 API calls 98216->98560 98218 ad0f36 Mailbox 59 API calls 98220 b1d254 98218->98220 98222 b1d155 98219->98222 98221 b1d260 98220->98221 98617 ab5906 60 API calls Mailbox 98220->98617 98225 ab9997 84 API calls 98221->98225 98224 ab77c7 59 API calls 98222->98224 98226 b1d15e 98224->98226 98227 b1d278 98225->98227 98228 ab9997 84 API calls 98226->98228 98229 ab5956 67 API calls 98227->98229 98230 b1d16a 98228->98230 98231 b1d287 98229->98231 98561 ab46f9 98230->98561 98233 b1d28b GetLastError 98231->98233 98234 b1d2bf 98231->98234 98236 b1d2a4 98233->98236 98238 b1d321 98234->98238 98239 b1d2ea 98234->98239 98235 b1d17f 98237 ab7c8e 59 API calls 98235->98237 98257 b1d214 Mailbox 98236->98257 98618 ab5a1a CloseHandle 98236->98618 98240 b1d1b2 98237->98240 98241 ad0f36 Mailbox 59 API calls 98238->98241 98242 ad0f36 Mailbox 59 API calls 98239->98242 98243 b1d204 98240->98243 98612 b13c7b 98240->98612 98244 b1d326 98241->98244 98245 b1d2ef 98242->98245 98616 ab9c9c 59 API calls 98243->98616 98251 ab77c7 59 API calls 98244->98251 98244->98257 98252 ab77c7 59 API calls 98245->98252 98254 b1d300 98245->98254 98250 b1d1c6 98253 ab7f41 59 API calls 98250->98253 98251->98257 98252->98254 98256 b1d1d3 98253->98256 98619 b1f656 59 API calls 2 library calls 98254->98619 98615 b13a6e 63 API calls Mailbox 98256->98615 98257->98166 98259->98218 98259->98257 98260 b1d1dc Mailbox 98260->98243 98262 b1d131 98261->98262 98263 b1d126 98261->98263 98266 ab77c7 59 API calls 98262->98266 98306 b1d20b Mailbox 98262->98306 98628 ab9c9c 59 API calls 98263->98628 98265 ad0f36 Mailbox 59 API calls 98267 b1d254 98265->98267 98269 b1d155 98266->98269 98268 b1d260 98267->98268 98631 ab5906 60 API calls Mailbox 98267->98631 98272 ab9997 84 API calls 98268->98272 98271 ab77c7 59 API calls 98269->98271 98273 b1d15e 98271->98273 98274 b1d278 98272->98274 98275 ab9997 84 API calls 98273->98275 98276 ab5956 67 API calls 98274->98276 98277 b1d16a 98275->98277 98278 b1d287 98276->98278 98279 ab46f9 59 API calls 98277->98279 98280 b1d28b GetLastError 98278->98280 98283 b1d2bf 98278->98283 98281 b1d17f 98279->98281 98286 b1d2a4 98280->98286 98282 ab7c8e 59 API calls 98281->98282 98287 b1d1b2 98282->98287 98284 b1d321 98283->98284 98285 b1d2ea 98283->98285 98288 ad0f36 Mailbox 59 API calls 98284->98288 98289 ad0f36 Mailbox 59 API calls 98285->98289 98304 b1d214 Mailbox 98286->98304 98632 ab5a1a CloseHandle 98286->98632 98290 b1d204 98287->98290 98295 b13c7b 3 API calls 98287->98295 98291 b1d326 98288->98291 98292 b1d2ef 98289->98292 98630 ab9c9c 59 API calls 98290->98630 98299 ab77c7 59 API calls 98291->98299 98291->98304 98297 b1d300 98292->98297 98300 ab77c7 59 API calls 98292->98300 98296 b1d1c2 98295->98296 98296->98290 98298 b1d1c6 98296->98298 98633 b1f656 59 API calls 2 library calls 98297->98633 98301 ab7f41 59 API calls 98298->98301 98299->98304 98300->98297 98303 b1d1d3 98301->98303 98629 b13a6e 63 API calls Mailbox 98303->98629 98304->98166 98306->98265 98306->98304 98307 b1d1dc Mailbox 98307->98290 98310 ab9dfb 98308->98310 98309 ab9e32 98309->98166 98310->98309 98634 ab8e34 59 API calls Mailbox 98310->98634 98312 ab9e5d 98312->98166 98313->98162 98635 b06334 98314->98635 98316 b06400 98316->98164 98355 ab9997 98317->98355 98321 b2d042 98423 b2d9dc 92 API calls Mailbox 98321->98423 98322 b2cc75 Mailbox 98322->98173 98325 b2d051 98327 b2cedb 98325->98327 98328 b2d05d 98325->98328 98326 b2ccc6 Mailbox 98326->98322 98329 ab9997 84 API calls 98326->98329 98342 b2cecd 98326->98342 98405 b1f656 59 API calls 2 library calls 98326->98405 98406 b2d0f3 61 API calls 2 library calls 98326->98406 98386 b2ca82 98327->98386 98328->98322 98329->98326 98334 b2cf14 98401 ad0d88 98334->98401 98337 b2cf47 98408 ab942e 98337->98408 98338 b2cf2e 98407 b19ed4 89 API calls 4 library calls 98338->98407 98341 b2cf39 GetCurrentProcess TerminateProcess 98341->98337 98342->98321 98342->98327 98347 b2d0b8 98347->98322 98351 b2d0cc FreeLibrary 98347->98351 98348 b2cf7f 98420 b2d75d 107 API calls _free 98348->98420 98351->98322 98354 b2cf90 98354->98347 98421 ab8ea0 59 API calls Mailbox 98354->98421 98422 ab9e9c 60 API calls Mailbox 98354->98422 98424 b2d75d 107 API calls _free 98354->98424 98356 ab99b1 98355->98356 98365 ab99ab 98355->98365 98357 ab99f9 98356->98357 98358 aef833 98356->98358 98359 aef92c __i64tow 98356->98359 98361 ab99b7 __itow 98356->98361 98425 ad3818 83 API calls 3 library calls 98357->98425 98366 ad0f36 Mailbox 59 API calls 98358->98366 98372 aef8ab Mailbox _wcscpy 98358->98372 98359->98359 98363 ad0f36 Mailbox 59 API calls 98361->98363 98364 ab99d1 98363->98364 98364->98365 98367 ab7f41 59 API calls 98364->98367 98365->98322 98373 b2d8b9 98365->98373 98368 aef878 98366->98368 98367->98365 98369 ad0f36 Mailbox 59 API calls 98368->98369 98370 aef89e 98369->98370 98371 ab7f41 59 API calls 98370->98371 98370->98372 98371->98372 98426 ad3818 83 API calls 3 library calls 98372->98426 98374 ab7faf 59 API calls 98373->98374 98375 b2d8d4 CharLowerBuffW 98374->98375 98427 b0f479 98375->98427 98379 ab77c7 59 API calls 98380 b2d90d 98379->98380 98434 ab79ab 98380->98434 98382 b2d924 98383 ab7e8c 59 API calls 98382->98383 98384 b2d930 Mailbox 98383->98384 98385 b2d96c Mailbox 98384->98385 98447 b2d0f3 61 API calls 2 library calls 98384->98447 98385->98326 98387 b2caf2 98386->98387 98388 b2ca9d 98386->98388 98392 b2db64 98387->98392 98389 ad0f36 Mailbox 59 API calls 98388->98389 98391 b2cabf 98389->98391 98390 ad0f36 Mailbox 59 API calls 98390->98391 98391->98387 98391->98390 98393 b2dd8d Mailbox 98392->98393 98400 b2db87 _strcat _wcscpy __NMSG_WRITE 98392->98400 98393->98334 98394 ab9cf8 59 API calls 98394->98400 98395 ab9d46 59 API calls 98395->98400 98396 ab9c9c 59 API calls 98396->98400 98397 ad588c 58 API calls __malloc_crt 98397->98400 98398 ab9997 84 API calls 98398->98400 98400->98393 98400->98394 98400->98395 98400->98396 98400->98397 98400->98398 98451 b1592e 61 API calls 2 library calls 98400->98451 98402 ad0d9d 98401->98402 98403 ad0e35 VirtualProtect 98402->98403 98404 ad0e03 98402->98404 98403->98404 98404->98337 98404->98338 98405->98326 98406->98326 98407->98341 98409 ab9436 98408->98409 98410 ad0f36 Mailbox 59 API calls 98409->98410 98411 ab9444 98410->98411 98412 ab9450 98411->98412 98452 ab935c 59 API calls Mailbox 98411->98452 98414 ab91b0 98412->98414 98453 ab92c0 98414->98453 98416 ab91bf 98417 ad0f36 Mailbox 59 API calls 98416->98417 98418 ab925b 98416->98418 98417->98418 98418->98354 98419 ab8ea0 59 API calls Mailbox 98418->98419 98419->98348 98420->98354 98421->98354 98422->98354 98423->98325 98424->98354 98425->98361 98426->98359 98429 b0f4a4 __NMSG_WRITE 98427->98429 98428 b0f4e3 98428->98379 98428->98384 98429->98428 98432 b0f4d9 98429->98432 98433 b0f58a 98429->98433 98432->98428 98448 ab7a24 61 API calls 98432->98448 98433->98428 98449 ab7a24 61 API calls 98433->98449 98435 ab79ba 98434->98435 98436 ab7a17 98434->98436 98435->98436 98437 ab79c5 98435->98437 98438 ab7e8c 59 API calls 98436->98438 98439 ab79e0 98437->98439 98440 aeee62 98437->98440 98443 ab79e8 _memmove 98438->98443 98450 ab8087 59 API calls Mailbox 98439->98450 98442 ab8189 59 API calls 98440->98442 98444 aeee6c 98442->98444 98443->98382 98445 ad0f36 Mailbox 59 API calls 98444->98445 98446 aeee8c 98445->98446 98447->98385 98448->98432 98449->98433 98450->98443 98451->98400 98452->98412 98454 ab92c9 Mailbox 98453->98454 98455 aef4f8 98454->98455 98460 ab92d3 98454->98460 98456 ad0f36 Mailbox 59 API calls 98455->98456 98458 aef504 98456->98458 98457 ab92da 98457->98416 98459 ab9df0 Mailbox 59 API calls 98459->98460 98460->98457 98460->98459 98462 aefb2f 98461->98462 98464 ab9c08 98461->98464 98465 ab7d2c 59 API calls 98462->98465 98468 aefb40 98462->98468 98463 ab7eec 59 API calls 98466 aefb4a 98463->98466 98467 ad0f36 Mailbox 59 API calls 98464->98467 98465->98468 98471 ab9c34 98466->98471 98472 ab77c7 59 API calls 98466->98472 98469 ab9c1b 98467->98469 98468->98463 98469->98466 98470 ab9c26 98469->98470 98470->98471 98473 ab7f41 59 API calls 98470->98473 98471->98177 98471->98179 98472->98471 98473->98471 98520 ab5c4e 98474->98520 98477 ab5c4e 2 API calls 98478 ab5e74 98477->98478 98478->98195 98480 ab56dd 98479->98480 98481 ab5702 98479->98481 98480->98481 98486 ab56ec 98480->98486 98482 ab7eec 59 API calls 98481->98482 98485 b132a2 98482->98485 98483 b132d1 98483->98206 98485->98483 98530 b1323e ReadFile SetFilePointerEx 98485->98530 98531 ab7a84 59 API calls 2 library calls 98485->98531 98487 ab5c18 59 API calls 98486->98487 98489 b133c2 98487->98489 98490 ab5632 61 API calls 98489->98490 98491 b133d0 98490->98491 98493 b133e0 Mailbox 98491->98493 98532 ab793a 61 API calls Mailbox 98491->98532 98493->98206 98494->98182 98496 ab5dcf CloseHandle 98495->98496 98497 ab5962 98496->98497 98533 ab5df9 98497->98533 98499 ab5981 98503 ab59a4 98499->98503 98541 ab5770 98499->98541 98501 ab5993 98558 ab53db SetFilePointerEx SetFilePointerEx 98501->98558 98503->98177 98503->98180 98514 ab5a1a CloseHandle 98503->98514 98504 ab599a 98504->98503 98505 aedf60 98504->98505 98559 b1349e SetFilePointerEx SetFilePointerEx WriteFile 98505->98559 98507 aedf90 98507->98503 98508->98209 98510 ab5dd9 98509->98510 98511 ab5de8 98509->98511 98510->98210 98513 ab5a1a CloseHandle 98510->98513 98511->98510 98512 ab5ded CloseHandle 98511->98512 98512->98510 98513->98210 98514->98177 98515->98177 98516->98187 98517->98195 98518->98202 98519->98208 98527 ab5c68 98520->98527 98521 ab5cef SetFilePointerEx 98528 ab5dae SetFilePointerEx 98521->98528 98522 aee081 98529 ab5dae SetFilePointerEx 98522->98529 98525 ab5cc3 98525->98477 98526 aee09b 98527->98521 98527->98522 98527->98525 98528->98525 98529->98526 98530->98485 98531->98485 98532->98493 98534 ab5e12 CreateFileW 98533->98534 98535 aee0b1 98533->98535 98536 ab5e34 98534->98536 98535->98536 98537 aee0b7 CreateFileW 98535->98537 98536->98499 98537->98536 98538 aee0dd 98537->98538 98539 ab5c4e 2 API calls 98538->98539 98540 aee0e8 98539->98540 98540->98536 98542 aedefe 98541->98542 98543 ab578b 98541->98543 98546 ab5e3f 2 API calls 98542->98546 98557 ab581a 98542->98557 98544 ab5c4e 2 API calls 98543->98544 98543->98557 98545 ab57ad 98544->98545 98547 ab538e 59 API calls 98545->98547 98546->98557 98548 ab57b7 98547->98548 98548->98542 98549 ab57c4 98548->98549 98550 ad0f36 Mailbox 59 API calls 98549->98550 98551 ab57cf 98550->98551 98552 ab538e 59 API calls 98551->98552 98553 ab57da 98552->98553 98554 ab5d20 2 API calls 98553->98554 98555 ab5807 98554->98555 98556 ab5c4e 2 API calls 98555->98556 98556->98557 98557->98501 98558->98504 98559->98507 98560->98215 98562 ab77c7 59 API calls 98561->98562 98563 ab470f 98562->98563 98564 ab77c7 59 API calls 98563->98564 98565 ab4717 98564->98565 98566 ab77c7 59 API calls 98565->98566 98567 ab471f 98566->98567 98568 ab77c7 59 API calls 98567->98568 98569 ab4727 98568->98569 98570 ab475b 98569->98570 98571 aed82b 98569->98571 98572 ab79ab 59 API calls 98570->98572 98573 ab81a7 59 API calls 98571->98573 98574 ab4769 98572->98574 98575 aed834 98573->98575 98576 ab7e8c 59 API calls 98574->98576 98577 ab7eec 59 API calls 98575->98577 98578 ab4773 98576->98578 98581 ab479e 98577->98581 98580 ab79ab 59 API calls 98578->98580 98578->98581 98579 ab47de 98582 ab79ab 59 API calls 98579->98582 98583 ab4794 98580->98583 98581->98579 98584 ab47bd 98581->98584 98593 aed854 98581->98593 98586 ab47ef 98582->98586 98587 ab7e8c 59 API calls 98583->98587 98620 ab7b52 98584->98620 98591 ab4801 98586->98591 98594 ab81a7 59 API calls 98586->98594 98587->98581 98588 aed924 98589 ab7d2c 59 API calls 98588->98589 98608 aed8e1 98589->98608 98592 ab4811 98591->98592 98595 ab81a7 59 API calls 98591->98595 98597 ab4818 98592->98597 98599 ab81a7 59 API calls 98592->98599 98593->98588 98596 aed90d 98593->98596 98603 aed88b 98593->98603 98594->98591 98595->98592 98596->98588 98601 aed8f8 98596->98601 98600 ab81a7 59 API calls 98597->98600 98607 ab481f Mailbox 98597->98607 98598 ab79ab 59 API calls 98598->98579 98599->98597 98600->98607 98605 ab7d2c 59 API calls 98601->98605 98602 aed8e9 98604 ab7d2c 59 API calls 98602->98604 98603->98602 98610 aed8d4 98603->98610 98604->98608 98605->98608 98606 ab7b52 59 API calls 98606->98608 98607->98235 98608->98579 98608->98606 98623 ab7a84 59 API calls 2 library calls 98608->98623 98611 ab7d2c 59 API calls 98610->98611 98611->98608 98624 b1449b GetFileAttributesW 98612->98624 98615->98260 98616->98259 98617->98221 98618->98257 98619->98257 98621 ab7faf 59 API calls 98620->98621 98622 ab47c7 98621->98622 98622->98579 98622->98598 98623->98608 98625 b13c82 98624->98625 98626 b144b6 FindFirstFileW 98624->98626 98625->98243 98625->98250 98626->98625 98627 b144cb FindClose 98626->98627 98627->98625 98628->98262 98629->98307 98630->98306 98631->98268 98632->98304 98633->98304 98634->98312 98636 b0635c 98635->98636 98637 b0633f 98635->98637 98636->98316 98637->98636 98639 b0631f 59 API calls Mailbox 98637->98639 98639->98637 98640 aefe35 98641 aefe3f 98640->98641 98677 abac90 Mailbox _memmove 98640->98677 98778 ab8e34 59 API calls Mailbox 98641->98778 98645 ad0f36 59 API calls Mailbox 98664 aba097 Mailbox 98645->98664 98647 abb5d5 98652 ab81a7 59 API calls 98647->98652 98650 abb5da 98787 b19ed4 89 API calls 4 library calls 98650->98787 98663 aba1b7 98652->98663 98653 af03ae 98782 b19ed4 89 API calls 4 library calls 98653->98782 98655 ab77c7 59 API calls 98655->98664 98657 ab81a7 59 API calls 98657->98664 98658 ab7f41 59 API calls 98658->98677 98659 af03bd 98660 ad2ec0 67 API calls __cinit 98660->98664 98662 b071e5 59 API calls 98662->98664 98664->98645 98664->98647 98664->98650 98664->98653 98664->98655 98664->98657 98664->98660 98664->98662 98664->98663 98666 af0d2f 98664->98666 98669 aba6ba 98664->98669 98773 abca20 331 API calls 2 library calls 98664->98773 98774 abba60 60 API calls Mailbox 98664->98774 98665 b063f2 Mailbox 59 API calls 98665->98663 98786 b19ed4 89 API calls 4 library calls 98666->98786 98785 b19ed4 89 API calls 4 library calls 98669->98785 98670 b063f2 Mailbox 59 API calls 98670->98677 98671 abb416 98777 abf803 331 API calls 98671->98777 98672 aba000 331 API calls 98672->98677 98674 af0bc3 98675 ab9df0 Mailbox 59 API calls 98674->98675 98679 af0bb5 98675->98679 98676 af0bd1 98784 b19ed4 89 API calls 4 library calls 98676->98784 98677->98658 98677->98663 98677->98664 98677->98670 98677->98671 98677->98672 98677->98674 98677->98676 98680 abb37c 98677->98680 98682 ad0f36 59 API calls Mailbox 98677->98682 98685 abade2 Mailbox 98677->98685 98687 abb685 98677->98687 98695 b2c3f4 98677->98695 98727 b179ff 98677->98727 98733 b2bd80 98677->98733 98779 b071e5 59 API calls 98677->98779 98780 b2c2a7 85 API calls 2 library calls 98677->98780 98679->98663 98679->98665 98775 ab9e9c 60 API calls Mailbox 98680->98775 98682->98677 98683 abb38d 98776 ab9e9c 60 API calls Mailbox 98683->98776 98685->98687 98690 abae4f Mailbox 98685->98690 98781 b071e5 59 API calls 98685->98781 98783 b19ed4 89 API calls 4 library calls 98687->98783 98689 ab9df0 Mailbox 59 API calls 98689->98690 98690->98663 98690->98679 98690->98687 98690->98689 98691 b2e037 130 API calls 98690->98691 98692 b1d107 101 API calls 98690->98692 98693 b1d106 101 API calls 98690->98693 98694 ac2123 95 API calls 98690->98694 98691->98690 98692->98690 98693->98690 98694->98690 98696 ab77c7 59 API calls 98695->98696 98697 b2c408 98696->98697 98698 ab77c7 59 API calls 98697->98698 98699 b2c410 98698->98699 98700 ab77c7 59 API calls 98699->98700 98701 b2c418 98700->98701 98702 ab9997 84 API calls 98701->98702 98726 b2c426 98702->98726 98703 ab7a84 59 API calls 98703->98726 98704 ab7d2c 59 API calls 98704->98726 98705 b2c60f 98706 b2c63c Mailbox 98705->98706 98790 ab9b9c 59 API calls Mailbox 98705->98790 98706->98677 98708 b2c5f6 98709 ab7e0b 59 API calls 98708->98709 98711 b2c603 98709->98711 98710 b2c611 98712 ab7e0b 59 API calls 98710->98712 98715 ab7c8e 59 API calls 98711->98715 98716 b2c620 98712->98716 98713 ab81a7 59 API calls 98713->98726 98714 ab7faf 59 API calls 98718 b2c4bd CharUpperBuffW 98714->98718 98715->98705 98719 ab7c8e 59 API calls 98716->98719 98717 ab7faf 59 API calls 98720 b2c57d CharUpperBuffW 98717->98720 98788 ab859a 68 API calls 98718->98788 98719->98705 98789 abc707 69 API calls 2 library calls 98720->98789 98723 ab9997 84 API calls 98723->98726 98724 ab7e0b 59 API calls 98724->98726 98725 ab7c8e 59 API calls 98725->98726 98726->98703 98726->98704 98726->98705 98726->98706 98726->98708 98726->98710 98726->98713 98726->98714 98726->98717 98726->98723 98726->98724 98726->98725 98728 b17a0b 98727->98728 98729 ad0f36 Mailbox 59 API calls 98728->98729 98730 b17a19 98729->98730 98731 b17a27 98730->98731 98732 ab77c7 59 API calls 98730->98732 98731->98677 98732->98731 98734 b2bdc5 98733->98734 98735 b2bdab 98733->98735 98792 b2a328 59 API calls Mailbox 98734->98792 98791 b19ed4 89 API calls 4 library calls 98735->98791 98738 b2bdd0 98739 aba000 330 API calls 98738->98739 98740 b2be31 98739->98740 98741 b2bec3 98740->98741 98744 b2be72 98740->98744 98766 b2bdbd Mailbox 98740->98766 98742 b2bf19 98741->98742 98743 b2bec9 98741->98743 98745 ab9997 84 API calls 98742->98745 98742->98766 98813 b179c3 59 API calls 98743->98813 98793 b17388 59 API calls Mailbox 98744->98793 98747 b2bf2b 98745->98747 98750 ab7faf 59 API calls 98747->98750 98748 b2beec 98814 ab5ea1 59 API calls Mailbox 98748->98814 98753 b2bf4f CharUpperBuffW 98750->98753 98752 b2bea2 98794 abf5c0 98752->98794 98756 b2bf69 98753->98756 98754 b2bef4 Mailbox 98815 abfe40 331 API calls 2 library calls 98754->98815 98757 b2bf70 98756->98757 98758 b2bfbc 98756->98758 98816 b17388 59 API calls Mailbox 98757->98816 98760 ab9997 84 API calls 98758->98760 98761 b2bfc4 98760->98761 98817 ab9fbd 60 API calls 98761->98817 98764 b2bf9e 98765 abf5c0 330 API calls 98764->98765 98765->98766 98766->98677 98767 b2bfce 98767->98766 98768 ab9997 84 API calls 98767->98768 98769 b2bfe9 98768->98769 98818 ab5ea1 59 API calls Mailbox 98769->98818 98771 b2bff9 98819 abfe40 331 API calls 2 library calls 98771->98819 98773->98664 98774->98664 98775->98683 98776->98671 98777->98687 98778->98677 98779->98677 98780->98677 98781->98685 98782->98659 98783->98679 98784->98679 98785->98663 98786->98650 98787->98663 98788->98726 98789->98726 98790->98706 98791->98766 98792->98738 98793->98752 98795 abf61a 98794->98795 98796 abf7b0 98794->98796 98797 af4777 98795->98797 98798 abf626 98795->98798 98799 ab7f41 59 API calls 98796->98799 98800 b2bd80 331 API calls 98797->98800 98915 abf3f0 331 API calls 2 library calls 98798->98915 98805 abf6ec Mailbox 98799->98805 98802 af4785 98800->98802 98806 abf790 98802->98806 98916 b19ed4 89 API calls 4 library calls 98802->98916 98804 abf65d 98804->98802 98804->98805 98804->98806 98812 b13c7b 3 API calls 98805->98812 98820 ab4faa 98805->98820 98826 b1cc06 98805->98826 98906 b24570 98805->98906 98806->98766 98807 ab9df0 Mailbox 59 API calls 98808 abf743 98807->98808 98808->98806 98808->98807 98812->98808 98813->98748 98814->98754 98815->98766 98816->98764 98817->98767 98818->98771 98819->98766 98821 ab4fbb 98820->98821 98822 ab4fb4 98820->98822 98824 ab4fdb FreeLibrary 98821->98824 98825 ab4fca 98821->98825 98917 ad5516 98822->98917 98824->98825 98825->98808 98827 ab77c7 59 API calls 98826->98827 98828 b1cc3b 98827->98828 98829 ab77c7 59 API calls 98828->98829 98830 b1cc44 98829->98830 98831 b1cc58 98830->98831 99324 ab9c9c 59 API calls 98830->99324 98833 ab9997 84 API calls 98831->98833 98834 b1cc75 98833->98834 98835 b1cc97 98834->98835 98836 b1cd76 98834->98836 98842 b1cda6 Mailbox 98834->98842 98837 ab9997 84 API calls 98835->98837 99191 ab4f3d 98836->99191 98840 b1cca3 98837->98840 98843 ab81a7 59 API calls 98840->98843 98841 b1cda2 98841->98842 98846 ab77c7 59 API calls 98841->98846 98842->98808 98844 b1ccaf 98843->98844 98849 b1ccc3 98844->98849 98850 b1ccf5 98844->98850 98845 ab4f3d 136 API calls 98845->98841 98847 b1cdd7 98846->98847 98848 ab77c7 59 API calls 98847->98848 98851 b1cde0 98848->98851 98852 ab81a7 59 API calls 98849->98852 98853 ab9997 84 API calls 98850->98853 98854 ab77c7 59 API calls 98851->98854 98855 b1ccd3 98852->98855 98856 b1cd02 98853->98856 98857 b1cde9 98854->98857 98859 ab7e0b 59 API calls 98855->98859 98860 ab81a7 59 API calls 98856->98860 98858 ab77c7 59 API calls 98857->98858 98861 b1cdf2 98858->98861 98862 b1ccdd 98859->98862 98863 b1cd0e 98860->98863 98865 ab9997 84 API calls 98861->98865 98866 ab9997 84 API calls 98862->98866 99325 b14ad8 GetFileAttributesW 98863->99325 98868 b1cdff 98865->98868 98869 b1cce9 98866->98869 98867 b1cd17 98870 b1cd2a 98867->98870 98873 ab7b52 59 API calls 98867->98873 98871 ab46f9 59 API calls 98868->98871 98872 ab7c8e 59 API calls 98869->98872 98875 ab9997 84 API calls 98870->98875 98881 b1cd30 98870->98881 98874 b1ce1a 98871->98874 98872->98850 98873->98870 98876 ab7b52 59 API calls 98874->98876 98877 b1cd57 98875->98877 98878 b1ce29 98876->98878 99326 b13833 75 API calls Mailbox 98877->99326 98880 b1ce5d 98878->98880 98883 ab7b52 59 API calls 98878->98883 98882 ab81a7 59 API calls 98880->98882 98881->98842 98884 b1ce6b 98882->98884 98885 b1ce3a 98883->98885 98886 ab7c8e 59 API calls 98884->98886 98885->98880 98888 ab7d2c 59 API calls 98885->98888 98887 b1ce79 98886->98887 98889 ab7c8e 59 API calls 98887->98889 98890 b1ce4f 98888->98890 98891 b1ce87 98889->98891 98892 ab7d2c 59 API calls 98890->98892 98893 ab7c8e 59 API calls 98891->98893 98892->98880 98894 b1ce95 98893->98894 98895 ab9997 84 API calls 98894->98895 98896 b1cea1 98895->98896 99215 b140b2 98896->99215 98907 ab9997 84 API calls 98906->98907 98908 b245aa 98907->98908 99892 ab63a0 98908->99892 98910 b245ba 98911 b245df 98910->98911 98912 aba000 331 API calls 98910->98912 98913 ab9bf8 59 API calls 98911->98913 98914 b245e3 98911->98914 98912->98911 98913->98914 98914->98808 98915->98804 98916->98806 98918 ad5522 _fprintf 98917->98918 98919 ad554e 98918->98919 98920 ad5536 98918->98920 98927 ad5546 _fprintf 98919->98927 98930 ad6d8e 98919->98930 98952 ad8ca8 58 API calls __getptd_noexit 98920->98952 98923 ad553b 98953 ad8f36 9 API calls __filbuf 98923->98953 98927->98821 98931 ad6d9e 98930->98931 98932 ad6dc0 EnterCriticalSection 98930->98932 98931->98932 98934 ad6da6 98931->98934 98933 ad5560 98932->98933 98936 ad54aa 98933->98936 98935 ad9d8b __lock 58 API calls 98934->98935 98935->98933 98937 ad54cd 98936->98937 98938 ad54b9 98936->98938 98940 ad54c9 98937->98940 98955 ad4bad 98937->98955 98998 ad8ca8 58 API calls __getptd_noexit 98938->98998 98954 ad5585 LeaveCriticalSection LeaveCriticalSection _fprintf 98940->98954 98941 ad54be 98999 ad8f36 9 API calls __filbuf 98941->98999 98948 ad54e7 98972 ae0b82 98948->98972 98950 ad54ed 98950->98940 98951 ad2ed5 _free 58 API calls 98950->98951 98951->98940 98952->98923 98953->98927 98954->98927 98956 ad4bc0 98955->98956 98957 ad4be4 98955->98957 98956->98957 98958 ad4856 __filbuf 58 API calls 98956->98958 98961 ae0cf7 98957->98961 98959 ad4bdd 98958->98959 99000 adda06 98959->99000 98962 ad54e1 98961->98962 98963 ae0d04 98961->98963 98965 ad4856 98962->98965 98963->98962 98964 ad2ed5 _free 58 API calls 98963->98964 98964->98962 98966 ad4875 98965->98966 98967 ad4860 98965->98967 98966->98948 99146 ad8ca8 58 API calls __getptd_noexit 98967->99146 98969 ad4865 99147 ad8f36 9 API calls __filbuf 98969->99147 98971 ad4870 98971->98948 98973 ae0b8e _fprintf 98972->98973 98974 ae0b9b 98973->98974 98975 ae0bb2 98973->98975 99163 ad8c74 58 API calls __getptd_noexit 98974->99163 98976 ae0c3d 98975->98976 98978 ae0bc2 98975->98978 99168 ad8c74 58 API calls __getptd_noexit 98976->99168 98981 ae0bea 98978->98981 98982 ae0be0 98978->98982 98980 ae0ba0 99164 ad8ca8 58 API calls __getptd_noexit 98980->99164 98986 add386 ___lock_fhandle 59 API calls 98981->98986 99165 ad8c74 58 API calls __getptd_noexit 98982->99165 98983 ae0be5 99169 ad8ca8 58 API calls __getptd_noexit 98983->99169 98988 ae0bf0 98986->98988 98990 ae0c0e 98988->98990 98991 ae0c03 98988->98991 98989 ae0c49 99170 ad8f36 9 API calls __filbuf 98989->99170 99166 ad8ca8 58 API calls __getptd_noexit 98990->99166 99148 ae0c5d 98991->99148 98994 ae0ba7 _fprintf 98994->98950 98996 ae0c09 99167 ae0c35 LeaveCriticalSection __unlock_fhandle 98996->99167 98998->98941 98999->98940 99001 adda12 _fprintf 99000->99001 99002 adda1f 99001->99002 99003 adda36 99001->99003 99101 ad8c74 58 API calls __getptd_noexit 99002->99101 99005 addad5 99003->99005 99007 adda4a 99003->99007 99107 ad8c74 58 API calls __getptd_noexit 99005->99107 99006 adda24 99102 ad8ca8 58 API calls __getptd_noexit 99006->99102 99011 adda68 99007->99011 99012 adda72 99007->99012 99009 adda6d 99108 ad8ca8 58 API calls __getptd_noexit 99009->99108 99103 ad8c74 58 API calls __getptd_noexit 99011->99103 99028 add386 99012->99028 99016 adda78 99018 adda9e 99016->99018 99019 adda8b 99016->99019 99017 addae1 99109 ad8f36 9 API calls __filbuf 99017->99109 99104 ad8ca8 58 API calls __getptd_noexit 99018->99104 99037 addaf5 99019->99037 99023 adda2b _fprintf 99023->98957 99024 adda97 99106 addacd LeaveCriticalSection __unlock_fhandle 99024->99106 99025 addaa3 99105 ad8c74 58 API calls __getptd_noexit 99025->99105 99029 add392 _fprintf 99028->99029 99030 add3e1 EnterCriticalSection 99029->99030 99031 ad9d8b __lock 58 API calls 99029->99031 99032 add407 _fprintf 99030->99032 99033 add3b7 99031->99033 99032->99016 99034 add3cf 99033->99034 99110 ad9fab InitializeCriticalSectionAndSpinCount 99033->99110 99111 add40b LeaveCriticalSection _doexit 99034->99111 99038 addb02 __ftell_nolock 99037->99038 99039 addb41 99038->99039 99040 addb60 99038->99040 99065 addb36 99038->99065 99121 ad8c74 58 API calls __getptd_noexit 99039->99121 99043 addbb8 99040->99043 99044 addb9c 99040->99044 99048 addbd1 99043->99048 99127 ae1a41 60 API calls 3 library calls 99043->99127 99124 ad8c74 58 API calls __getptd_noexit 99044->99124 99045 ade356 99045->99024 99046 addb46 99122 ad8ca8 58 API calls __getptd_noexit 99046->99122 99112 ae5deb 99048->99112 99051 addb4d 99123 ad8f36 9 API calls __filbuf 99051->99123 99053 addba1 99125 ad8ca8 58 API calls __getptd_noexit 99053->99125 99055 addbdf 99057 addf38 99055->99057 99128 ad9b2c 58 API calls 2 library calls 99055->99128 99059 ade2cb WriteFile 99057->99059 99060 addf56 99057->99060 99058 addba8 99126 ad8f36 9 API calls __filbuf 99058->99126 99063 addf2b GetLastError 99059->99063 99070 addef8 99059->99070 99064 ade07a 99060->99064 99073 addf6c 99060->99073 99063->99070 99075 ade085 99064->99075 99078 ade16f 99064->99078 99135 adc776 99065->99135 99066 addc0b GetConsoleMode 99066->99057 99068 addc4a 99066->99068 99067 ade304 99067->99065 99133 ad8ca8 58 API calls __getptd_noexit 99067->99133 99068->99057 99071 addc5a GetConsoleCP 99068->99071 99070->99065 99070->99067 99077 ade058 99070->99077 99071->99067 99098 addc89 99071->99098 99072 addfdb WriteFile 99072->99063 99074 ade018 99072->99074 99073->99067 99073->99072 99074->99073 99079 ade03c 99074->99079 99075->99067 99080 ade0ea WriteFile 99075->99080 99076 ade332 99134 ad8c74 58 API calls __getptd_noexit 99076->99134 99082 ade2fb 99077->99082 99083 ade063 99077->99083 99078->99067 99084 ade1e4 WideCharToMultiByte 99078->99084 99079->99070 99080->99063 99085 ade139 99080->99085 99132 ad8c87 58 API calls 3 library calls 99082->99132 99130 ad8ca8 58 API calls __getptd_noexit 99083->99130 99084->99063 99093 ade22b 99084->99093 99085->99070 99085->99075 99085->99079 99088 ade233 WriteFile 99091 ade286 GetLastError 99088->99091 99088->99093 99089 ade068 99131 ad8c74 58 API calls __getptd_noexit 99089->99131 99091->99093 99093->99070 99093->99078 99093->99079 99093->99088 99094 addddf 99094->99063 99094->99070 99094->99098 99099 ae7bde WriteConsoleW CreateFileW __putwch_nolock 99094->99099 99100 adde07 WriteFile 99094->99100 99095 ae643a 60 API calls __write_nolock 99095->99098 99096 addd72 WideCharToMultiByte 99096->99070 99097 adddad WriteFile 99096->99097 99097->99063 99097->99094 99098->99070 99098->99094 99098->99095 99098->99096 99129 ad3775 58 API calls __isleadbyte_l 99098->99129 99099->99094 99100->99063 99100->99094 99101->99006 99102->99023 99103->99009 99104->99025 99105->99024 99106->99023 99107->99009 99108->99017 99109->99023 99110->99034 99111->99030 99113 ae5df6 99112->99113 99114 ae5e03 99112->99114 99142 ad8ca8 58 API calls __getptd_noexit 99113->99142 99116 ae5e0f 99114->99116 99143 ad8ca8 58 API calls __getptd_noexit 99114->99143 99116->99055 99118 ae5dfb 99118->99055 99119 ae5e30 99144 ad8f36 9 API calls __filbuf 99119->99144 99121->99046 99122->99051 99123->99065 99124->99053 99125->99058 99126->99065 99127->99048 99128->99066 99129->99098 99130->99089 99131->99065 99132->99065 99133->99076 99134->99065 99136 adc77e 99135->99136 99137 adc780 IsProcessorFeaturePresent 99135->99137 99136->99045 99139 ae5a8a 99137->99139 99145 ae5a39 5 API calls 2 library calls 99139->99145 99141 ae5b6d 99141->99045 99142->99118 99143->99119 99144->99118 99145->99141 99146->98969 99147->98971 99171 add643 99148->99171 99150 ae0cc1 99184 add5bd 59 API calls 2 library calls 99150->99184 99152 ae0c6b 99152->99150 99154 add643 __commit 58 API calls 99152->99154 99162 ae0c9f 99152->99162 99153 ae0cc9 99161 ae0ceb 99153->99161 99185 ad8c87 58 API calls 3 library calls 99153->99185 99156 ae0c96 99154->99156 99155 add643 __commit 58 API calls 99157 ae0cab CloseHandle 99155->99157 99159 add643 __commit 58 API calls 99156->99159 99157->99150 99160 ae0cb7 GetLastError 99157->99160 99159->99162 99160->99150 99161->98996 99162->99150 99162->99155 99163->98980 99164->98994 99165->98983 99166->98996 99167->98994 99168->98983 99169->98989 99170->98994 99172 add64e 99171->99172 99173 add663 99171->99173 99186 ad8c74 58 API calls __getptd_noexit 99172->99186 99179 add688 99173->99179 99188 ad8c74 58 API calls __getptd_noexit 99173->99188 99176 add653 99187 ad8ca8 58 API calls __getptd_noexit 99176->99187 99177 add692 99189 ad8ca8 58 API calls __getptd_noexit 99177->99189 99179->99152 99181 add65b 99181->99152 99182 add69a 99190 ad8f36 9 API calls __filbuf 99182->99190 99184->99153 99185->99161 99186->99176 99187->99181 99188->99177 99189->99182 99190->99181 99327 ab4d13 99191->99327 99196 aedc3f 99199 ab4faa 84 API calls 99196->99199 99197 ab4f68 LoadLibraryExW 99337 ab4cc8 99197->99337 99201 aedc46 99199->99201 99203 ab4cc8 3 API calls 99201->99203 99205 aedc4e 99203->99205 99204 ab4f8f 99204->99205 99206 ab4f9b 99204->99206 99363 ab506b 99205->99363 99208 ab4faa 84 API calls 99206->99208 99210 ab4fa0 99208->99210 99210->98841 99210->98845 99212 aedc75 99371 ab5027 99212->99371 99216 b140ce 99215->99216 99217 b140e1 99216->99217 99218 b140d3 99216->99218 99220 ab77c7 59 API calls 99217->99220 99219 ab81a7 59 API calls 99218->99219 99324->98831 99325->98867 99326->98881 99376 ab4d61 99327->99376 99330 ab4d61 2 API calls 99333 ab4d3a 99330->99333 99331 ab4d4a FreeLibrary 99332 ab4d53 99331->99332 99334 ad53cb 99332->99334 99333->99331 99333->99332 99380 ad53e0 99334->99380 99336 ab4f5c 99336->99196 99336->99197 99538 ab4d94 99337->99538 99340 ab4d94 2 API calls 99343 ab4ced 99340->99343 99341 ab4d08 99344 ab4dd0 99341->99344 99342 ab4cff FreeLibrary 99342->99341 99343->99341 99343->99342 99345 ad0f36 Mailbox 59 API calls 99344->99345 99346 ab4de5 99345->99346 99347 ab538e 59 API calls 99346->99347 99348 ab4df1 _memmove 99347->99348 99349 ab4e2c 99348->99349 99350 ab4ee9 99348->99350 99351 ab4f21 99348->99351 99352 ab5027 69 API calls 99349->99352 99542 ab4fe9 CreateStreamOnHGlobal 99350->99542 99553 b199c4 95 API calls 99351->99553 99358 ab4e35 99352->99358 99355 ab506b 74 API calls 99355->99358 99356 ab4ec9 99356->99204 99358->99355 99358->99356 99359 aedc00 99358->99359 99548 ab5045 99358->99548 99360 ab5045 85 API calls 99359->99360 99361 aedc14 99360->99361 99362 ab506b 74 API calls 99361->99362 99362->99356 99364 ab507d 99363->99364 99365 aedd26 99363->99365 99571 ad5752 99364->99571 99368 b191b2 99751 b19008 99368->99751 99370 b191c8 99370->99212 99372 ab5036 99371->99372 99375 aedce9 99371->99375 99756 ad5dd0 99372->99756 99374 ab503e 99377 ab4d2e 99376->99377 99378 ab4d6a LoadLibraryA 99376->99378 99377->99330 99377->99333 99378->99377 99379 ab4d7b GetProcAddress 99378->99379 99379->99377 99383 ad53ec _fprintf 99380->99383 99381 ad53ff 99429 ad8ca8 58 API calls __getptd_noexit 99381->99429 99383->99381 99385 ad5430 99383->99385 99384 ad5404 99430 ad8f36 9 API calls __filbuf 99384->99430 99399 ae0668 99385->99399 99388 ad5435 99389 ad543e 99388->99389 99390 ad544b 99388->99390 99431 ad8ca8 58 API calls __getptd_noexit 99389->99431 99392 ad5475 99390->99392 99393 ad5455 99390->99393 99414 ae0787 99392->99414 99432 ad8ca8 58 API calls __getptd_noexit 99393->99432 99398 ad540f @_EH4_CallFilterFunc@8 _fprintf 99398->99336 99400 ae0674 _fprintf 99399->99400 99401 ad9d8b __lock 58 API calls 99400->99401 99412 ae0682 99401->99412 99402 ae06f6 99434 ae077e 99402->99434 99403 ae06fd 99439 ad899d 58 API calls __malloc_crt 99403->99439 99406 ae0773 _fprintf 99406->99388 99407 ae0704 99407->99402 99440 ad9fab InitializeCriticalSectionAndSpinCount 99407->99440 99409 ad9e13 __mtinitlocknum 58 API calls 99409->99412 99411 ae072a EnterCriticalSection 99411->99402 99412->99402 99412->99403 99412->99409 99437 ad6dcd 59 API calls __lock 99412->99437 99438 ad6e37 LeaveCriticalSection LeaveCriticalSection _doexit 99412->99438 99423 ae07a7 __wopenfile 99414->99423 99415 ae07c1 99445 ad8ca8 58 API calls __getptd_noexit 99415->99445 99417 ae097c 99417->99415 99421 ae09df 99417->99421 99418 ae07c6 99446 ad8f36 9 API calls __filbuf 99418->99446 99420 ad5480 99433 ad54a2 LeaveCriticalSection LeaveCriticalSection _fprintf 99420->99433 99442 ae8721 99421->99442 99423->99415 99423->99417 99423->99423 99447 ad394b 60 API calls 2 library calls 99423->99447 99425 ae0975 99425->99417 99448 ad394b 60 API calls 2 library calls 99425->99448 99427 ae0994 99427->99417 99449 ad394b 60 API calls 2 library calls 99427->99449 99429->99384 99430->99398 99431->99398 99432->99398 99433->99398 99441 ad9ef5 LeaveCriticalSection 99434->99441 99436 ae0785 99436->99406 99437->99412 99438->99412 99439->99407 99440->99411 99441->99436 99450 ae7f05 99442->99450 99444 ae873a 99444->99420 99445->99418 99446->99420 99447->99425 99448->99427 99449->99417 99452 ae7f11 _fprintf 99450->99452 99451 ae7f27 99535 ad8ca8 58 API calls __getptd_noexit 99451->99535 99452->99451 99454 ae7f5d 99452->99454 99461 ae7fce 99454->99461 99455 ae7f2c 99536 ad8f36 9 API calls __filbuf 99455->99536 99458 ae7f79 99537 ae7fa2 LeaveCriticalSection __unlock_fhandle 99458->99537 99460 ae7f36 _fprintf 99460->99444 99462 ae7fee 99461->99462 99463 ad465a __wsopen_nolock 58 API calls 99462->99463 99466 ae800a 99463->99466 99464 ad8f46 __invoke_watson 8 API calls 99465 ae8720 99464->99465 99467 ae7f05 __wsopen_helper 103 API calls 99465->99467 99468 ae8044 99466->99468 99474 ae8067 99466->99474 99510 ae8141 99466->99510 99469 ae873a 99467->99469 99470 ad8c74 __commit 58 API calls 99468->99470 99469->99458 99471 ae8049 99470->99471 99472 ad8ca8 __filbuf 58 API calls 99471->99472 99473 ae8056 99472->99473 99476 ad8f36 __filbuf 9 API calls 99473->99476 99475 ae8125 99474->99475 99481 ae8103 99474->99481 99477 ad8c74 __commit 58 API calls 99475->99477 99503 ae8060 99476->99503 99478 ae812a 99477->99478 99479 ad8ca8 __filbuf 58 API calls 99478->99479 99480 ae8137 99479->99480 99482 ad8f36 __filbuf 9 API calls 99480->99482 99483 add414 __alloc_osfhnd 61 API calls 99481->99483 99482->99510 99484 ae81d1 99483->99484 99485 ae81fe 99484->99485 99486 ae81db 99484->99486 99487 ae7e7d ___createFile GetModuleHandleW GetProcAddress CreateFileW 99485->99487 99488 ad8c74 __commit 58 API calls 99486->99488 99497 ae8220 99487->99497 99489 ae81e0 99488->99489 99491 ad8ca8 __filbuf 58 API calls 99489->99491 99490 ae829e GetFileType 99494 ae82eb 99490->99494 99495 ae82a9 GetLastError 99490->99495 99493 ae81ea 99491->99493 99492 ae826c GetLastError 99498 ad8c87 __dosmaperr 58 API calls 99492->99498 99499 ad8ca8 __filbuf 58 API calls 99493->99499 99506 add6aa __set_osfhnd 59 API calls 99494->99506 99496 ad8c87 __dosmaperr 58 API calls 99495->99496 99500 ae82d0 CloseHandle 99496->99500 99497->99490 99497->99492 99501 ae7e7d ___createFile GetModuleHandleW GetProcAddress CreateFileW 99497->99501 99502 ae8291 99498->99502 99499->99503 99500->99502 99504 ae82de 99500->99504 99505 ae8261 99501->99505 99508 ad8ca8 __filbuf 58 API calls 99502->99508 99503->99458 99507 ad8ca8 __filbuf 58 API calls 99504->99507 99505->99490 99505->99492 99512 ae8309 99506->99512 99509 ae82e3 99507->99509 99508->99510 99509->99502 99510->99464 99511 ae84c4 99511->99510 99515 ae8697 CloseHandle 99511->99515 99512->99511 99513 ae1a41 __lseeki64_nolock 60 API calls 99512->99513 99530 ae838a 99512->99530 99514 ae8373 99513->99514 99518 ad8c74 __commit 58 API calls 99514->99518 99514->99530 99516 ae7e7d ___createFile GetModuleHandleW GetProcAddress CreateFileW 99515->99516 99517 ae86be 99516->99517 99520 ae86f2 99517->99520 99521 ae86c6 GetLastError 99517->99521 99518->99530 99519 ae0fdb 70 API calls __read_nolock 99519->99530 99520->99510 99522 ad8c87 __dosmaperr 58 API calls 99521->99522 99523 ae86d2 99522->99523 99526 add5bd __free_osfhnd 59 API calls 99523->99526 99524 ae0c5d __close_nolock 61 API calls 99524->99530 99525 ae83bc 99527 ae9922 __chsize_nolock 82 API calls 99525->99527 99525->99530 99526->99520 99527->99525 99528 adda06 __write 78 API calls 99528->99530 99529 ae8541 99531 ae0c5d __close_nolock 61 API calls 99529->99531 99530->99511 99530->99519 99530->99524 99530->99525 99530->99528 99530->99529 99532 ae1a41 60 API calls __lseeki64_nolock 99530->99532 99533 ae8548 99531->99533 99532->99530 99534 ad8ca8 __filbuf 58 API calls 99533->99534 99534->99510 99535->99455 99536->99460 99537->99460 99539 ab4ce1 99538->99539 99540 ab4d9d LoadLibraryA 99538->99540 99539->99340 99539->99343 99540->99539 99541 ab4dae GetProcAddress 99540->99541 99541->99539 99543 ab5003 FindResourceExW 99542->99543 99545 ab5020 99542->99545 99544 aedc8c LoadResource 99543->99544 99543->99545 99544->99545 99546 aedca1 SizeofResource 99544->99546 99545->99349 99546->99545 99547 aedcb5 LockResource 99546->99547 99547->99545 99549 aedd04 99548->99549 99550 ab5054 99548->99550 99554 ad59bd 99550->99554 99552 ab5062 99552->99358 99553->99349 99556 ad59c9 _fprintf 99554->99556 99555 ad59db 99567 ad8ca8 58 API calls __getptd_noexit 99555->99567 99556->99555 99557 ad5a01 99556->99557 99560 ad6d8e __lock_file 59 API calls 99557->99560 99559 ad59e0 99568 ad8f36 9 API calls __filbuf 99559->99568 99562 ad5a07 99560->99562 99569 ad592e 83 API calls 4 library calls 99562->99569 99564 ad5a16 99570 ad5a38 LeaveCriticalSection LeaveCriticalSection _fprintf 99564->99570 99566 ad59eb _fprintf 99566->99552 99567->99559 99568->99566 99569->99564 99570->99566 99574 ad576d 99571->99574 99573 ab508e 99573->99368 99575 ad5779 _fprintf 99574->99575 99576 ad57bc 99575->99576 99577 ad578f _memset 99575->99577 99578 ad57b4 _fprintf 99575->99578 99579 ad6d8e __lock_file 59 API calls 99576->99579 99601 ad8ca8 58 API calls __getptd_noexit 99577->99601 99578->99573 99581 ad57c2 99579->99581 99587 ad558d 99581->99587 99582 ad57a9 99602 ad8f36 9 API calls __filbuf 99582->99602 99590 ad55a8 _memset 99587->99590 99594 ad55c3 99587->99594 99588 ad55b3 99692 ad8ca8 58 API calls __getptd_noexit 99588->99692 99590->99588 99590->99594 99596 ad5603 99590->99596 99591 ad55b8 99693 ad8f36 9 API calls __filbuf 99591->99693 99603 ad57f6 LeaveCriticalSection LeaveCriticalSection _fprintf 99594->99603 99595 ad5714 _memset 99695 ad8ca8 58 API calls __getptd_noexit 99595->99695 99596->99594 99596->99595 99598 ad4856 __filbuf 58 API calls 99596->99598 99604 ae0fdb 99596->99604 99672 ae0d27 99596->99672 99694 ae0e48 58 API calls 3 library calls 99596->99694 99598->99596 99601->99582 99602->99578 99603->99578 99605 ae0ffc 99604->99605 99606 ae1013 99604->99606 99696 ad8c74 58 API calls __getptd_noexit 99605->99696 99608 ae174b 99606->99608 99612 ae104d 99606->99612 99712 ad8c74 58 API calls __getptd_noexit 99608->99712 99609 ae1001 99697 ad8ca8 58 API calls __getptd_noexit 99609->99697 99614 ae1055 99612->99614 99620 ae106c 99612->99620 99613 ae1750 99713 ad8ca8 58 API calls __getptd_noexit 99613->99713 99698 ad8c74 58 API calls __getptd_noexit 99614->99698 99617 ae1061 99714 ad8f36 9 API calls __filbuf 99617->99714 99618 ae105a 99699 ad8ca8 58 API calls __getptd_noexit 99618->99699 99621 ae1081 99620->99621 99623 ae109b 99620->99623 99625 ae10b9 99620->99625 99652 ae1008 99620->99652 99700 ad8c74 58 API calls __getptd_noexit 99621->99700 99623->99621 99628 ae10a6 99623->99628 99701 ad899d 58 API calls __malloc_crt 99625->99701 99627 ae5deb __flsbuf 58 API calls 99630 ae11ba 99627->99630 99628->99627 99629 ae10c9 99631 ae10ec 99629->99631 99632 ae10d1 99629->99632 99634 ae1233 ReadFile 99630->99634 99639 ae11d0 GetConsoleMode 99630->99639 99704 ae1a41 60 API calls 3 library calls 99631->99704 99702 ad8ca8 58 API calls __getptd_noexit 99632->99702 99637 ae1255 99634->99637 99638 ae1713 GetLastError 99634->99638 99636 ae10d6 99703 ad8c74 58 API calls __getptd_noexit 99636->99703 99637->99638 99645 ae1225 99637->99645 99641 ae1213 99638->99641 99642 ae1720 99638->99642 99643 ae11e4 99639->99643 99644 ae1230 99639->99644 99654 ae1219 99641->99654 99705 ad8c87 58 API calls 3 library calls 99641->99705 99710 ad8ca8 58 API calls __getptd_noexit 99642->99710 99643->99644 99647 ae11ea ReadConsoleW 99643->99647 99644->99634 99645->99654 99656 ae128a 99645->99656 99662 ae14f7 99645->99662 99647->99645 99649 ae120d GetLastError 99647->99649 99648 ae1725 99711 ad8c74 58 API calls __getptd_noexit 99648->99711 99649->99641 99652->99596 99653 ad2ed5 _free 58 API calls 99653->99652 99654->99652 99654->99653 99657 ae12f6 ReadFile 99656->99657 99663 ae1377 99656->99663 99658 ae1317 GetLastError 99657->99658 99664 ae1321 99657->99664 99658->99664 99659 ae1434 99668 ae13e4 MultiByteToWideChar 99659->99668 99708 ae1a41 60 API calls 3 library calls 99659->99708 99660 ae1424 99707 ad8ca8 58 API calls __getptd_noexit 99660->99707 99661 ae15fd ReadFile 99666 ae1620 GetLastError 99661->99666 99671 ae162e 99661->99671 99662->99654 99662->99661 99663->99654 99663->99659 99663->99660 99663->99668 99664->99656 99706 ae1a41 60 API calls 3 library calls 99664->99706 99666->99671 99668->99649 99668->99654 99671->99662 99709 ae1a41 60 API calls 3 library calls 99671->99709 99673 ae0d32 99672->99673 99678 ae0d47 99672->99678 99748 ad8ca8 58 API calls __getptd_noexit 99673->99748 99675 ae0d42 99675->99596 99676 ae0d37 99749 ad8f36 9 API calls __filbuf 99676->99749 99678->99675 99679 ae0d7c 99678->99679 99750 ae6164 58 API calls __malloc_crt 99678->99750 99681 ad4856 __filbuf 58 API calls 99679->99681 99682 ae0d90 99681->99682 99715 ae0ec7 99682->99715 99684 ae0d97 99684->99675 99685 ad4856 __filbuf 58 API calls 99684->99685 99686 ae0dba 99685->99686 99686->99675 99687 ad4856 __filbuf 58 API calls 99686->99687 99688 ae0dc6 99687->99688 99688->99675 99689 ad4856 __filbuf 58 API calls 99688->99689 99690 ae0dd3 99689->99690 99691 ad4856 __filbuf 58 API calls 99690->99691 99691->99675 99692->99591 99693->99594 99694->99596 99695->99591 99696->99609 99697->99652 99698->99618 99699->99617 99700->99618 99701->99629 99702->99636 99703->99652 99704->99628 99705->99654 99706->99664 99707->99654 99708->99668 99709->99671 99710->99648 99711->99654 99712->99613 99713->99617 99714->99652 99716 ae0ed3 _fprintf 99715->99716 99717 ae0ef7 99716->99717 99718 ae0ee0 99716->99718 99720 ae0fbb 99717->99720 99723 ae0f0b 99717->99723 99719 ad8c74 __commit 58 API calls 99718->99719 99722 ae0ee5 99719->99722 99721 ad8c74 __commit 58 API calls 99720->99721 99724 ae0f2e 99721->99724 99725 ad8ca8 __filbuf 58 API calls 99722->99725 99726 ae0f29 99723->99726 99727 ae0f36 99723->99727 99732 ad8ca8 __filbuf 58 API calls 99724->99732 99735 ae0eec _fprintf 99725->99735 99728 ad8c74 __commit 58 API calls 99726->99728 99729 ae0f58 99727->99729 99730 ae0f43 99727->99730 99728->99724 99731 add386 ___lock_fhandle 59 API calls 99729->99731 99733 ad8c74 __commit 58 API calls 99730->99733 99734 ae0f5e 99731->99734 99739 ae0f50 99732->99739 99736 ae0f48 99733->99736 99737 ae0f84 99734->99737 99738 ae0f71 99734->99738 99735->99684 99740 ad8ca8 __filbuf 58 API calls 99736->99740 99743 ad8ca8 __filbuf 58 API calls 99737->99743 99741 ae0fdb __read_nolock 70 API calls 99738->99741 99742 ad8f36 __filbuf 9 API calls 99739->99742 99740->99739 99744 ae0f7d 99741->99744 99742->99735 99745 ae0f89 99743->99745 99747 ae0fb3 __read LeaveCriticalSection 99744->99747 99746 ad8c74 __commit 58 API calls 99745->99746 99746->99744 99747->99735 99748->99676 99749->99675 99750->99679 99754 ad537a GetSystemTimeAsFileTime 99751->99754 99753 b19017 99753->99370 99755 ad53a8 __aulldiv 99754->99755 99755->99753 99757 ad5ddc _fprintf 99756->99757 99758 ad5dee 99757->99758 99759 ad5e03 99757->99759 99770 ad8ca8 58 API calls __getptd_noexit 99758->99770 99760 ad6d8e __lock_file 59 API calls 99759->99760 99762 ad5e09 99760->99762 99772 ad5a40 67 API calls 5 library calls 99762->99772 99763 ad5df3 99771 ad8f36 9 API calls __filbuf 99763->99771 99766 ad5e14 99773 ad5e34 LeaveCriticalSection LeaveCriticalSection _fprintf 99766->99773 99768 ad5e26 99769 ad5dfe _fprintf 99768->99769 99769->99374 99770->99763 99771->99769 99772->99766 99773->99768 99893 ab7b76 59 API calls 99892->99893 99909 ab63c5 99893->99909 99894 ab65ca 99920 ab766f 59 API calls 2 library calls 99894->99920 99896 ab65e4 Mailbox 99896->98910 99899 aee34f 99923 b0fbdb 91 API calls 4 library calls 99899->99923 99900 ab68f9 99900->99896 99925 b0fbdb 91 API calls 4 library calls 99900->99925 99902 ab766f 59 API calls 99902->99909 99905 ab7eec 59 API calls 99905->99909 99906 aee35d 99924 ab766f 59 API calls 2 library calls 99906->99924 99908 aee373 99908->99896 99909->99894 99909->99899 99909->99900 99909->99902 99909->99905 99910 aee2eb 99909->99910 99914 ab7faf 59 API calls 99909->99914 99917 aee31b _memmove 99909->99917 99918 ab60cc 60 API calls 99909->99918 99919 ab5ea1 59 API calls Mailbox 99909->99919 99921 ab5fd2 60 API calls 99909->99921 99922 ab7a84 59 API calls 2 library calls 99909->99922 99911 ab8189 59 API calls 99910->99911 99912 aee2f6 99911->99912 99916 ad0f36 Mailbox 59 API calls 99912->99916 99915 ab659b CharUpperBuffW 99914->99915 99915->99909 99916->99917 99917->99899 99917->99900 99918->99909 99919->99909 99920->99896 99921->99909 99922->99909 99923->99906 99924->99908 99925->99896 99926 ab9af6 99927 ad0f36 Mailbox 59 API calls 99926->99927 99928 ab9afd 99927->99928 99929 ab1016 99934 ab4ad2 99929->99934 99932 ad2ec0 __cinit 67 API calls 99933 ab1025 99932->99933 99935 ad0f36 Mailbox 59 API calls 99934->99935 99936 ab4ada 99935->99936 99937 ab101b 99936->99937 99941 ab4a94 99936->99941 99937->99932 99942 ab4a9d 99941->99942 99943 ab4aaf 99941->99943 99944 ad2ec0 __cinit 67 API calls 99942->99944 99945 ab4afe 99943->99945 99944->99943 99946 ab77c7 59 API calls 99945->99946 99947 ab4b16 GetVersionExW 99946->99947 99948 ab7d2c 59 API calls 99947->99948 99949 ab4b59 99948->99949 99950 ab7e8c 59 API calls 99949->99950 99953 ab4b86 99949->99953 99951 ab4b7a 99950->99951 99952 ab7886 59 API calls 99951->99952 99952->99953 99954 aedbbd 99953->99954 99955 ab4bf1 GetCurrentProcess IsWow64Process 99953->99955 99956 ab4c0a 99955->99956 99957 ab4c89 GetSystemInfo 99956->99957 99958 ab4c20 99956->99958 99959 ab4c56 99957->99959 99969 ab4c95 99958->99969 99959->99937 99962 ab4c7d GetSystemInfo 99964 ab4c47 99962->99964 99963 ab4c32 99965 ab4c95 2 API calls 99963->99965 99964->99959 99967 ab4c4d FreeLibrary 99964->99967 99966 ab4c3a GetNativeSystemInfo 99965->99966 99966->99964 99967->99959 99970 ab4c2e 99969->99970 99971 ab4c9e LoadLibraryA 99969->99971 99970->99962 99970->99963 99971->99970 99972 ab4caf GetProcAddress 99971->99972 99972->99970 99973 ab1055 99978 ab2649 99973->99978 99976 ad2ec0 __cinit 67 API calls 99977 ab1064 99976->99977 99979 ab77c7 59 API calls 99978->99979 99980 ab26b7 99979->99980 99985 ab3582 99980->99985 99982 ab2754 99984 ab105a 99982->99984 99988 ab3416 59 API calls 2 library calls 99982->99988 99984->99976 99989 ab35b0 99985->99989 99988->99982 99990 ab35a1 99989->99990 99991 ab35bd 99989->99991 99990->99982 99991->99990 99992 ab35c4 RegOpenKeyExW 99991->99992 99992->99990 99993 ab35de RegQueryValueExW 99992->99993 99994 ab35ff 99993->99994 99995 ab3614 RegCloseKey 99993->99995 99994->99995 99995->99990 99996 ad7dd3 99997 ad7ddf _fprintf 99996->99997 100033 ad9f88 GetStartupInfoW 99997->100033 100000 ad7de4 100035 ad8cfc GetProcessHeap 100000->100035 100001 ad7e3c 100002 ad7e47 100001->100002 100117 ad7f23 58 API calls 3 library calls 100001->100117 100036 ad9c66 100002->100036 100005 ad7e4d 100006 ad7e58 __RTC_Initialize 100005->100006 100118 ad7f23 58 API calls 3 library calls 100005->100118 100056 add752 100006->100056 100009 ad7e67 100010 ad7e73 GetCommandLineW 100009->100010 100119 ad7f23 58 API calls 3 library calls 100009->100119 100075 ae50a3 GetEnvironmentStringsW 100010->100075 100013 ad7e72 100013->100010 100016 ad7e8d 100017 ad7e98 100016->100017 100120 ad3235 58 API calls 3 library calls 100016->100120 100085 ae4ed8 100017->100085 100020 ad7e9e 100021 ad7ea9 100020->100021 100121 ad3235 58 API calls 3 library calls 100020->100121 100099 ad326f 100021->100099 100024 ad7eb1 100025 ad7ebc __wwincmdln 100024->100025 100122 ad3235 58 API calls 3 library calls 100024->100122 100105 ab492e 100025->100105 100028 ad7ed0 100029 ad7edf 100028->100029 100123 ad34d8 58 API calls _doexit 100028->100123 100124 ad3260 58 API calls _doexit 100029->100124 100032 ad7ee4 _fprintf 100034 ad9f9e 100033->100034 100034->100000 100035->100001 100037 ad9c6b 100036->100037 100125 ad9ebc InitializeCriticalSectionAndSpinCount __mtinitlocknum 100037->100125 100039 ad9c70 100040 ad9c74 100039->100040 100127 ad9f0a TlsAlloc 100039->100127 100126 ad9cdc 61 API calls 2 library calls 100040->100126 100043 ad9c79 100043->100005 100044 ad9c86 100044->100040 100045 ad9c91 100044->100045 100128 ad8955 100045->100128 100048 ad9cd3 100136 ad9cdc 61 API calls 2 library calls 100048->100136 100051 ad9cd8 100051->100005 100052 ad9cb2 100052->100048 100053 ad9cb8 100052->100053 100135 ad9bb3 58 API calls 4 library calls 100053->100135 100055 ad9cc0 GetCurrentThreadId 100055->100005 100057 add75e _fprintf 100056->100057 100058 ad9d8b __lock 58 API calls 100057->100058 100059 add765 100058->100059 100060 ad8955 __calloc_crt 58 API calls 100059->100060 100062 add776 100060->100062 100061 add7e1 GetStartupInfoW 100069 add7f6 100061->100069 100072 add925 100061->100072 100062->100061 100063 add781 @_EH4_CallFilterFunc@8 _fprintf 100062->100063 100063->100009 100064 add9ed 100150 add9fd LeaveCriticalSection _doexit 100064->100150 100066 ad8955 __calloc_crt 58 API calls 100066->100069 100067 add972 GetStdHandle 100067->100072 100068 add985 GetFileType 100068->100072 100069->100066 100071 add844 100069->100071 100069->100072 100070 add878 GetFileType 100070->100071 100071->100070 100071->100072 100148 ad9fab InitializeCriticalSectionAndSpinCount 100071->100148 100072->100064 100072->100067 100072->100068 100149 ad9fab InitializeCriticalSectionAndSpinCount 100072->100149 100076 ad7e83 100075->100076 100077 ae50b4 100075->100077 100081 ae4c9b GetModuleFileNameW 100076->100081 100151 ad899d 58 API calls __malloc_crt 100077->100151 100079 ae50f0 FreeEnvironmentStringsW 100079->100076 100080 ae50da _memmove 100080->100079 100082 ae4ccf _wparse_cmdline 100081->100082 100084 ae4d0f _wparse_cmdline 100082->100084 100152 ad899d 58 API calls __malloc_crt 100082->100152 100084->100016 100086 ae4ef1 __NMSG_WRITE 100085->100086 100087 ae4ee9 100085->100087 100088 ad8955 __calloc_crt 58 API calls 100086->100088 100087->100020 100095 ae4f1a __NMSG_WRITE 100088->100095 100089 ae4f71 100090 ad2ed5 _free 58 API calls 100089->100090 100090->100087 100091 ad8955 __calloc_crt 58 API calls 100091->100095 100092 ae4f96 100093 ad2ed5 _free 58 API calls 100092->100093 100093->100087 100095->100087 100095->100089 100095->100091 100095->100092 100096 ae4fad 100095->100096 100153 ae4787 58 API calls __filbuf 100095->100153 100154 ad8f46 IsProcessorFeaturePresent 100096->100154 100101 ad327b __IsNonwritableInCurrentImage 100099->100101 100169 ada651 100101->100169 100102 ad3299 __initterm_e 100103 ad2ec0 __cinit 67 API calls 100102->100103 100104 ad32b8 _doexit __IsNonwritableInCurrentImage 100102->100104 100103->100104 100104->100024 100106 ab49e7 100105->100106 100107 ab4948 100105->100107 100106->100028 100108 ab4982 IsThemeActive 100107->100108 100172 ad34ec 100108->100172 100112 ab49ae 100184 ab4a5b SystemParametersInfoW SystemParametersInfoW 100112->100184 100114 ab49ba 100185 ab3b4c 100114->100185 100117->100002 100118->100006 100119->100013 100123->100029 100124->100032 100125->100039 100126->100043 100127->100044 100129 ad895c 100128->100129 100131 ad8997 100129->100131 100133 ad897a 100129->100133 100137 ae5376 100129->100137 100131->100048 100134 ad9f66 TlsSetValue 100131->100134 100133->100129 100133->100131 100145 ada2b2 Sleep 100133->100145 100134->100052 100135->100055 100136->100051 100138 ae5381 100137->100138 100143 ae539c 100137->100143 100139 ae538d 100138->100139 100138->100143 100146 ad8ca8 58 API calls __getptd_noexit 100139->100146 100141 ae53ac HeapAlloc 100142 ae5392 100141->100142 100141->100143 100142->100129 100143->100141 100143->100142 100147 ad3521 DecodePointer 100143->100147 100145->100133 100146->100142 100147->100143 100148->100071 100149->100072 100150->100063 100151->100080 100152->100084 100153->100095 100155 ad8f51 100154->100155 100160 ad8dd9 100155->100160 100159 ad8f6c 100159->100020 100161 ad8df3 _memset ___raise_securityfailure 100160->100161 100162 ad8e13 IsDebuggerPresent 100161->100162 100168 ada2d5 SetUnhandledExceptionFilter UnhandledExceptionFilter 100162->100168 100164 adc776 __NMSG_WRITE 6 API calls 100166 ad8efa 100164->100166 100165 ad8ed7 ___raise_securityfailure 100165->100164 100167 ada2c0 GetCurrentProcess TerminateProcess 100166->100167 100167->100159 100168->100165 100170 ada654 EncodePointer 100169->100170 100170->100170 100171 ada66e 100170->100171 100171->100102 100173 ad9d8b __lock 58 API calls 100172->100173 100174 ad34f7 DecodePointer EncodePointer 100173->100174 100237 ad9ef5 LeaveCriticalSection 100174->100237 100176 ab49a7 100177 ad3554 100176->100177 100178 ad355e 100177->100178 100179 ad3578 100177->100179 100178->100179 100238 ad8ca8 58 API calls __getptd_noexit 100178->100238 100179->100112 100181 ad3568 100239 ad8f36 9 API calls __filbuf 100181->100239 100183 ad3573 100183->100112 100184->100114 100186 ab3b59 __ftell_nolock 100185->100186 100187 ab77c7 59 API calls 100186->100187 100188 ab3b63 GetCurrentDirectoryW 100187->100188 100240 ab3778 100188->100240 100237->100176 100238->100181 100239->100183 100241 ab77c7 59 API calls 100240->100241 100242 ab378e 100241->100242 100441 ab3d43 100242->100441 100244 ab37ac 100245 ab4864 61 API calls 100244->100245 100246 ab37c0 100245->100246 100247 ab7f41 59 API calls 100246->100247 100248 ab37cd 100247->100248 100249 ab4f3d 136 API calls 100248->100249 100250 ab37e6 100249->100250 100251 aed2de 100250->100251 100252 ab37ee Mailbox 100250->100252 100483 b19604 100251->100483 100255 ab81a7 59 API calls 100252->100255 100258 ab3801 100255->100258 100256 aed2fd 100257 ad2ed5 _free 58 API calls 100256->100257 100260 aed30a 100257->100260 100455 ab93ea 100258->100455 100259 ab4faa 84 API calls 100259->100256 100262 ab4faa 84 API calls 100260->100262 100264 aed313 100262->100264 100265 ab7f41 59 API calls 100266 ab381a 100265->100266 100267 ab8620 69 API calls 100266->100267 100269 ab382c Mailbox 100267->100269 100271 ab7f41 59 API calls 100269->100271 100273 ab3852 100271->100273 100275 ab8620 69 API calls 100273->100275 100442 ab3d50 __ftell_nolock 100441->100442 100443 ab7d2c 59 API calls 100442->100443 100448 ab3eb6 Mailbox 100442->100448 100444 ab3d82 100443->100444 100445 ab7b52 59 API calls 100444->100445 100453 ab3db8 Mailbox 100444->100453 100445->100444 100446 ab3e89 100447 ab7f41 59 API calls 100446->100447 100446->100448 100450 ab3eaa 100447->100450 100448->100244 100449 ab7f41 59 API calls 100449->100453 100451 ab3f84 59 API calls 100450->100451 100451->100448 100452 ab3f84 59 API calls 100452->100453 100453->100446 100453->100448 100453->100449 100453->100452 100454 ab7b52 59 API calls 100453->100454 100454->100453 100456 ad0f36 Mailbox 59 API calls 100455->100456 100457 ab380d 100456->100457 100457->100265 100484 ab5045 85 API calls 100483->100484 100485 b19673 100484->100485 100486 b197dd 96 API calls 100485->100486 100487 b19685 100486->100487 100488 ab506b 74 API calls 100487->100488 100516 aed2f1 100487->100516 100489 b196a0 100488->100489 100490 ab506b 74 API calls 100489->100490 100491 b196b0 100490->100491 100492 ab506b 74 API calls 100491->100492 100493 b196cb 100492->100493 100516->100256 100516->100259

            Control-flow Graph

            APIs
            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AB3B7A
            • IsDebuggerPresent.KERNEL32 ref: 00AB3B8C
            • GetFullPathNameW.KERNEL32(00007FFF,?,?,00B752F8,00B752E0,?,?), ref: 00AB3BFD
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
              • Part of subcall function 00AC0A8D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00AB3C26,00B752F8,?,?,?), ref: 00AC0ACE
            • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB3C81
            • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,00B67770,00000010), ref: 00AED3EC
            • SetCurrentDirectoryW.KERNEL32(?,00B752F8,?,?,?), ref: 00AED424
            • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00B64260,00B752F8,?,?,?), ref: 00AED4AA
            • ShellExecuteW.SHELL32(00000000,?,?), ref: 00AED4B1
              • Part of subcall function 00AB3A58: GetSysColorBrush.USER32(0000000F), ref: 00AB3A62
              • Part of subcall function 00AB3A58: LoadCursorW.USER32(00000000,00007F00), ref: 00AB3A71
              • Part of subcall function 00AB3A58: LoadIconW.USER32(00000063), ref: 00AB3A88
              • Part of subcall function 00AB3A58: LoadIconW.USER32(000000A4), ref: 00AB3A9A
              • Part of subcall function 00AB3A58: LoadIconW.USER32(000000A2), ref: 00AB3AAC
              • Part of subcall function 00AB3A58: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00AB3AD2
              • Part of subcall function 00AB3A58: RegisterClassExW.USER32(?), ref: 00AB3B28
              • Part of subcall function 00AB39E7: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00AB3A15
              • Part of subcall function 00AB39E7: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00AB3A36
              • Part of subcall function 00AB39E7: ShowWindow.USER32(00000000,?,?), ref: 00AB3A4A
              • Part of subcall function 00AB39E7: ShowWindow.USER32(00000000,?,?), ref: 00AB3A53
              • Part of subcall function 00AB43DB: _memset.LIBCMT ref: 00AB4401
              • Part of subcall function 00AB43DB: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AB44A6
            Strings
            • runas, xrefs: 00AED4A5
            • This is a third-party compiled AutoIt script., xrefs: 00AED3E4
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
            • String ID: This is a third-party compiled AutoIt script.$runas
            • API String ID: 529118366-3287110873
            • Opcode ID: 863763156a910cce816cb06b99cd4063776e777ec1e75d9a98e0c5640d495701
            • Instruction ID: a9618fd3a8f6b2a9d3caa3767a17cc03a2e4e982ada87b112c446bffdebd1187
            • Opcode Fuzzy Hash: 863763156a910cce816cb06b99cd4063776e777ec1e75d9a98e0c5640d495701
            • Instruction Fuzzy Hash: A351C332D04649AECF21EBB4DD05AFD7BBCAF45340B1041A9F465B71A3DEB05A85CB21

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 996 ab4afe-ab4b5e call ab77c7 GetVersionExW call ab7d2c 1001 ab4c69-ab4c6b 996->1001 1002 ab4b64 996->1002 1003 aedac0-aedacc 1001->1003 1004 ab4b67-ab4b6c 1002->1004 1005 aedacd-aedad1 1003->1005 1006 ab4b72 1004->1006 1007 ab4c70-ab4c71 1004->1007 1009 aedad4-aedae0 1005->1009 1010 aedad3 1005->1010 1008 ab4b73-ab4baa call ab7e8c call ab7886 1006->1008 1007->1008 1018 aedbbd-aedbc0 1008->1018 1019 ab4bb0-ab4bb1 1008->1019 1009->1005 1012 aedae2-aedae7 1009->1012 1010->1009 1012->1004 1014 aedaed-aedaf4 1012->1014 1014->1003 1016 aedaf6 1014->1016 1020 aedafb-aedafe 1016->1020 1021 aedbd9-aedbdd 1018->1021 1022 aedbc2 1018->1022 1019->1020 1023 ab4bb7-ab4bc2 1019->1023 1024 ab4bf1-ab4c08 GetCurrentProcess IsWow64Process 1020->1024 1025 aedb04-aedb22 1020->1025 1026 aedbdf-aedbe8 1021->1026 1027 aedbc8-aedbd1 1021->1027 1030 aedbc5 1022->1030 1031 ab4bc8-ab4bca 1023->1031 1032 aedb43-aedb49 1023->1032 1028 ab4c0a 1024->1028 1029 ab4c0d-ab4c1e 1024->1029 1025->1024 1033 aedb28-aedb2e 1025->1033 1026->1030 1040 aedbea-aedbed 1026->1040 1027->1021 1028->1029 1041 ab4c89-ab4c93 GetSystemInfo 1029->1041 1042 ab4c20-ab4c30 call ab4c95 1029->1042 1030->1027 1034 aedb5e-aedb6a 1031->1034 1035 ab4bd0-ab4bd3 1031->1035 1038 aedb4b-aedb4e 1032->1038 1039 aedb53-aedb59 1032->1039 1036 aedb38-aedb3e 1033->1036 1037 aedb30-aedb33 1033->1037 1046 aedb6c-aedb6f 1034->1046 1047 aedb74-aedb7a 1034->1047 1043 ab4bd9-ab4be8 1035->1043 1044 aedb8a-aedb8d 1035->1044 1036->1024 1037->1024 1038->1024 1039->1024 1040->1027 1045 ab4c56-ab4c66 1041->1045 1053 ab4c7d-ab4c87 GetSystemInfo 1042->1053 1054 ab4c32-ab4c3f call ab4c95 1042->1054 1049 aedb7f-aedb85 1043->1049 1050 ab4bee 1043->1050 1044->1024 1052 aedb93-aedba8 1044->1052 1046->1024 1047->1024 1049->1024 1050->1024 1055 aedbaa-aedbad 1052->1055 1056 aedbb2-aedbb8 1052->1056 1057 ab4c47-ab4c4b 1053->1057 1061 ab4c41-ab4c45 GetNativeSystemInfo 1054->1061 1062 ab4c76-ab4c7b 1054->1062 1055->1024 1056->1024 1057->1045 1060 ab4c4d-ab4c50 FreeLibrary 1057->1060 1060->1045 1061->1057 1062->1061
            APIs
            • GetVersionExW.KERNEL32(?), ref: 00AB4B2B
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
            • GetCurrentProcess.KERNEL32(?,00B3FAEC,00000000,00000000,?), ref: 00AB4BF8
            • IsWow64Process.KERNEL32(00000000), ref: 00AB4BFF
            • GetNativeSystemInfo.KERNELBASE(00000000), ref: 00AB4C45
            • FreeLibrary.KERNEL32(00000000), ref: 00AB4C50
            • GetSystemInfo.KERNEL32(00000000), ref: 00AB4C81
            • GetSystemInfo.KERNEL32(00000000), ref: 00AB4C8D
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
            • String ID:
            • API String ID: 1986165174-0
            • Opcode ID: b5f1a7fa35f9005817ed1b5f80e9d558be794f05ae327a591e7cb52dda606cd7
            • Instruction ID: 44957077f40aba17f10f31eac18c5743ae7b72dc3ac160089cbd686dce0a210c
            • Opcode Fuzzy Hash: b5f1a7fa35f9005817ed1b5f80e9d558be794f05ae327a591e7cb52dda606cd7
            • Instruction Fuzzy Hash: A391C43154ABC0DEC731CB6895511EAFFF8AF2A300B584A9DD0CB93A43D630E948D759

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1063 ab4fe9-ab5001 CreateStreamOnHGlobal 1064 ab5003-ab501a FindResourceExW 1063->1064 1065 ab5021-ab5026 1063->1065 1066 aedc8c-aedc9b LoadResource 1064->1066 1067 ab5020 1064->1067 1066->1067 1068 aedca1-aedcaf SizeofResource 1066->1068 1067->1065 1068->1067 1069 aedcb5-aedcc0 LockResource 1068->1069 1069->1067 1070 aedcc6-aedcce 1069->1070 1071 aedcd2-aedce4 1070->1071 1071->1067
            APIs
            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00AB4EEE,?,?,00000000,00000000), ref: 00AB4FF9
            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00AB4EEE,?,?,00000000,00000000), ref: 00AB5010
            • LoadResource.KERNEL32(?,00000000,?,?,00AB4EEE,?,?,00000000,00000000,?,?,?,?,?,?,00AB4F8F), ref: 00AEDC90
            • SizeofResource.KERNEL32(?,00000000,?,?,00AB4EEE,?,?,00000000,00000000,?,?,?,?,?,?,00AB4F8F), ref: 00AEDCA5
            • LockResource.KERNEL32(00AB4EEE,?,?,00AB4EEE,?,?,00000000,00000000,?,?,?,?,?,?,00AB4F8F,00000000), ref: 00AEDCB8
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
            • String ID: SCRIPT
            • API String ID: 3051347437-3967369404
            • Opcode ID: e6c4cde888b18b45ed7e64dbd9a4196e352f99485c42a866a6ed5a127fb695c7
            • Instruction ID: 44633ce840fb17f36ab7448af2671721b167706cf2c515a1e7009cc592bc977a
            • Opcode Fuzzy Hash: e6c4cde888b18b45ed7e64dbd9a4196e352f99485c42a866a6ed5a127fb695c7
            • Instruction Fuzzy Hash: 15112A75A40701AFD7219B65DC58F6B7BBDEBC9B51F204169F40697260DB62E8008660
            APIs
            • GetFileAttributesW.KERNELBASE(?,00AEE6F1), ref: 00B144AB
            • FindFirstFileW.KERNELBASE(?,?), ref: 00B144BC
            • FindClose.KERNEL32(00000000), ref: 00B144CC
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FileFind$AttributesCloseFirst
            • String ID:
            • API String ID: 48322524-0
            • Opcode ID: 0f21a9d77a830b9acfaedfe4924278f9bf3de4750db9972ee807164a07412a8e
            • Instruction ID: b06cb05c01ff3f7cd562671b79a7a94499b734e6a736446bc3b4d65ecdb126ec
            • Opcode Fuzzy Hash: 0f21a9d77a830b9acfaedfe4924278f9bf3de4750db9972ee807164a07412a8e
            • Instruction Fuzzy Hash: 7DE0DF32C10802AB9210AB38EC4D8FE779CEE15335F600766F939C32E0EF7499908696
            Strings
            • Variable must be of type 'Object'., xrefs: 00AF41BB
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID: Variable must be of type 'Object'.
            • API String ID: 0-109567571
            • Opcode ID: f4af1c4a3490ac53f1e095302d8e109bfcc74dbf94928817930e0ecdbfe295cd
            • Instruction ID: d8277083357e958bb083a8218574321865ad0ba5a57df80f460778f90fc05628
            • Opcode Fuzzy Hash: f4af1c4a3490ac53f1e095302d8e109bfcc74dbf94928817930e0ecdbfe295cd
            • Instruction Fuzzy Hash: E3A26E75A00205CFCB24CF98C880AEEB7B9FF58310F648559E916AB352D775ED86CB90
            APIs
            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AC0BBB
            • timeGetTime.WINMM ref: 00AC0E76
            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AC0FB3
            • Sleep.KERNEL32(0000000A), ref: 00AC0FC1
            • LockWindowUpdate.USER32(00000000,?,?), ref: 00AC105A
            • DestroyWindow.USER32 ref: 00AC1066
            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00AC1080
            • Sleep.KERNEL32(0000000A,?,?), ref: 00AF51DC
            • TranslateMessage.USER32(?), ref: 00AF5FB9
            • DispatchMessageW.USER32(?), ref: 00AF5FC7
            • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00AF5FDB
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Message$PeekSleepWindow$DestroyDispatchLockTimeTranslateUpdatetime
            • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
            • API String ID: 4212290369-3242690629
            • Opcode ID: e863189521941f210fcee79bbabe61261b978852b52e3c23cb065872745a8d8f
            • Instruction ID: cfc75288cce0d487e656373611180fa1f2463e54bd67e926dfc417514183f0a0
            • Opcode Fuzzy Hash: e863189521941f210fcee79bbabe61261b978852b52e3c23cb065872745a8d8f
            • Instruction Fuzzy Hash: C7B2BF70A08741DFD724DF64C884FAAB7E5BF84304F14495DF69A972A2DB70E885CB82

            Control-flow Graph

            APIs
              • Part of subcall function 00B19008: __time64.LIBCMT ref: 00B19012
              • Part of subcall function 00AB5045: _fseek.LIBCMT ref: 00AB505D
            • __wsplitpath.LIBCMT ref: 00B192DD
              • Part of subcall function 00AD426E: __wsplitpath_helper.LIBCMT ref: 00AD42AE
            • _wcscpy.LIBCMT ref: 00B192F0
            • _wcscat.LIBCMT ref: 00B19303
            • __wsplitpath.LIBCMT ref: 00B19328
            • _wcscat.LIBCMT ref: 00B1933E
            • _wcscat.LIBCMT ref: 00B19351
              • Part of subcall function 00B1904E: _memmove.LIBCMT ref: 00B19087
              • Part of subcall function 00B1904E: _memmove.LIBCMT ref: 00B19096
            • _wcscmp.LIBCMT ref: 00B19298
              • Part of subcall function 00B197DD: _wcscmp.LIBCMT ref: 00B198CD
              • Part of subcall function 00B197DD: _wcscmp.LIBCMT ref: 00B198E0
            • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00B194FB
            • _wcsncpy.LIBCMT ref: 00B1956E
            • DeleteFileW.KERNEL32(?,?), ref: 00B195A4
            • CopyFileW.KERNELBASE(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00B195BA
            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B195CB
            • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B195DD
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
            • String ID:
            • API String ID: 1500180987-0
            • Opcode ID: 20f9ad4fba0cc822adc330dfd7249c78ed14f8f4d3eb1f43872a3607c6f55d3b
            • Instruction ID: 54e54c6491f49f42d9d3879729398bd717a552562c278ceda86976232f96c8f3
            • Opcode Fuzzy Hash: 20f9ad4fba0cc822adc330dfd7249c78ed14f8f4d3eb1f43872a3607c6f55d3b
            • Instruction Fuzzy Hash: A4C14BB1D00219AACF21DFA5CD95EDEBBBDEF58310F4040A6F609E7251DB309A848F65

            Control-flow Graph

            APIs
            • GetSysColorBrush.USER32(0000000F), ref: 00AB3074
            • RegisterClassExW.USER32(00000030), ref: 00AB309E
            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AB30AF
            • InitCommonControlsEx.COMCTL32(?), ref: 00AB30CC
            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AB30DC
            • LoadIconW.USER32(000000A9), ref: 00AB30F2
            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AB3101
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
            • API String ID: 2914291525-1005189915
            • Opcode ID: 1a4830554d0d2688f77beab7864c2ac28d8e96b6e6796152ab10b1bea5759ab0
            • Instruction ID: 7375755ecdcfa10a0c657bc2c533a10c38e0bd0b5a8c4c7c262f3f9730830c56
            • Opcode Fuzzy Hash: 1a4830554d0d2688f77beab7864c2ac28d8e96b6e6796152ab10b1bea5759ab0
            • Instruction Fuzzy Hash: C131D6B1D4030AAFDB508FA4D885ADDBBF4FB08310F24452AE594A72A1DBB54585CF91

            Control-flow Graph

            APIs
            • GetSysColorBrush.USER32(0000000F), ref: 00AB3074
            • RegisterClassExW.USER32(00000030), ref: 00AB309E
            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AB30AF
            • InitCommonControlsEx.COMCTL32(?), ref: 00AB30CC
            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AB30DC
            • LoadIconW.USER32(000000A9), ref: 00AB30F2
            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AB3101
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
            • API String ID: 2914291525-1005189915
            • Opcode ID: 30aad246f11a8859c6861a86199f61558535941a3b06f6a4719c6fd5dbbee15b
            • Instruction ID: c224e882fe36bc8b8fb3519fe4ee8677c8c7ca23e6d2db2fed803640619c22f0
            • Opcode Fuzzy Hash: 30aad246f11a8859c6861a86199f61558535941a3b06f6a4719c6fd5dbbee15b
            • Instruction Fuzzy Hash: 6E21C5B1D01219EFDB10DFA4E989BEDBBF4FB08700F10412AF515A72A0DBB145848FA1

            Control-flow Graph

            APIs
              • Part of subcall function 00AB4864: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00B752F8,?,00AB37C0,?), ref: 00AB4882
              • Part of subcall function 00AD068B: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,00AB72C5), ref: 00AD06AD
            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00AB7308
            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00AEEC21
            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00AEEC62
            • RegCloseKey.ADVAPI32(?), ref: 00AEECA0
            • _wcscat.LIBCMT ref: 00AEECF9
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
            • API String ID: 2673923337-2727554177
            • Opcode ID: 13976fbab9b81401e201100d5db6c186e4b45331652ec55f1ff71911ce46d72b
            • Instruction ID: 340c1859a7821e3fe6889b5602e015e2f981fd0d0d982754c34bd5e76fb326cb
            • Opcode Fuzzy Hash: 13976fbab9b81401e201100d5db6c186e4b45331652ec55f1ff71911ce46d72b
            • Instruction Fuzzy Hash: 1D716A715097019EC344EF25DD819ABBBE8FF98340F50492EF449972B2EF709988CB91

            Control-flow Graph

            APIs
            • GetSysColorBrush.USER32(0000000F), ref: 00AB3A62
            • LoadCursorW.USER32(00000000,00007F00), ref: 00AB3A71
            • LoadIconW.USER32(00000063), ref: 00AB3A88
            • LoadIconW.USER32(000000A4), ref: 00AB3A9A
            • LoadIconW.USER32(000000A2), ref: 00AB3AAC
            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00AB3AD2
            • RegisterClassExW.USER32(?), ref: 00AB3B28
              • Part of subcall function 00AB3041: GetSysColorBrush.USER32(0000000F), ref: 00AB3074
              • Part of subcall function 00AB3041: RegisterClassExW.USER32(00000030), ref: 00AB309E
              • Part of subcall function 00AB3041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AB30AF
              • Part of subcall function 00AB3041: InitCommonControlsEx.COMCTL32(?), ref: 00AB30CC
              • Part of subcall function 00AB3041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AB30DC
              • Part of subcall function 00AB3041: LoadIconW.USER32(000000A9), ref: 00AB30F2
              • Part of subcall function 00AB3041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AB3101
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
            • String ID: #$0$AutoIt v3
            • API String ID: 423443420-4155596026
            • Opcode ID: cdf9e8371a1987770befc1c9ec461c2ff5f1b495bd3b9e2998ea3ac61533b05c
            • Instruction ID: cd3e484018d4e40c3afdccc153e9b738ed25c290c700d1f0db7f44ef8e549e98
            • Opcode Fuzzy Hash: cdf9e8371a1987770befc1c9ec461c2ff5f1b495bd3b9e2998ea3ac61533b05c
            • Instruction Fuzzy Hash: FD212D71D00305EFEB20DFA4ED09B9D7BB5FB08711F10051AE608A72E2DBB55A909F94

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 767 ab3633-ab3681 769 ab3683-ab3686 767->769 770 ab36e1-ab36e3 767->770 772 ab3688-ab368f 769->772 773 ab36e7 769->773 770->769 771 ab36e5 770->771 774 ab36ca-ab36d2 DefWindowProcW 771->774 777 ab375d-ab3765 PostQuitMessage 772->777 778 ab3695-ab369a 772->778 775 aed24c-aed27a call ac11d0 call ac11f3 773->775 776 ab36ed-ab36f0 773->776 784 ab36d8-ab36de 774->784 814 aed27f-aed286 775->814 779 ab36f2-ab36f3 776->779 780 ab3715-ab373c SetTimer RegisterWindowMessageW 776->780 785 ab3711-ab3713 777->785 781 aed2bf-aed2d3 call b1281f 778->781 782 ab36a0-ab36a2 778->782 786 aed1ef-aed1f2 779->786 787 ab36f9-ab370c KillTimer call ab44cb call ab3114 779->787 780->785 788 ab373e-ab3749 CreatePopupMenu 780->788 781->785 808 aed2d9 781->808 789 ab36a8-ab36ad 782->789 790 ab3767-ab3776 call ab4531 782->790 785->784 794 aed228-aed247 MoveWindow 786->794 795 aed1f4-aed1f6 786->795 787->785 788->785 797 ab36b3-ab36b8 789->797 798 aed2a4-aed2ab 789->798 790->785 794->785 802 aed1f8-aed1fb 795->802 803 aed217-aed223 SetFocus 795->803 806 ab374b-ab375b call ab45df 797->806 807 ab36be-ab36c4 797->807 798->774 805 aed2b1-aed2ba call b07f5e 798->805 802->807 810 aed201-aed212 call ac11d0 802->810 803->785 805->774 806->785 807->774 807->814 808->774 810->785 814->774 815 aed28c-aed29f call ab44cb call ab43db 814->815 815->774
            APIs
            • DefWindowProcW.USER32(?,?,?,?), ref: 00AB36D2
            • KillTimer.USER32(?,00000001), ref: 00AB36FC
            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AB371F
            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AB372A
            • CreatePopupMenu.USER32 ref: 00AB373E
            • PostQuitMessage.USER32(00000000), ref: 00AB375F
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
            • String ID: TaskbarCreated
            • API String ID: 129472671-2362178303
            • Opcode ID: f1d0d4827064fb4ee7a75d96f4f48c9c7b6a07940da3d6f2e7487d1bc1737127
            • Instruction ID: 9822f52b45ebe5db5e1f1b231cbdcb11a81eaaa7ed4cd06c4abd2e5e8d2c3932
            • Opcode Fuzzy Hash: f1d0d4827064fb4ee7a75d96f4f48c9c7b6a07940da3d6f2e7487d1bc1737127
            • Instruction Fuzzy Hash: A8412BB3214945BBDF249F68DD09BFA37ADEB04300F140129FA06D72A3DEA1DE909761

            Control-flow Graph

            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
            • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW
            • API String ID: 1825951767-3513169116
            • Opcode ID: ac11ee2e642e054a8d9732c43e2b0ee0ee205bf35e8e77bbc12ec7f80941d992
            • Instruction ID: 25e0668cb1a6488658ecea5d5a845ba62827865965cbd5d7f9f757845d8388a2
            • Opcode Fuzzy Hash: ac11ee2e642e054a8d9732c43e2b0ee0ee205bf35e8e77bbc12ec7f80941d992
            • Instruction Fuzzy Hash: 0EA14C72C102299ADF14EFA4DD95AEEB7BCBF14300F50052AE416B7193DF749A49CB60

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 942 d18fd0-d1907e call d16a00 945 d19085-d190ab call d19ee0 CreateFileW 942->945 948 d190b2-d190c2 945->948 949 d190ad 945->949 956 d190c4 948->956 957 d190c9-d190e3 VirtualAlloc 948->957 950 d191fd-d19201 949->950 951 d19243-d19246 950->951 952 d19203-d19207 950->952 958 d19249-d19250 951->958 954 d19213-d19217 952->954 955 d19209-d1920c 952->955 961 d19227-d1922b 954->961 962 d19219-d19223 954->962 955->954 956->950 963 d190e5 957->963 964 d190ea-d19101 ReadFile 957->964 959 d19252-d1925d 958->959 960 d192a5-d192ba 958->960 965 d19261-d1926d 959->965 966 d1925f 959->966 967 d192ca-d192d2 960->967 968 d192bc-d192c7 VirtualFree 960->968 969 d1923b 961->969 970 d1922d-d19237 961->970 962->961 963->950 971 d19103 964->971 972 d19108-d19148 VirtualAlloc 964->972 975 d19281-d1928d 965->975 976 d1926f-d1927f 965->976 966->960 968->967 969->951 970->969 971->950 973 d1914a 972->973 974 d1914f-d1916a call d1a130 972->974 973->950 982 d19175-d1917f 974->982 979 d1929a-d192a0 975->979 980 d1928f-d19298 975->980 978 d192a3 976->978 978->958 979->978 980->978 983 d19181-d191b0 call d1a130 982->983 984 d191b2-d191c6 call d19f40 982->984 983->982 990 d191c8 984->990 991 d191ca-d191ce 984->991 990->950 992 d191d0-d191d4 CloseHandle 991->992 993 d191da-d191de 991->993 992->993 994 d191e0-d191eb VirtualFree 993->994 995 d191ee-d191f7 993->995 994->995 995->945 995->950
            APIs
            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 00D190A1
            • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00D192C7
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CreateFileFreeVirtual
            • String ID:
            • API String ID: 204039940-0
            • Opcode ID: e364f936384ad5a75a3e6820b612275e2b186d73597ef444eab7978b091760cf
            • Instruction ID: fa75fa1f5826162c70127af1a75dc8ad2e964faca7f43fdf870e8157161ab6ec
            • Opcode Fuzzy Hash: e364f936384ad5a75a3e6820b612275e2b186d73597ef444eab7978b091760cf
            • Instruction Fuzzy Hash: FDA1F674E00209FBDB14CFA4D8A8BEEF7B5BF48304F248159E515BB280DB759A85CB64

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1073 ab39e7-ab3a57 CreateWindowExW * 2 ShowWindow * 2
            APIs
            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00AB3A15
            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00AB3A36
            • ShowWindow.USER32(00000000,?,?), ref: 00AB3A4A
            • ShowWindow.USER32(00000000,?,?), ref: 00AB3A53
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$CreateShow
            • String ID: AutoIt v3$edit
            • API String ID: 1584632944-3779509399
            • Opcode ID: c0f7ce3a5c3746309e366a3b8ef7b9b0cc6582df4d0b3861790195689030c0c6
            • Instruction ID: 35f6ed6e341903cdf9775e5e3e9b4f6d1383d3e625e37e8215d3a96b149d7ef6
            • Opcode Fuzzy Hash: c0f7ce3a5c3746309e366a3b8ef7b9b0cc6582df4d0b3861790195689030c0c6
            • Instruction Fuzzy Hash: A9F0DA71941690BEEA315B276C49E7B3E7DD7C6F50F10412ABA08A3271CAA11891DAB0

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1074 d18db0-d18ec7 call d16a00 call d18ca0 CreateFileW 1081 d18ec9 1074->1081 1082 d18ece-d18ede 1074->1082 1083 d18f7e-d18f83 1081->1083 1085 d18ee0 1082->1085 1086 d18ee5-d18eff VirtualAlloc 1082->1086 1085->1083 1087 d18f01 1086->1087 1088 d18f03-d18f1a ReadFile 1086->1088 1087->1083 1089 d18f1c 1088->1089 1090 d18f1e-d18f58 call d18ce0 call d17ca0 1088->1090 1089->1083 1095 d18f74-d18f7c ExitProcess 1090->1095 1096 d18f5a-d18f6f call d18d30 1090->1096 1095->1083 1096->1095
            APIs
              • Part of subcall function 00D18CA0: Sleep.KERNELBASE(000001F4), ref: 00D18CB1
            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00D18EBD
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CreateFileSleep
            • String ID: YCZ7FSLSVU38LA8QC0R6
            • API String ID: 2694422964-967746149
            • Opcode ID: fbadc01c0ea8a6f584ec261f0b055b4f439ee229a08cbe573210445ac66c8eb5
            • Instruction ID: 4472171256ad0007d73450746248bce83d30a1cb61ceef9163c56a835536c190
            • Opcode Fuzzy Hash: fbadc01c0ea8a6f584ec261f0b055b4f439ee229a08cbe573210445ac66c8eb5
            • Instruction Fuzzy Hash: 6F518F30D04249EAEF11DBE4D918BEEBBB9AF15300F044199E6087B2C0DBB95B45DBB5

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1098 ab410d-ab4123 1099 ab4129-ab413e call ab7b76 1098->1099 1100 ab4200-ab4204 1098->1100 1103 aed50d-aed51c LoadStringW 1099->1103 1104 ab4144-ab4164 call ab7d2c 1099->1104 1107 aed527-aed53f call ab7c8e call ab7143 1103->1107 1104->1107 1108 ab416a-ab416e 1104->1108 1116 ab417e-ab41fb call ad2f60 call ab463e call ad2f3c Shell_NotifyIconW call ab5a64 1107->1116 1120 aed545-aed563 call ab7e0b call ab7143 call ab7e0b 1107->1120 1111 ab4205-ab420e call ab81a7 1108->1111 1112 ab4174-ab4179 call ab7c8e 1108->1112 1111->1116 1112->1116 1116->1100 1120->1116
            APIs
            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00AED51C
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
            • _memset.LIBCMT ref: 00AB418D
            • _wcscpy.LIBCMT ref: 00AB41E1
            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00AB41F1
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
            • String ID: Line:
            • API String ID: 3942752672-1585850449
            • Opcode ID: 6da0b0439241b0c9adea03e15c638d8e75f98ad33644cb84bdd504bbca2e88fb
            • Instruction ID: aac976ef5a1d32a54411c055b49940b4310abbfd502a7965fe82cc303e418760
            • Opcode Fuzzy Hash: 6da0b0439241b0c9adea03e15c638d8e75f98ad33644cb84bdd504bbca2e88fb
            • Instruction Fuzzy Hash: 2B3172714083056AD731EB64DD46BEE77ECAF54300F10461EF599931A3EFB0A688CB92

            Control-flow Graph

            • Executed
            • Not Executed
            control_flow_graph 1133 ad558d-ad55a6 1134 ad55a8-ad55ad 1133->1134 1135 ad55c3 1133->1135 1134->1135 1136 ad55af-ad55b1 1134->1136 1137 ad55c5-ad55cb 1135->1137 1138 ad55cc-ad55d1 1136->1138 1139 ad55b3-ad55b8 call ad8ca8 1136->1139 1140 ad55df-ad55e3 1138->1140 1141 ad55d3-ad55dd 1138->1141 1151 ad55be call ad8f36 1139->1151 1144 ad55e5-ad55f0 call ad2f60 1140->1144 1145 ad55f3-ad55f5 1140->1145 1141->1140 1143 ad5603-ad5612 1141->1143 1149 ad5619 1143->1149 1150 ad5614-ad5617 1143->1150 1144->1145 1145->1139 1148 ad55f7-ad5601 1145->1148 1148->1139 1148->1143 1153 ad561e-ad5623 1149->1153 1150->1153 1151->1135 1155 ad570c-ad570f 1153->1155 1156 ad5629-ad5630 1153->1156 1155->1137 1157 ad5671-ad5673 1156->1157 1158 ad5632-ad563a 1156->1158 1159 ad56dd-ad56de call ae0d27 1157->1159 1160 ad5675-ad5677 1157->1160 1158->1157 1161 ad563c 1158->1161 1170 ad56e3-ad56e7 1159->1170 1163 ad5679-ad5681 1160->1163 1164 ad569b-ad56a6 1160->1164 1165 ad573a 1161->1165 1166 ad5642-ad5644 1161->1166 1171 ad5691-ad5695 1163->1171 1172 ad5683-ad568f 1163->1172 1173 ad56a8 1164->1173 1174 ad56aa-ad56ad 1164->1174 1169 ad573e-ad5747 1165->1169 1167 ad564b-ad5650 1166->1167 1168 ad5646-ad5648 1166->1168 1175 ad5714-ad5718 1167->1175 1176 ad5656-ad566f call ae0e48 1167->1176 1168->1167 1169->1137 1170->1169 1177 ad56e9-ad56ee 1170->1177 1178 ad5697-ad5699 1171->1178 1172->1178 1173->1174 1174->1175 1179 ad56af-ad56bb call ad4856 call ae0fdb 1174->1179 1182 ad572a-ad5735 call ad8ca8 1175->1182 1183 ad571a-ad5727 call ad2f60 1175->1183 1193 ad56d2-ad56db 1176->1193 1177->1175 1181 ad56f0-ad5701 1177->1181 1178->1174 1194 ad56c0-ad56c5 1179->1194 1188 ad5704-ad5706 1181->1188 1182->1151 1183->1182 1188->1155 1188->1156 1193->1188 1195 ad574c-ad5750 1194->1195 1196 ad56cb-ad56ce 1194->1196 1195->1169 1196->1165 1197 ad56d0 1196->1197 1197->1193
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
            • String ID:
            • API String ID: 1559183368-0
            • Opcode ID: 85023550e632f3a2e029d8803ad8feb89e05da70391b4bd881aae18f065e9b73
            • Instruction ID: d934a75bc937a3efa5246dfd619648dcfdb290aeddee032ca11fde2b5b444224
            • Opcode Fuzzy Hash: 85023550e632f3a2e029d8803ad8feb89e05da70391b4bd881aae18f065e9b73
            • Instruction Fuzzy Hash: 6E519E30E00A05DBDB249FB9D98466E77B6AF45320F288A2BF827963D0D770DE508B40
            APIs
              • Part of subcall function 00AB4F3D: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00B752F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00AB4F6F
            • _free.LIBCMT ref: 00AEE5BC
            • _free.LIBCMT ref: 00AEE603
              • Part of subcall function 00AB6BEC: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00AB6D0D
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _free$CurrentDirectoryLibraryLoad
            • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
            • API String ID: 2861923089-1757145024
            • Opcode ID: aa486135d0b04febad8314513e496549127a0e15a80af8cf9408bdee26695fca
            • Instruction ID: 9e3d4d43f06c1117724121d1ed8dbcc4b2a0a9519aea5aaf5fbd9a46997126b5
            • Opcode Fuzzy Hash: aa486135d0b04febad8314513e496549127a0e15a80af8cf9408bdee26695fca
            • Instruction Fuzzy Hash: 6F918171910259AFCF14EFA5CC919EDB7B8FF08314F14446AF816AB2A2EB319D45CB60
            APIs
            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00AB35A1,SwapMouseButtons,00000004,?), ref: 00AB35D4
            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,00AB35A1,SwapMouseButtons,00000004,?,?,?,?,00AB2754), ref: 00AB35F5
            • RegCloseKey.KERNELBASE(00000000,?,?,00AB35A1,SwapMouseButtons,00000004,?,?,?,?,00AB2754), ref: 00AB3617
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CloseOpenQueryValue
            • String ID: Control Panel\Mouse
            • API String ID: 3677997916-824357125
            • Opcode ID: 1a58ac6b2dac43de36885b5ea9bbaa698c384fd8e58b12d51e874b7a68d9648c
            • Instruction ID: daffc6fd81727943f723f0b5ad47d681a575a2a8d2e343f60801ba6af616c9c3
            • Opcode Fuzzy Hash: 1a58ac6b2dac43de36885b5ea9bbaa698c384fd8e58b12d51e874b7a68d9648c
            • Instruction Fuzzy Hash: EC1148B6910208BFDF208F68DC90AFFB7BCEF04740F109469E805D7211D6719E40A760
            APIs
            • CreateProcessW.KERNELBASE(?,00000000), ref: 00D1845B
            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00D184F1
            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00D18513
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Process$ContextCreateMemoryReadThreadWow64
            • String ID:
            • API String ID: 2438371351-0
            • Opcode ID: a5f8eca76df1c4d60a387bf050efe929c827b8bdc82418feca4108ede207e1c1
            • Instruction ID: 7287af9f78bb5b115d71ce05557f96b2d2a63065bb0e7955ae8fa2f717b80ae9
            • Opcode Fuzzy Hash: a5f8eca76df1c4d60a387bf050efe929c827b8bdc82418feca4108ede207e1c1
            • Instruction Fuzzy Hash: 5962FE30A14658DBEB24CFA4D851BDEB372EF58300F1091A9D10DEB390EB759E81DB69
            APIs
              • Part of subcall function 00AB5045: _fseek.LIBCMT ref: 00AB505D
              • Part of subcall function 00B197DD: _wcscmp.LIBCMT ref: 00B198CD
              • Part of subcall function 00B197DD: _wcscmp.LIBCMT ref: 00B198E0
            • _free.LIBCMT ref: 00B1974B
            • _free.LIBCMT ref: 00B19752
            • _free.LIBCMT ref: 00B197BD
              • Part of subcall function 00AD2ED5: RtlFreeHeap.NTDLL(00000000,00000000,?,00AD9BA4), ref: 00AD2EE9
              • Part of subcall function 00AD2ED5: GetLastError.KERNEL32(00000000,?,00AD9BA4), ref: 00AD2EFB
            • _free.LIBCMT ref: 00B197C5
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
            • String ID:
            • API String ID: 1552873950-0
            • Opcode ID: e7380544773663296b0c3136f1e3976d6f6c9a32d6817a33089202c8b0d22308
            • Instruction ID: ec60f5b322e99a33886c2d603092c106cb40af9817366674bbdee8bb23d1d0a2
            • Opcode Fuzzy Hash: e7380544773663296b0c3136f1e3976d6f6c9a32d6817a33089202c8b0d22308
            • Instruction Fuzzy Hash: F4513CB1D04258AFDF249F64DC81ADEBBB9EF48700F1044AEB609A7381DB715A90CF58
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __flsbuf__flush__getptd_noexit__write_memmove
            • String ID:
            • API String ID: 2782032738-0
            • Opcode ID: c192cc0e54a8f9db57de2592849b4d8a529bf1476805975b929b304db04efb62
            • Instruction ID: ff3c50b9ddac964f40b2f038cff7203a0738f3492258d070bc6225d4d73e7250
            • Opcode Fuzzy Hash: c192cc0e54a8f9db57de2592849b4d8a529bf1476805975b929b304db04efb62
            • Instruction Fuzzy Hash: 7C419371A047469FDF188F6AC8919AF7BB6AF483A0B24863FE85797740D670DE409B40
            APIs
            • _memset.LIBCMT ref: 00AEED92
            • GetOpenFileNameW.COMDLG32(?), ref: 00AEEDDC
              • Part of subcall function 00AB48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AB48A1,?,?,00AB37C0,?), ref: 00AB48CE
              • Part of subcall function 00AD0911: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00AD0930
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Name$Path$FileFullLongOpen_memset
            • String ID: X
            • API String ID: 3777226403-3081909835
            • Opcode ID: 4d50274e03d792f8062a302625b38f34668dc41936ff485ee56f4f02ba3e7b55
            • Instruction ID: dfc81e296c229bc00e63fe4122ef3da5bd64c6c5e3863f964d826aa065e14ae6
            • Opcode Fuzzy Hash: 4d50274e03d792f8062a302625b38f34668dc41936ff485ee56f4f02ba3e7b55
            • Instruction Fuzzy Hash: 8F21C331A002989BCB01DF94CC45BEE7BFDAF48304F00405AE409A7242DFF859898FA1
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __fread_nolock_memmove
            • String ID: EA06
            • API String ID: 1988441806-3962188686
            • Opcode ID: 06592216fd2bac93377ca6e97dadd8c751d05ea6b4fc32dd82b1e3cfc8ff478e
            • Instruction ID: b677e930dd822a16c8d387882f7db66c8de1a1b7150c37aca69da85650d95147
            • Opcode Fuzzy Hash: 06592216fd2bac93377ca6e97dadd8c751d05ea6b4fc32dd82b1e3cfc8ff478e
            • Instruction Fuzzy Hash: 9B01B972D042586EDB28C7A8C856EEE7BF8DB15701F00459BF553D2281E9B5A6049760
            APIs
            • GetTempPathW.KERNEL32(00000104,?), ref: 00B199A1
            • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00B199B8
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Temp$FileNamePath
            • String ID: aut
            • API String ID: 3285503233-3010740371
            • Opcode ID: bf669e7414094cd74a3cea121f09880395433b007c3c91eab424c501f8ecc975
            • Instruction ID: 0392ec55dcdb16f5d43b1f82edc8590cd82ac89446f0a182e2f2bf5f6d098f2c
            • Opcode Fuzzy Hash: bf669e7414094cd74a3cea121f09880395433b007c3c91eab424c501f8ecc975
            • Instruction Fuzzy Hash: 1BD05B7594030DABDB509B90DC0DFAF777CD704700F0002B1BA54920A1DD7055548B91
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1d4cb78a5631fe6c6f1af0ad5ceac06ac1a39a9dd84c90ee345d58ecdabcca0b
            • Instruction ID: dfd91f5b21a072af1e7048eee84c7dd692457937f144fb73e1dd8721db104403
            • Opcode Fuzzy Hash: 1d4cb78a5631fe6c6f1af0ad5ceac06ac1a39a9dd84c90ee345d58ecdabcca0b
            • Instruction Fuzzy Hash: 3AF14570A083119FC714DF28D580A6EBBE5FF88314F14896EF8999B252D731E946CF82
            APIs
              • Part of subcall function 00AD02E2: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AD0313
              • Part of subcall function 00AD02E2: MapVirtualKeyW.USER32(00000010,00000000), ref: 00AD031B
              • Part of subcall function 00AD02E2: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AD0326
              • Part of subcall function 00AD02E2: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AD0331
              • Part of subcall function 00AD02E2: MapVirtualKeyW.USER32(00000011,00000000), ref: 00AD0339
              • Part of subcall function 00AD02E2: MapVirtualKeyW.USER32(00000012,00000000), ref: 00AD0341
              • Part of subcall function 00AC6259: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00ABFA90), ref: 00AC62B4
            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00ABFB2D
            • OleInitialize.OLE32(00000000), ref: 00ABFBAA
            • CloseHandle.KERNEL32(00000000), ref: 00AF4921
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
            • String ID:
            • API String ID: 1986988660-0
            • Opcode ID: 7a72ef334ba1697ffdabc95c7a1afbab9ec10989c83b077082dc176ce8e90fba
            • Instruction ID: 55bad16e48d6b02e66b6229862dacbd53def4b4248b91fecb58d447761802bf5
            • Opcode Fuzzy Hash: 7a72ef334ba1697ffdabc95c7a1afbab9ec10989c83b077082dc176ce8e90fba
            • Instruction Fuzzy Hash: 8881DAB1901A408ED3B4DF39AD456597BE9FB98306B60856A901ECB37AEFF044C4CF24
            APIs
            • _memset.LIBCMT ref: 00AB4401
            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AB44A6
            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00AB44C3
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: IconNotifyShell_$_memset
            • String ID:
            • API String ID: 1505330794-0
            • Opcode ID: de3e44fe5d4ffa0cb15b3fe9bb3430b195b3a67c9d1b28904a355090405a8ba4
            • Instruction ID: cd63832047e9667f34de7a0e642368085a5477e8dde87007e493e4d8e16ecfb1
            • Opcode Fuzzy Hash: de3e44fe5d4ffa0cb15b3fe9bb3430b195b3a67c9d1b28904a355090405a8ba4
            • Instruction Fuzzy Hash: EF3130709057018FD721DF64D8847DBBBF8FB49304F10092EE59A97253DBB1A954CB92
            APIs
            • __FF_MSGBANNER.LIBCMT ref: 00AD58A3
              • Part of subcall function 00ADA2EB: __NMSG_WRITE.LIBCMT ref: 00ADA312
              • Part of subcall function 00ADA2EB: __NMSG_WRITE.LIBCMT ref: 00ADA31C
            • __NMSG_WRITE.LIBCMT ref: 00AD58AA
              • Part of subcall function 00ADA348: GetModuleFileNameW.KERNEL32(00000000,00B733BA,00000104,?,00000001,00000000), ref: 00ADA3DA
              • Part of subcall function 00ADA348: ___crtMessageBoxW.LIBCMT ref: 00ADA488
              • Part of subcall function 00AD321F: ___crtCorExitProcess.LIBCMT ref: 00AD3225
              • Part of subcall function 00AD321F: ExitProcess.KERNEL32 ref: 00AD322E
              • Part of subcall function 00AD8CA8: __getptd_noexit.LIBCMT ref: 00AD8CA8
            • RtlAllocateHeap.NTDLL(00C80000,00000000,00000001,00000000,?,?,?,00AD0F53,?), ref: 00AD58CF
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
            • String ID:
            • API String ID: 1372826849-0
            • Opcode ID: c1e87a45b18cca80682eeae48f49f694e67bad0a37d144febb3f58819c3c9477
            • Instruction ID: 7bb592deae1134feae37b994ba1a0668a37eb12216c7fd62b960dfeed6307309
            • Opcode Fuzzy Hash: c1e87a45b18cca80682eeae48f49f694e67bad0a37d144febb3f58819c3c9477
            • Instruction Fuzzy Hash: 4B01F536A50B11DBDA102BB5AD52A2E7398DF92760B100027F503AB392DE748E406661
            APIs
            • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,00B195F1,?,?,?,?,?,00000004), ref: 00B19964
            • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00B195F1,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 00B1997A
            • CloseHandle.KERNEL32(00000000,?,00B195F1,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00B19981
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: File$CloseCreateHandleTime
            • String ID:
            • API String ID: 3397143404-0
            • Opcode ID: ee043b74141a285d0e3a006c5a988a8fa97de4e0c5045528f48e8fd697cbd868
            • Instruction ID: 822dd8c2dcba62cd168d585f69285b683da6748594567bd53cf32f3a1af4be60
            • Opcode Fuzzy Hash: ee043b74141a285d0e3a006c5a988a8fa97de4e0c5045528f48e8fd697cbd868
            • Instruction Fuzzy Hash: 71E08632540615B7DB211B54EC09FEE7B58EB05760F204220FB547A0E08BB119219798
            APIs
            • _free.LIBCMT ref: 00B18DC4
              • Part of subcall function 00AD2ED5: RtlFreeHeap.NTDLL(00000000,00000000,?,00AD9BA4), ref: 00AD2EE9
              • Part of subcall function 00AD2ED5: GetLastError.KERNEL32(00000000,?,00AD9BA4), ref: 00AD2EFB
            • _free.LIBCMT ref: 00B18DD5
            • _free.LIBCMT ref: 00B18DE7
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _free$ErrorFreeHeapLast
            • String ID:
            • API String ID: 776569668-0
            • Opcode ID: 3221efda5ec1aeb3564d3aaca8a62a8878e7642d45a62f0f0d26450024f2f6e1
            • Instruction ID: 573b92d27c6976ba9eebc4f555e5de277a206fe60170a07318ac9dac39327b97
            • Opcode Fuzzy Hash: 3221efda5ec1aeb3564d3aaca8a62a8878e7642d45a62f0f0d26450024f2f6e1
            • Instruction Fuzzy Hash: ABE012A160170143CA24657C7A40FD327DCAF68B61754086EB40AD76C2CE64E8C1C264
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID: CALL
            • API String ID: 0-4196123274
            • Opcode ID: c02118e005e481f58fbd3da8e3aa301dffb87cdfdedea35aea4687d7c2aa3942
            • Instruction ID: c3a38f4972a30f1715713a3dfda20f5b7547de49065d1cf9c986ac934d77cc87
            • Opcode Fuzzy Hash: c02118e005e481f58fbd3da8e3aa301dffb87cdfdedea35aea4687d7c2aa3942
            • Instruction Fuzzy Hash: 9E2258705082418FCB24DF14C490BAABBF5FF98304F14896DE89A9B362DB71ED45CB82
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memmove
            • String ID: EA06
            • API String ID: 4104443479-3962188686
            • Opcode ID: ff26741cc21b2fb7ccef80cbfb004a8f7085ac769bc6f155e750b1b536c642c7
            • Instruction ID: 2b0cd93648c582ef8172a98d50d5bb2a9849d95d098afd973c1ab2d74f68480a
            • Opcode Fuzzy Hash: ff26741cc21b2fb7ccef80cbfb004a8f7085ac769bc6f155e750b1b536c642c7
            • Instruction Fuzzy Hash: 34414971A041586BDF219B7489A1BFE7FBEAF4D300F684075F8829B283C621DD4487E1
            APIs
            • IsThemeActive.UXTHEME ref: 00AB4992
              • Part of subcall function 00AD34EC: __lock.LIBCMT ref: 00AD34F2
              • Part of subcall function 00AD34EC: DecodePointer.KERNEL32(00000001,?,00AB49A7,00B07F9C), ref: 00AD34FE
              • Part of subcall function 00AD34EC: EncodePointer.KERNEL32(?,?,00AB49A7,00B07F9C), ref: 00AD3509
              • Part of subcall function 00AB4A5B: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00AB4A73
              • Part of subcall function 00AB4A5B: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00AB4A88
              • Part of subcall function 00AB3B4C: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00AB3B7A
              • Part of subcall function 00AB3B4C: IsDebuggerPresent.KERNEL32 ref: 00AB3B8C
              • Part of subcall function 00AB3B4C: GetFullPathNameW.KERNEL32(00007FFF,?,?,00B752F8,00B752E0,?,?), ref: 00AB3BFD
              • Part of subcall function 00AB3B4C: SetCurrentDirectoryW.KERNEL32(?), ref: 00AB3C81
            • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00AB49D2
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
            • String ID:
            • API String ID: 1438897964-0
            • Opcode ID: 662d2789a868f92cf34213a75243dc00d7d8c43346113aa51f3d01a83e66cf41
            • Instruction ID: a4d7b19f9b6a10226fc3549707ab1be13c4c2ff2fcb242aefd6e777801c06999
            • Opcode Fuzzy Hash: 662d2789a868f92cf34213a75243dc00d7d8c43346113aa51f3d01a83e66cf41
            • Instruction Fuzzy Hash: 0C118C718043119FC710DF28ED4594AFBE8EF88750F10491EF149932B2DFB09A85CB92
            APIs
            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000,?,00AB5981,?,?,?,?), ref: 00AB5E27
            • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000000,?,00AB5981,?,?,?,?), ref: 00AEE0CC
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CreateFile
            • String ID:
            • API String ID: 823142352-0
            • Opcode ID: ff114ecb657e9fa47bb666303db546ea6d96a80943206949da1c09dba6e106eb
            • Instruction ID: fa75e8607c2e0e51d50571048580451b7685c8f22902211a97ee91185db9e2f4
            • Opcode Fuzzy Hash: ff114ecb657e9fa47bb666303db546ea6d96a80943206949da1c09dba6e106eb
            • Instruction Fuzzy Hash: 1F01B570584708BEF7254F34DC8AFB67AACFB05768F148318BAE56A1E1C6F15E498B10
            APIs
              • Part of subcall function 00AD588C: __FF_MSGBANNER.LIBCMT ref: 00AD58A3
              • Part of subcall function 00AD588C: __NMSG_WRITE.LIBCMT ref: 00AD58AA
              • Part of subcall function 00AD588C: RtlAllocateHeap.NTDLL(00C80000,00000000,00000001,00000000,?,?,?,00AD0F53,?), ref: 00AD58CF
            • std::exception::exception.LIBCMT ref: 00AD0F6C
            • __CxxThrowException@8.LIBCMT ref: 00AD0F81
              • Part of subcall function 00AD871B: RaiseException.KERNEL32(?,?,?,00B69E78,00000000,?,?,?,?,00AD0F86,?,00B69E78,?,00000001), ref: 00AD8770
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
            • String ID:
            • API String ID: 3902256705-0
            • Opcode ID: 75a5c4d8f1e3fc0453e15f2d8fe89b25e0005ef3f5006883733ed6e33fb7280e
            • Instruction ID: f5d6980bf5c1b2bf92e71a8889588174f7c4590fba4058bab3aef4c1e3191d5e
            • Opcode Fuzzy Hash: 75a5c4d8f1e3fc0453e15f2d8fe89b25e0005ef3f5006883733ed6e33fb7280e
            • Instruction Fuzzy Hash: 7CF0A4329042196ACB24AF94ED06EDE7BEC9F04710F6044A7F90A96392EF71CB54E6D1
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __lock_file_memset
            • String ID:
            • API String ID: 26237723-0
            • Opcode ID: 3e1e5bbf24d81bae44ef92103e21516ecb7a603bcd210a5c2628e2b82b36153e
            • Instruction ID: 96f9b4806b36d637790fa80d67aa581ca3eeb2d7dac250bdfa6d356d47bdf7b2
            • Opcode Fuzzy Hash: 3e1e5bbf24d81bae44ef92103e21516ecb7a603bcd210a5c2628e2b82b36153e
            • Instruction Fuzzy Hash: C5018431D01609EBCF21AF798D054DE7B72BF80360F244617F8265A361D7358A21DF91
            APIs
              • Part of subcall function 00AD8CA8: __getptd_noexit.LIBCMT ref: 00AD8CA8
            • __lock_file.LIBCMT ref: 00AD555B
              • Part of subcall function 00AD6D8E: __lock.LIBCMT ref: 00AD6DB1
            • __fclose_nolock.LIBCMT ref: 00AD5566
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
            • String ID:
            • API String ID: 2800547568-0
            • Opcode ID: edbe16404fa3c605e1918b0b0b2d0496d3406a7a280d7e4d0ea9fca041c30d64
            • Instruction ID: a2a176e52fbf3d77d51a5c5eafb5c7ad54bb5b7d880be3138d489ab7b3b0fd33
            • Opcode Fuzzy Hash: edbe16404fa3c605e1918b0b0b2d0496d3406a7a280d7e4d0ea9fca041c30d64
            • Instruction Fuzzy Hash: 1EF0B471D01A009ADB216F7599027AE7BE26F40331F15820BF427AB3D1CB7C8A419F52
            APIs
            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000001,00000000,00000000,?,?,?,00AB558F,?,?,?,?,?), ref: 00AB81DA
            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000001,00000000,?,?,?,00AB558F,?,?,?,?,?), ref: 00AB820D
              • Part of subcall function 00AB78AD: _memmove.LIBCMT ref: 00AB78E9
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ByteCharMultiWide$_memmove
            • String ID:
            • API String ID: 3033907384-0
            • Opcode ID: 6aa2959af96071c8251b83ae60b6c4cead27caedfa7792f1f9ce55a8c652a8ed
            • Instruction ID: 1ed42072eebe492a354e271e1022cc5048a3575e5f3c395073f8370cc13c4a95
            • Opcode Fuzzy Hash: 6aa2959af96071c8251b83ae60b6c4cead27caedfa7792f1f9ce55a8c652a8ed
            • Instruction Fuzzy Hash: F9014B71205504BEEB246B25ED4AFBB7B6DEB89760F20802AF905DE291DE71E800D661
            APIs
            • CreateProcessW.KERNELBASE(?,00000000), ref: 00D1845B
            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00D184F1
            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00D18513
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Process$ContextCreateMemoryReadThreadWow64
            • String ID:
            • API String ID: 2438371351-0
            • Opcode ID: 6ff7500a3617197a005732162d507dd4d37460c8dcbf147a4ae2be43d63b6423
            • Instruction ID: 384f8db90ffe4c5dbc6b0fb5c609f1a88093073ff05a89bc9f2fc7c4483f9bdc
            • Opcode Fuzzy Hash: 6ff7500a3617197a005732162d507dd4d37460c8dcbf147a4ae2be43d63b6423
            • Instruction Fuzzy Hash: 8512BE24E24658C6EB24DF64D8507DEB232EF68300F1094E9910DEB7A5E77A4EC1CF5A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 49438910d274213858ae06f1ae9a235ee781d877606f1f1840e30035bcc55bdb
            • Instruction ID: 0dec0607efe50632eaedfbec38b4c0d7c084d23e98a932e0b32045d804e0cb05
            • Opcode Fuzzy Hash: 49438910d274213858ae06f1ae9a235ee781d877606f1f1840e30035bcc55bdb
            • Instruction Fuzzy Hash: 2A515035A00604AFCF14EBA4CA95FAE77EAAF45310F15856CF946AB392DB30ED01CB51
            APIs
            • SetFilePointerEx.KERNELBASE(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00AB5CF6
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FilePointer
            • String ID:
            • API String ID: 973152223-0
            • Opcode ID: 30fbaa7d26be7b40a87aafa810b17083b418ad4b3c59b40d295f2b566170c963
            • Instruction ID: 0235ac926f1b019152c977d80e7806b446c88a627418cb54450e9bc7033bf456
            • Opcode Fuzzy Hash: 30fbaa7d26be7b40a87aafa810b17083b418ad4b3c59b40d295f2b566170c963
            • Instruction Fuzzy Hash: A7313971E00B49AFCB18DF29C484BADBBBABF48310F148629E81993751D771AD60DB90
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ProtectVirtual
            • String ID:
            • API String ID: 544645111-0
            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
            • Instruction ID: 5ac7afae597acc1dfd2956e2da4716d7ffa0ceacba2f8f253fd7fb0f52120cff
            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
            • Instruction Fuzzy Hash: 1531B274A001059FC718DF59D484A69FBB6FF59300F688AA6E44ACB355DB31EDC1CB90
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ClearVariant
            • String ID:
            • API String ID: 1473721057-0
            • Opcode ID: 988136e13be059e3c1aed5c40c92a415c29b171742648aec056ceb2acb50c714
            • Instruction ID: b97b15e2e568c5c303d47fca052bdb1809fa4ebca810c76786c021a2339d5030
            • Opcode Fuzzy Hash: 988136e13be059e3c1aed5c40c92a415c29b171742648aec056ceb2acb50c714
            • Instruction Fuzzy Hash: DE4137745083518FDB24CF14C484F6ABBE1BF49318F1988ACE98A8B362C772EC45CB52
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memmove
            • String ID:
            • API String ID: 4104443479-0
            • Opcode ID: ac562ba610dad04e7ff15bbb2604c490293bdba8bca9c52a300c95a781116a49
            • Instruction ID: 8a044d73555c2a0710156de6229772efa5923309f7cc122fb7d9f27a5fc7c641
            • Opcode Fuzzy Hash: ac562ba610dad04e7ff15bbb2604c490293bdba8bca9c52a300c95a781116a49
            • Instruction Fuzzy Hash: BC210231900A08EBDB209F67E881BAE7FB8FB08350F21846AE486C6151EBB185E0C755
            APIs
              • Part of subcall function 00AB4D13: FreeLibrary.KERNEL32(00000000,?), ref: 00AB4D4D
              • Part of subcall function 00AD53CB: __wfsopen.LIBCMT ref: 00AD53D6
            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00B752F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00AB4F6F
              • Part of subcall function 00AB4CC8: FreeLibrary.KERNEL32(00000000), ref: 00AB4D02
              • Part of subcall function 00AB4DD0: _memmove.LIBCMT ref: 00AB4E1A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Library$Free$Load__wfsopen_memmove
            • String ID:
            • API String ID: 1396898556-0
            • Opcode ID: 0c3928c60c821e82e6017e12c9d96cecc996b317ddb2ea6d16fdab3db418713b
            • Instruction ID: c7a0f161b43d88162c8f8f03d8e3c31bf7e97eba7d9a44f3418ce201b4f43557
            • Opcode Fuzzy Hash: 0c3928c60c821e82e6017e12c9d96cecc996b317ddb2ea6d16fdab3db418713b
            • Instruction Fuzzy Hash: 5B119431A0070ABACF14BF70CD16BEE77BD9F48B11F208829F541A7183DAB19A159B91
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ClearVariant
            • String ID:
            • API String ID: 1473721057-0
            • Opcode ID: 534e5800ae22abee3ef68ee140a996a03331b49fa9dc6b0aacdda129db01c8ef
            • Instruction ID: 5374f46e5f5df8c84994914e8a46d12efc56f77e62d2a41dc4a7fcdac39983c6
            • Opcode Fuzzy Hash: 534e5800ae22abee3ef68ee140a996a03331b49fa9dc6b0aacdda129db01c8ef
            • Instruction Fuzzy Hash: B22113B05083519FDB24DF54C444F5ABBE5BF88314F05896CF99A5B722D731E809CB92
            APIs
            • ReadFile.KERNELBASE(?,?,00010000,?,00000000,00000000,?,00010000,?,00AB5807,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00AB5D76
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FileRead
            • String ID:
            • API String ID: 2738559852-0
            • Opcode ID: d36f59a360a725f00b5f30a5d8df12c87e9b025cbc735ea588c658c7009a6c50
            • Instruction ID: 86381f29d2281e692a5ff0cce3b2c01ed8bda6f9310bb0eb92f42fe60b6e98c3
            • Opcode Fuzzy Hash: d36f59a360a725f00b5f30a5d8df12c87e9b025cbc735ea588c658c7009a6c50
            • Instruction Fuzzy Hash: EF113A31600B019FD330CF25D484BA6B7F9FF45750F10CA2EE5AA86A51D7B1E945CB60
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memmove
            • String ID:
            • API String ID: 4104443479-0
            • Opcode ID: 3d89ba8d023d507579d310c630cb30b42907c54d329dc3f02e34af5ce4cbb46e
            • Instruction ID: 3e163215f3245df5306f07c3605962423fb6a9c101a579f86f75b85ae2ea9c78
            • Opcode Fuzzy Hash: 3d89ba8d023d507579d310c630cb30b42907c54d329dc3f02e34af5ce4cbb46e
            • Instruction Fuzzy Hash: CE01A2B5A00542AFC305DB69D541E2AFBA9FF893107248159F819C7702D731FC22CBE0
            APIs
            • __lock_file.LIBCMT ref: 00AD4A16
              • Part of subcall function 00AD8CA8: __getptd_noexit.LIBCMT ref: 00AD8CA8
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __getptd_noexit__lock_file
            • String ID:
            • API String ID: 2597487223-0
            • Opcode ID: b4583044e59e335bc24c0f23d8329e90fd5aa1c8370ece50cc0478950b95693b
            • Instruction ID: 99c31282daa5614b2d3f70ca1cd8238d8f2d6a20b200cbed513207a5763cf943
            • Opcode Fuzzy Hash: b4583044e59e335bc24c0f23d8329e90fd5aa1c8370ece50cc0478950b95693b
            • Instruction Fuzzy Hash: 6CF0C231940245EFDF21AF748D063DF3AA1AF043A5F058516F426AA3A1DBBC8A10DF51
            APIs
            • FreeLibrary.KERNEL32(?,?,00B752F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00AB4FDE
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FreeLibrary
            • String ID:
            • API String ID: 3664257935-0
            • Opcode ID: 2da89e1a4a25073ab9a7c87439b6a3be39d303373b52cd471325c06400d9b7c0
            • Instruction ID: fecaec69e7886fea1f0c465ceb0303062b7de8e06bbd24ab3835970c36b7df0b
            • Opcode Fuzzy Hash: 2da89e1a4a25073ab9a7c87439b6a3be39d303373b52cd471325c06400d9b7c0
            • Instruction Fuzzy Hash: 4BF01571509B12CFCB349F74E4948A6BBF9AF087293208A3EE1D783613C732A850DB40
            APIs
            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00AD0930
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: LongNamePath_memmove
            • String ID:
            • API String ID: 2514874351-0
            • Opcode ID: a588b2648c03a559ba4e7d3de5178d14f8733e09bfd859214facde447f6be01d
            • Instruction ID: 2b48decd7309a89cccf56d6a32faaf7bdee4dc49128acc17a33db8ea7562849a
            • Opcode Fuzzy Hash: a588b2648c03a559ba4e7d3de5178d14f8733e09bfd859214facde447f6be01d
            • Instruction Fuzzy Hash: C3E0863690512957C720D6589C05FFE77EDDF88690F0401B5FC0CD7245D9B05C818690
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __fread_nolock
            • String ID:
            • API String ID: 2638373210-0
            • Opcode ID: 87e92921201f7f350e3b6a5d32947fae34ea2a0dab1f5900b9b8b54ddfacd81a
            • Instruction ID: dd6902b02e2ea8aa34b575774a722aa345fb90c5a2666d8c1a9f8d0af4f7772c
            • Opcode Fuzzy Hash: 87e92921201f7f350e3b6a5d32947fae34ea2a0dab1f5900b9b8b54ddfacd81a
            • Instruction Fuzzy Hash: DBE012B1604B009BDB358E24D8517E377E1FB06315F000D5DF69AD3241EB63B886CB59
            APIs
            • SetFilePointerEx.KERNELBASE(?,00000000,00000000,?,00000001,?,?,?,00AEE09B,?,?,00000000), ref: 00AB5DBF
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FilePointer
            • String ID:
            • API String ID: 973152223-0
            • Opcode ID: a4edd3d30b8756f2150f2cd5574b376c926baa950cb4e9ddb93f5820241f386d
            • Instruction ID: b34557eb2dd40c2d0a79b29f790c48fc8c8cf8d8b4a0a15cd48d2d136ca1b05d
            • Opcode Fuzzy Hash: a4edd3d30b8756f2150f2cd5574b376c926baa950cb4e9ddb93f5820241f386d
            • Instruction Fuzzy Hash: 36D09E74640208BFE610DB80DC46FA9777CD705710F200194BD046629096B27D548695
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __wfsopen
            • String ID:
            • API String ID: 197181222-0
            • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
            • Instruction ID: 5775b71709802b9d7d1a71f9f274856c3e72f2fa3031bf3d3a8c7c5e561d4902
            • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
            • Instruction Fuzzy Hash: 7CB0927A84020C77CE012A92EC02A493B599B407A4F408021FB0C1C2A2A6B3A6609689
            APIs
            • GetLastError.KERNEL32(00000002,00000000), ref: 00B1D28B
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorLast
            • String ID:
            • API String ID: 1452528299-0
            • Opcode ID: 81de959df5bb3f74f23fbf2a6802470dca1dcb35cc4b18075e9b66321ef67e4e
            • Instruction ID: 3a8894c3451642fab641eeb9a4b2e2f029b653ff42bc2407ef93baff4fc074c6
            • Opcode Fuzzy Hash: 81de959df5bb3f74f23fbf2a6802470dca1dcb35cc4b18075e9b66321ef67e4e
            • Instruction Fuzzy Hash: 357151306043018FC714EF24D591AEEB7E4EF89354F44496DF9A69B2A2DB30ED45CB92
            APIs
            • Sleep.KERNELBASE(000001F4), ref: 00D18CB1
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Sleep
            • String ID:
            • API String ID: 3472027048-0
            • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
            • Instruction ID: 91c54e6c86e88d0663c9aecb82eb119317e6cdf3b043a82b4ec530dfb76b5f52
            • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
            • Instruction Fuzzy Hash: 42E0BF7494110EEFDB00EFA8E6496DE7BB4EF04301F1005A1FD05D7680DB309E549A72
            APIs
            • Sleep.KERNELBASE(000001F4), ref: 00D18CB1
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Sleep
            • String ID:
            • API String ID: 3472027048-0
            • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
            • Instruction ID: 770929166789e71c9b7ae864848fa584096f0e89e964d059ae77d632f0eeeefd
            • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
            • Instruction Fuzzy Hash: 6FE0BF7494110EAFDB00EFA8D64969E7BB4EF04301F100161FD0192280DA3099509A72
            APIs
              • Part of subcall function 00AB2612: GetWindowLongW.USER32(?,000000EB), ref: 00AB2623
            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00B3CBA1
            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B3CBFF
            • GetWindowLongW.USER32(?,000000F0), ref: 00B3CC40
            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B3CC6A
            • SendMessageW.USER32 ref: 00B3CC93
            • _wcsncpy.LIBCMT ref: 00B3CCFF
            • GetKeyState.USER32(00000011), ref: 00B3CD20
            • GetKeyState.USER32(00000009), ref: 00B3CD2D
            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B3CD43
            • GetKeyState.USER32(00000010), ref: 00B3CD4D
            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B3CD76
            • SendMessageW.USER32 ref: 00B3CD9D
            • SendMessageW.USER32(?,00001030,?,00B3B37C), ref: 00B3CEA1
            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00B3CEB7
            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00B3CECA
            • SetCapture.USER32(?), ref: 00B3CED3
            • ClientToScreen.USER32(?,?), ref: 00B3CF38
            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00B3CF45
            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B3CF5F
            • ReleaseCapture.USER32 ref: 00B3CF6A
            • GetCursorPos.USER32(?), ref: 00B3CFA4
            • ScreenToClient.USER32(?,?), ref: 00B3CFB1
            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B3D00D
            • SendMessageW.USER32 ref: 00B3D03B
            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B3D078
            • SendMessageW.USER32 ref: 00B3D0A7
            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00B3D0C8
            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00B3D0D7
            • GetCursorPos.USER32(?), ref: 00B3D0F7
            • ScreenToClient.USER32(?,?), ref: 00B3D104
            • GetParent.USER32(?), ref: 00B3D124
            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B3D18D
            • SendMessageW.USER32 ref: 00B3D1BE
            • ClientToScreen.USER32(?,?), ref: 00B3D21C
            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00B3D24C
            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B3D276
            • SendMessageW.USER32 ref: 00B3D299
            • ClientToScreen.USER32(?,?), ref: 00B3D2EB
            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00B3D31F
              • Part of subcall function 00AB25DB: GetWindowLongW.USER32(?,000000EB), ref: 00AB25EC
            • GetWindowLongW.USER32(?,000000F0), ref: 00B3D3BB
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
            • String ID: @GUI_DRAGID$F
            • API String ID: 3977979337-4164748364
            • Opcode ID: 363abec82e962b181d123786d481bccc556fc44e1586e56ae25bdc5a9c4968e8
            • Instruction ID: 85b8c67acf742de2fd87d05b4d1532523171173d6e00f475750b990948bafed3
            • Opcode Fuzzy Hash: 363abec82e962b181d123786d481bccc556fc44e1586e56ae25bdc5a9c4968e8
            • Instruction Fuzzy Hash: 1D42CF31604305AFD720CF68C885EAABFE5FF49310F2409A9F599A72B1DB71E854CB52
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memmove$_memset
            • String ID: DEFINE$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)
            • API String ID: 1357608183-1798697756
            • Opcode ID: 0d629919d75fa418df402510435e44e7fcd62810f5e0fb57ff5a67d9667b486a
            • Instruction ID: 02941fd1e48110d9cd4804a6ea8779642ec4a7df720756e392b1d11488683d1b
            • Opcode Fuzzy Hash: 0d629919d75fa418df402510435e44e7fcd62810f5e0fb57ff5a67d9667b486a
            • Instruction Fuzzy Hash: 3E939175A00219DBDB24CF98C885BADBBF1FF48710F2581AAE955AB3D0E7749D81CB40
            APIs
            • GetForegroundWindow.USER32(00000000,?), ref: 00AB4A3D
            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AED9BE
            • IsIconic.USER32(?), ref: 00AED9C7
            • ShowWindow.USER32(?,00000009), ref: 00AED9D4
            • SetForegroundWindow.USER32(?), ref: 00AED9DE
            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00AED9F4
            • GetCurrentThreadId.KERNEL32 ref: 00AED9FB
            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00AEDA07
            • AttachThreadInput.USER32(?,00000000,00000001), ref: 00AEDA18
            • AttachThreadInput.USER32(?,00000000,00000001), ref: 00AEDA20
            • AttachThreadInput.USER32(00000000,?,00000001), ref: 00AEDA28
            • SetForegroundWindow.USER32(?), ref: 00AEDA2B
            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AEDA40
            • keybd_event.USER32(00000012,00000000), ref: 00AEDA4B
            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AEDA55
            • keybd_event.USER32(00000012,00000000), ref: 00AEDA5A
            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AEDA63
            • keybd_event.USER32(00000012,00000000), ref: 00AEDA68
            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AEDA72
            • keybd_event.USER32(00000012,00000000), ref: 00AEDA77
            • SetForegroundWindow.USER32(?), ref: 00AEDA7A
            • AttachThreadInput.USER32(?,?,00000000), ref: 00AEDAA1
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
            • String ID: Shell_TrayWnd
            • API String ID: 4125248594-2988720461
            • Opcode ID: eb9db3996f51eb7fb6263d6871b46afbb26628a24c24281e1cc4c84dbc8dcd04
            • Instruction ID: ff16fbb6d34aeb1c8c0eb77bcccdf26a08cdd31a29661608e08fdfb4e2980e01
            • Opcode Fuzzy Hash: eb9db3996f51eb7fb6263d6871b46afbb26628a24c24281e1cc4c84dbc8dcd04
            • Instruction Fuzzy Hash: E6315571E40319BBEB216FA29C49F7E7E6CEB54B90F214035FA04EB1D1CA705D01AAA0
            APIs
              • Part of subcall function 00B08AA3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B08AED
              • Part of subcall function 00B08AA3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B08B1A
              • Part of subcall function 00B08AA3: GetLastError.KERNEL32 ref: 00B08B27
            • _memset.LIBCMT ref: 00B0867B
            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00B086CD
            • CloseHandle.KERNEL32(?), ref: 00B086DE
            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00B086F5
            • GetProcessWindowStation.USER32 ref: 00B0870E
            • SetProcessWindowStation.USER32(00000000), ref: 00B08718
            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00B08732
              • Part of subcall function 00B084F3: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B08631), ref: 00B08508
              • Part of subcall function 00B084F3: CloseHandle.KERNEL32(?,?,00B08631), ref: 00B0851A
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
            • String ID: $default$winsta0
            • API String ID: 2063423040-1027155976
            • Opcode ID: 74f87345e292632f787b05624ad36b8f33ec5136258abc369f3cac3e225a2a0b
            • Instruction ID: 0bb37c0fab17d6db40efe35eb47ddb2a07b6de4fae82785bf9e03f2fbcf21057
            • Opcode Fuzzy Hash: 74f87345e292632f787b05624ad36b8f33ec5136258abc369f3cac3e225a2a0b
            • Instruction Fuzzy Hash: E1815971900209AFDF119FA5CC45AEE7FB9EF08304F1481A9F955A72A1DF318E14DB60
            APIs
            • OpenClipboard.USER32(00B3F910), ref: 00B240A6
            • IsClipboardFormatAvailable.USER32(0000000D), ref: 00B240B4
            • GetClipboardData.USER32(0000000D), ref: 00B240BC
            • CloseClipboard.USER32 ref: 00B240C8
            • GlobalLock.KERNEL32(00000000), ref: 00B240E4
            • CloseClipboard.USER32 ref: 00B240EE
            • GlobalUnlock.KERNEL32(00000000), ref: 00B24103
            • IsClipboardFormatAvailable.USER32(00000001), ref: 00B24110
            • GetClipboardData.USER32(00000001), ref: 00B24118
            • GlobalLock.KERNEL32(00000000), ref: 00B24125
            • GlobalUnlock.KERNEL32(00000000), ref: 00B24159
            • CloseClipboard.USER32 ref: 00B24269
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
            • String ID:
            • API String ID: 3222323430-0
            • Opcode ID: a7be0aa57c703c6654eceac3cac8de3aacde4b8ee2cdfe97eb362639c735107c
            • Instruction ID: 9343e66c021814c6004bd5a4bdf76066db6db384884be65939ad8593a0fc23b4
            • Opcode Fuzzy Hash: a7be0aa57c703c6654eceac3cac8de3aacde4b8ee2cdfe97eb362639c735107c
            • Instruction Fuzzy Hash: 29518935604312ABD310AF64ED86FBF77A8AF94B00F204569F64AD31A2DF70D9058A62
            APIs
            • FindFirstFileW.KERNEL32(?,?), ref: 00B1C819
            • FindClose.KERNEL32(00000000), ref: 00B1C86D
            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B1C892
            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B1C8A9
            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B1C8D0
            • __swprintf.LIBCMT ref: 00B1C91C
            • __swprintf.LIBCMT ref: 00B1C95F
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
            • __swprintf.LIBCMT ref: 00B1C9B3
              • Part of subcall function 00AD3818: __woutput_l.LIBCMT ref: 00AD3871
            • __swprintf.LIBCMT ref: 00B1CA01
              • Part of subcall function 00AD3818: __flsbuf.LIBCMT ref: 00AD3893
              • Part of subcall function 00AD3818: __flsbuf.LIBCMT ref: 00AD38AB
            • __swprintf.LIBCMT ref: 00B1CA50
            • __swprintf.LIBCMT ref: 00B1CA9F
            • __swprintf.LIBCMT ref: 00B1CAEE
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
            • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
            • API String ID: 3953360268-2428617273
            • Opcode ID: 833e4cb3a593e025bda1b33d310bf2ad911422ced67969584eff2215af28b708
            • Instruction ID: fc0c1aa05c0269973ae6a4f98c6a66508fa2010915ad14082b2c16cbe1788574
            • Opcode Fuzzy Hash: 833e4cb3a593e025bda1b33d310bf2ad911422ced67969584eff2215af28b708
            • Instruction Fuzzy Hash: D7A12EB2408305ABC710EF64C986DEFB7ECEF95700F40491DB686D7192EA34DA48CB62
            APIs
            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00B1F042
            • _wcscmp.LIBCMT ref: 00B1F057
            • _wcscmp.LIBCMT ref: 00B1F06E
            • GetFileAttributesW.KERNEL32(?), ref: 00B1F080
            • SetFileAttributesW.KERNEL32(?,?), ref: 00B1F09A
            • FindNextFileW.KERNEL32(00000000,?), ref: 00B1F0B2
            • FindClose.KERNEL32(00000000), ref: 00B1F0BD
            • FindFirstFileW.KERNEL32(*.*,?), ref: 00B1F0D9
            • _wcscmp.LIBCMT ref: 00B1F100
            • _wcscmp.LIBCMT ref: 00B1F117
            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B1F129
            • SetCurrentDirectoryW.KERNEL32(00B68920), ref: 00B1F147
            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B1F151
            • FindClose.KERNEL32(00000000), ref: 00B1F15E
            • FindClose.KERNEL32(00000000), ref: 00B1F170
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
            • String ID: *.*
            • API String ID: 1803514871-438819550
            • Opcode ID: 1064d89b5aee0386a794ca381b04e3154fb460cd3563a93709055d48e424ff22
            • Instruction ID: d46d9c3570d4c109bba29570a3f58ba6897bad17e59e6d349f24d39f537bf00d
            • Opcode Fuzzy Hash: 1064d89b5aee0386a794ca381b04e3154fb460cd3563a93709055d48e424ff22
            • Instruction Fuzzy Hash: A1319F7290021BBADB109EA4DC59AFF77ECEF49320F5441B5F805E31A1DB34DA85CA64
            APIs
            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B309DE
            • RegCreateKeyExW.ADVAPI32(?,?,00000000,00B3F910,00000000,?,00000000,?,?), ref: 00B30A4C
            • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00B30A94
            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00B30B1D
            • RegCloseKey.ADVAPI32(?), ref: 00B30E3D
            • RegCloseKey.ADVAPI32(00000000), ref: 00B30E4A
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Close$ConnectCreateRegistryValue
            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
            • API String ID: 536824911-966354055
            • Opcode ID: 1a8ce570e64cfbcc0b4410b9bed91c3f0638d15c5363679d829d1214e39a0be7
            • Instruction ID: 5f4c11b6ca7962dfa81221945a238d643d06a37843bc53f24de8fe0fa7cd9c7a
            • Opcode Fuzzy Hash: 1a8ce570e64cfbcc0b4410b9bed91c3f0638d15c5363679d829d1214e39a0be7
            • Instruction Fuzzy Hash: 5B027F756106119FCB14EF24C995E6AB7E9FF88714F14889DF98A9B362CB30ED01CB81
            APIs
            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00B1F19F
            • _wcscmp.LIBCMT ref: 00B1F1B4
            • _wcscmp.LIBCMT ref: 00B1F1CB
              • Part of subcall function 00B143C6: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00B143E1
            • FindNextFileW.KERNEL32(00000000,?), ref: 00B1F1FA
            • FindClose.KERNEL32(00000000), ref: 00B1F205
            • FindFirstFileW.KERNEL32(*.*,?), ref: 00B1F221
            • _wcscmp.LIBCMT ref: 00B1F248
            • _wcscmp.LIBCMT ref: 00B1F25F
            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B1F271
            • SetCurrentDirectoryW.KERNEL32(00B68920), ref: 00B1F28F
            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B1F299
            • FindClose.KERNEL32(00000000), ref: 00B1F2A6
            • FindClose.KERNEL32(00000000), ref: 00B1F2B8
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
            • String ID: *.*
            • API String ID: 1824444939-438819550
            • Opcode ID: 03b059d6f627c3fce7f31f05586566510505fb3785808b5c901fce6ba594c214
            • Instruction ID: bb0e256025232f7e03da785ccaba87e9275ef30b63e5d6514e932c3b2609eceb
            • Opcode Fuzzy Hash: 03b059d6f627c3fce7f31f05586566510505fb3785808b5c901fce6ba594c214
            • Instruction Fuzzy Hash: 6631A23690065BAACF109BA4DC58AFE77ECEF45360F6041F5F804A31A0DB70DE85CA94
            APIs
            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00B1A299
            • __swprintf.LIBCMT ref: 00B1A2BB
            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00B1A2F8
            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00B1A31D
            • _memset.LIBCMT ref: 00B1A33C
            • _wcsncpy.LIBCMT ref: 00B1A378
            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00B1A3AD
            • CloseHandle.KERNEL32(00000000), ref: 00B1A3B8
            • RemoveDirectoryW.KERNEL32(?), ref: 00B1A3C1
            • CloseHandle.KERNEL32(00000000), ref: 00B1A3CB
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
            • String ID: :$\$\??\%s
            • API String ID: 2733774712-3457252023
            • Opcode ID: 8a495eca57b2a1899e5885de264b0d4b8391d74f9d24bd12e73609a29001547e
            • Instruction ID: 6cf8caa83df6a6069e14118cd834eb270b63665852014795aeb5784b49244956
            • Opcode Fuzzy Hash: 8a495eca57b2a1899e5885de264b0d4b8391d74f9d24bd12e73609a29001547e
            • Instruction Fuzzy Hash: 1B3193B590010AABDB219FA0DC45FFF77BCEF89740F6041B6F919D2160EB7096848B65
            APIs
              • Part of subcall function 00B0852A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B08546
              • Part of subcall function 00B0852A: GetLastError.KERNEL32(?,00B0800A,?,?,?), ref: 00B08550
              • Part of subcall function 00B0852A: GetProcessHeap.KERNEL32(00000008,?,?,00B0800A,?,?,?), ref: 00B0855F
              • Part of subcall function 00B0852A: HeapAlloc.KERNEL32(00000000,?,00B0800A,?,?,?), ref: 00B08566
              • Part of subcall function 00B0852A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B0857D
              • Part of subcall function 00B085C7: GetProcessHeap.KERNEL32(00000008,00B08020,00000000,00000000,?,00B08020,?), ref: 00B085D3
              • Part of subcall function 00B085C7: HeapAlloc.KERNEL32(00000000,?,00B08020,?), ref: 00B085DA
              • Part of subcall function 00B085C7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00B08020,?), ref: 00B085EB
            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B08238
            • _memset.LIBCMT ref: 00B0824D
            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B0826C
            • GetLengthSid.ADVAPI32(?), ref: 00B0827D
            • GetAce.ADVAPI32(?,00000000,?), ref: 00B082BA
            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B082D6
            • GetLengthSid.ADVAPI32(?), ref: 00B082F3
            • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00B08302
            • HeapAlloc.KERNEL32(00000000), ref: 00B08309
            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B0832A
            • CopySid.ADVAPI32(00000000), ref: 00B08331
            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B08362
            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B08388
            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B0839C
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
            • String ID:
            • API String ID: 3996160137-0
            • Opcode ID: 071858203a5719bb877b3d6519343af248d1239343b2a8a96d3b9f9a7c379be7
            • Instruction ID: 984c99ddc174608518dd64886e757952a5331b9177a03b5a423c8f851ff515bc
            • Opcode Fuzzy Hash: 071858203a5719bb877b3d6519343af248d1239343b2a8a96d3b9f9a7c379be7
            • Instruction Fuzzy Hash: DF61447190020AEFDF148FA4DC85AEEBBB9FF44700F1481A9F955A7291DF319A05CBA0
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)
            • API String ID: 0-4052911093
            • Opcode ID: e49dc7c3625967a208ac27bfd9c45541b649b821a3d9902b571099917c40e05d
            • Instruction ID: 04bed215f9a877538544d32f3eb7b0783c8cfe594f4bc41b3b1ae1af35e17b30
            • Opcode Fuzzy Hash: e49dc7c3625967a208ac27bfd9c45541b649b821a3d9902b571099917c40e05d
            • Instruction Fuzzy Hash: 49725075E006199BDF28CF59C890BADBBF5FF48710F1585AAE805EB290EB349E41CB50
            APIs
              • Part of subcall function 00B30EA5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B2FE38,?,?), ref: 00B30EBC
            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B30537
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00B305D6
            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00B3066E
            • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00B308AD
            • RegCloseKey.ADVAPI32(00000000), ref: 00B308BA
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
            • String ID:
            • API String ID: 1240663315-0
            • Opcode ID: a99baff4ceefbea584ab35b30a7ddd852d6db0434677f7e3f627446b7c95a582
            • Instruction ID: 9f2012e7214cea6fa361e12505548a6680543f8bb99567268d60216d10a3edc4
            • Opcode Fuzzy Hash: a99baff4ceefbea584ab35b30a7ddd852d6db0434677f7e3f627446b7c95a582
            • Instruction Fuzzy Hash: 30E15E31614210AFCB14EF28C995E6BBBE9EF88714F1485ADF44ADB262DB30ED01CB51
            APIs
            • GetKeyboardState.USER32(?), ref: 00B10062
            • GetAsyncKeyState.USER32(000000A0), ref: 00B100E3
            • GetKeyState.USER32(000000A0), ref: 00B100FE
            • GetAsyncKeyState.USER32(000000A1), ref: 00B10118
            • GetKeyState.USER32(000000A1), ref: 00B1012D
            • GetAsyncKeyState.USER32(00000011), ref: 00B10145
            • GetKeyState.USER32(00000011), ref: 00B10157
            • GetAsyncKeyState.USER32(00000012), ref: 00B1016F
            • GetKeyState.USER32(00000012), ref: 00B10181
            • GetAsyncKeyState.USER32(0000005B), ref: 00B10199
            • GetKeyState.USER32(0000005B), ref: 00B101AB
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: State$Async$Keyboard
            • String ID:
            • API String ID: 541375521-0
            • Opcode ID: 2eac1633ed63e9a052a898695ba7cce54f1d2fb3defc5cd638df818af6a0ffc2
            • Instruction ID: 217e671c2aa1088c846888aaec0bb99703ca681cbced3721fd7a6c20aec203de
            • Opcode Fuzzy Hash: 2eac1633ed63e9a052a898695ba7cce54f1d2fb3defc5cd638df818af6a0ffc2
            • Instruction Fuzzy Hash: A741CB249147CA79FF31AA6088043F5BEE1EF15340F9880DAE9C5571C2DBE899D4C792
            APIs
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
            • CoInitialize.OLE32 ref: 00B28518
            • CoUninitialize.OLE32 ref: 00B28523
            • CoCreateInstance.OLE32(?,00000000,00000017,00B42BEC,?), ref: 00B28583
            • IIDFromString.OLE32(?,?), ref: 00B285F6
            • VariantInit.OLEAUT32(?), ref: 00B28690
            • VariantClear.OLEAUT32(?), ref: 00B286F1
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
            • API String ID: 834269672-1287834457
            • Opcode ID: 8ddb0926c496553481e5e61b73f59c93d80d99b5905dd0392e6829f2cbe879a1
            • Instruction ID: b93818832118c9aea29ba738c3727c7da95d096423ace8c864d04e909e8c0dca
            • Opcode Fuzzy Hash: 8ddb0926c496553481e5e61b73f59c93d80d99b5905dd0392e6829f2cbe879a1
            • Instruction Fuzzy Hash: 2061AF706093219FC711DF14E984B6EBBE8EF48714F10489DF9899B2A1CB70ED48CB92
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
            • String ID:
            • API String ID: 1737998785-0
            • Opcode ID: f688d71a8ac49685677c4edea7ba115204632bfbe11ccba692141dcfb98717dc
            • Instruction ID: f2eba9f45818939598d500178e7ed127bb4ea74309ea1188395b5841824ec969
            • Opcode Fuzzy Hash: f688d71a8ac49685677c4edea7ba115204632bfbe11ccba692141dcfb98717dc
            • Instruction Fuzzy Hash: 11217C356006219FDB10AF64ED49B6E7BA8EF08710F20806AF94ADB2B1DB70A801CB54
            APIs
              • Part of subcall function 00AB48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AB48A1,?,?,00AB37C0,?), ref: 00AB48CE
              • Part of subcall function 00B14AD8: GetFileAttributesW.KERNEL32(?,00B1374F), ref: 00B14AD9
            • FindFirstFileW.KERNEL32(?,?), ref: 00B138E7
            • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 00B1398F
            • MoveFileW.KERNEL32(?,?), ref: 00B139A2
            • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 00B139BF
            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B139E1
            • FindClose.KERNEL32(00000000,?,?,?,?), ref: 00B139FD
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
            • String ID: \*.*
            • API String ID: 4002782344-1173974218
            • Opcode ID: abfd85865d317c52e848c77abbc18dff8a49763966a7f8bc7500263397f9f205
            • Instruction ID: 183759bb0357d8154f2a478f8b94ccc516a881fc76ca544b68a2f65b70af361e
            • Opcode Fuzzy Hash: abfd85865d317c52e848c77abbc18dff8a49763966a7f8bc7500263397f9f205
            • Instruction Fuzzy Hash: 32518C31805249AACF11EBA0CE929FDB7FDAF14340FA441A9E44277092EF716F49CB60
            APIs
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
            • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00B1F4CC
            • Sleep.KERNEL32(0000000A), ref: 00B1F4FC
            • _wcscmp.LIBCMT ref: 00B1F510
            • _wcscmp.LIBCMT ref: 00B1F52B
            • FindNextFileW.KERNEL32(?,?), ref: 00B1F5C9
            • FindClose.KERNEL32(00000000), ref: 00B1F5DF
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
            • String ID: *.*
            • API String ID: 713712311-438819550
            • Opcode ID: d5cde9207271eaf5484cf4ac6bec1cb7d55dd908e988a3075183169711877876
            • Instruction ID: 61b0d6e7d09f7873ae4982f61e5110c8a06af4937cfceb8563c52684dddbac59
            • Opcode Fuzzy Hash: d5cde9207271eaf5484cf4ac6bec1cb7d55dd908e988a3075183169711877876
            • Instruction Fuzzy Hash: 6E41707190021AABCF11DFA4CC45AFEBBF9FF14350F5445A6E815A32A1EB319E85CB50
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
            • API String ID: 0-1546025612
            • Opcode ID: 3029b89a2e09d7df735e5058f898d40ae1073960788104bc1348e6e13188413f
            • Instruction ID: 68d98976b214f5a3e6f23b2227a1977f19b567bca2cf188a7cd3157398737c6c
            • Opcode Fuzzy Hash: 3029b89a2e09d7df735e5058f898d40ae1073960788104bc1348e6e13188413f
            • Instruction Fuzzy Hash: 97A28174E0421ACBDF24CF98C9A0BBDB7B1BB58314F2581AEE956A7280D7349D81CF54
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memmove
            • String ID:
            • API String ID: 4104443479-0
            • Opcode ID: 68fac54d835c932985ab311720a7d95b5e27833ae316f9bbf95f0c263433665c
            • Instruction ID: 7ccfce5dc7a3862fff64c10edb05653ac76f354a40658cd8879af99835ab0429
            • Opcode Fuzzy Hash: 68fac54d835c932985ab311720a7d95b5e27833ae316f9bbf95f0c263433665c
            • Instruction Fuzzy Hash: 83127A70A00609DFDF14DFA9DA85AEEB7F9FF48300F108569E406A7291EB35AD51CB50
            APIs
              • Part of subcall function 00AB48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AB48A1,?,?,00AB37C0,?), ref: 00AB48CE
              • Part of subcall function 00B14AD8: GetFileAttributesW.KERNEL32(?,00B1374F), ref: 00B14AD9
            • FindFirstFileW.KERNEL32(?,?), ref: 00B13BCD
            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00B13C1D
            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B13C2E
            • FindClose.KERNEL32(00000000), ref: 00B13C45
            • FindClose.KERNEL32(00000000), ref: 00B13C4E
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
            • String ID: \*.*
            • API String ID: 2649000838-1173974218
            • Opcode ID: 82cbc3ad120e3108351b0a981f92279e31acae5bc5fcf25e416cf5317d30e74c
            • Instruction ID: 130857b0530ccb49fde59e1aaad8b7e54eae988e4a21a3dfe8154f6685153321
            • Opcode Fuzzy Hash: 82cbc3ad120e3108351b0a981f92279e31acae5bc5fcf25e416cf5317d30e74c
            • Instruction Fuzzy Hash: 61314B31408385ABC305EF64D9959EFB7ECAE95700F844E6DF4D593192EF209A09CBA2
            APIs
              • Part of subcall function 00B08AA3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B08AED
              • Part of subcall function 00B08AA3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B08B1A
              • Part of subcall function 00B08AA3: GetLastError.KERNEL32 ref: 00B08B27
            • ExitWindowsEx.USER32(?,00000000), ref: 00B152A0
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
            • String ID: $@$SeShutdownPrivilege
            • API String ID: 2234035333-194228
            • Opcode ID: ca5d6d50c719b3978762af02487026b9b058eb271c864e1d9ee7cd71b23f4911
            • Instruction ID: 8884c61db9c5577cb28f74fef6433e9a22d0109e3c52ca0dddb291c558022bff
            • Opcode Fuzzy Hash: ca5d6d50c719b3978762af02487026b9b058eb271c864e1d9ee7cd71b23f4911
            • Instruction Fuzzy Hash: 0301D472B90612EAE73826689C8BBFA72D8EB45741FB401A5F847D24D2DA715C8481D0
            APIs
            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00B263F2
            • WSAGetLastError.WSOCK32(00000000), ref: 00B26401
            • bind.WSOCK32(00000000,?,00000010), ref: 00B2641D
            • listen.WSOCK32(00000000,00000005), ref: 00B2642C
            • WSAGetLastError.WSOCK32(00000000), ref: 00B26446
            • closesocket.WSOCK32(00000000,00000000), ref: 00B2645A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorLast$bindclosesocketlistensocket
            • String ID:
            • API String ID: 1279440585-0
            • Opcode ID: 074a22e4233905ca99423f5aae989df2bcecefd78d115a0a3d88d60967df7dec
            • Instruction ID: 7c937e3d3b316b80cfabe4f00a29e783b26ad0cbf6a9a387397f80a12d4a0103
            • Opcode Fuzzy Hash: 074a22e4233905ca99423f5aae989df2bcecefd78d115a0a3d88d60967df7dec
            • Instruction Fuzzy Hash: BC21A5346002159FCB10EF64D945A7EB7E9EF49710F248199F95AA73D2CB70AD01CB51
            APIs
              • Part of subcall function 00AD0F36: std::exception::exception.LIBCMT ref: 00AD0F6C
              • Part of subcall function 00AD0F36: __CxxThrowException@8.LIBCMT ref: 00AD0F81
            • _memmove.LIBCMT ref: 00B005AE
            • _memmove.LIBCMT ref: 00B006C3
            • _memmove.LIBCMT ref: 00B0076A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memmove$Exception@8Throwstd::exception::exception
            • String ID:
            • API String ID: 1300846289-0
            • Opcode ID: 9e11778a9759bab90d5cb4c172986e533eb1ca1ac39f6402eb0bf9fac3383211
            • Instruction ID: cf88d8bf1a8e5dd9246ca7ea6193b4e92ee9443039d6fa0453f563463eead135
            • Opcode Fuzzy Hash: 9e11778a9759bab90d5cb4c172986e533eb1ca1ac39f6402eb0bf9fac3383211
            • Instruction Fuzzy Hash: E8028F70E10209DBDF14DF64D981AAEBBF9EF44300F1580A9E806DB395EB35EA51CB91
            APIs
              • Part of subcall function 00AB2612: GetWindowLongW.USER32(?,000000EB), ref: 00AB2623
            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00AB19FA
            • GetSysColor.USER32(0000000F), ref: 00AB1A4E
            • SetBkColor.GDI32(?,00000000), ref: 00AB1A61
              • Part of subcall function 00AB1290: DefDlgProcW.USER32(?,00000020,?), ref: 00AB12D8
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ColorProc$LongWindow
            • String ID:
            • API String ID: 3744519093-0
            • Opcode ID: 46564157902fd31a43cd4e25a201e590c57bb810514f3f83293ad8ce082ebd29
            • Instruction ID: 5ee7c0c1c3abb4e8781be372b497561a195fee6846acb51e4aa97db9abbd8ec2
            • Opcode Fuzzy Hash: 46564157902fd31a43cd4e25a201e590c57bb810514f3f83293ad8ce082ebd29
            • Instruction Fuzzy Hash: 00A13C711215C4BEEA38AB695C7DDFF3AADDB413C1FA4011DF402E6193DE24AD4192B2
            APIs
              • Part of subcall function 00B27EA0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00B27ECB
            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00B268B4
            • WSAGetLastError.WSOCK32(00000000), ref: 00B268DD
            • bind.WSOCK32(00000000,?,00000010), ref: 00B26916
            • WSAGetLastError.WSOCK32(00000000), ref: 00B26923
            • closesocket.WSOCK32(00000000,00000000), ref: 00B26937
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorLast$bindclosesocketinet_addrsocket
            • String ID:
            • API String ID: 99427753-0
            • Opcode ID: 1f9f407213fe9a379d787c4f50c4b9ade02bc4d5ad28c3733acb9eca33b763f4
            • Instruction ID: 7496c9cf2b488035fd5aea181bc76fcc5e5cc6ae4f8773651e17fc0991edc447
            • Opcode Fuzzy Hash: 1f9f407213fe9a379d787c4f50c4b9ade02bc4d5ad28c3733acb9eca33b763f4
            • Instruction Fuzzy Hash: 6041B475A00210AFEB10AF689D86FBE77EDDB48710F44815CFA1AAB3D3DA749D018791
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$EnabledForegroundIconicVisibleZoomed
            • String ID:
            • API String ID: 292994002-0
            • Opcode ID: b3bed54fca7db07c26b70cf5486506969b33bd7f6e45926496cfe7b5967317bd
            • Instruction ID: 2266d4ae8203b88cd437753198bec6b0a105a0d725c8838dd2dfb9d72ab6b6a8
            • Opcode Fuzzy Hash: b3bed54fca7db07c26b70cf5486506969b33bd7f6e45926496cfe7b5967317bd
            • Instruction Fuzzy Hash: 1C11DD31B00A116BE7245F26DC44A6EBBDCFF44762F208068F846D7351CB70E84286A4
            APIs
            • LoadLibraryA.KERNEL32(kernel32.dll,?,00AF1CB7,?), ref: 00B2C112
            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00B2C124
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AddressLibraryLoadProc
            • String ID: GetSystemWow64DirectoryW$kernel32.dll
            • API String ID: 2574300362-1816364905
            • Opcode ID: 7b328a2262b2ee1b6bd459adef4f5775448b5e4ba7acda3c9ebd80914d7c40dc
            • Instruction ID: 56231e529a1bf99c19d3cf0b9170d6086d552892fe613454c17e2de6aaf0ddee
            • Opcode Fuzzy Hash: 7b328a2262b2ee1b6bd459adef4f5775448b5e4ba7acda3c9ebd80914d7c40dc
            • Instruction Fuzzy Hash: 45E01D74510733CFD7205F25E819B5A7AD4EF05755B508479D499E3260E774D440C751
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __itow__swprintf
            • String ID:
            • API String ID: 674341424-0
            • Opcode ID: e40cbf957436f37ba9cdbcb12ae89cd28ffc424203fdb86598624acf0dfef228
            • Instruction ID: 76dce9b5c6afb0bb0f117b1db3f437c189a023b76c862fc47e9b051b6ba8acd2
            • Opcode Fuzzy Hash: e40cbf957436f37ba9cdbcb12ae89cd28ffc424203fdb86598624acf0dfef228
            • Instruction Fuzzy Hash: 32228B725083019FCB24DF64C991FAFB7E4AF88710F11891DF59A97292DB71EA04CB92
            APIs
            • CreateToolhelp32Snapshot.KERNEL32 ref: 00B2EF51
            • Process32FirstW.KERNEL32(00000000,?), ref: 00B2EF5F
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
            • Process32NextW.KERNEL32(00000000,?), ref: 00B2F01F
            • CloseHandle.KERNEL32(00000000,?,?,?), ref: 00B2F02E
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
            • String ID:
            • API String ID: 2576544623-0
            • Opcode ID: 617cccf02d52c15210fe811fa0f905316a90d6338a42c13ba59ccb559167b967
            • Instruction ID: 61943deb44901432e44b90ae2a1733ba18ca426b190741742e083fbe030659b0
            • Opcode Fuzzy Hash: 617cccf02d52c15210fe811fa0f905316a90d6338a42c13ba59ccb559167b967
            • Instruction Fuzzy Hash: AB515D715043119BD310EF24D985EAFBBECEF88750F10492DF59597252DB70E908CB92
            APIs
            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00B0E93A
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: lstrlen
            • String ID: ($|
            • API String ID: 1659193697-1631851259
            • Opcode ID: 46511e5e628ea6cb4192a291e7420dcd2171efdd7df10af088faf99d5d733eff
            • Instruction ID: c13b8bd0c7e50cf486c02a5c0e0ce7fd75885c046e3d855af1f492e42f8897ac
            • Opcode Fuzzy Hash: 46511e5e628ea6cb4192a291e7420dcd2171efdd7df10af088faf99d5d733eff
            • Instruction Fuzzy Hash: 0A321775A00605DFD728CF19C48196ABBF1FF48320B15C9AEE4AADB7A1E770E941CB44
            APIs
            • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00B21920,00000000), ref: 00B224F7
            • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00B2252E
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Internet$AvailableDataFileQueryRead
            • String ID:
            • API String ID: 599397726-0
            • Opcode ID: d7541063835b3a6a577066a558c8e5ee8744fb7447a2e2c0418547e103379819
            • Instruction ID: 44087c8f53274b4a22f5c9dc19be4e46b0696fee3e35c80a3a1bf417bd9257e9
            • Opcode Fuzzy Hash: d7541063835b3a6a577066a558c8e5ee8744fb7447a2e2c0418547e103379819
            • Instruction Fuzzy Hash: ED41D471904219BFEB20DF95EC95EBFB7FCEB54724F1080AAF609E7240DA709E419660
            APIs
            • SetErrorMode.KERNEL32(00000001), ref: 00B1B3CF
            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00B1B429
            • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00B1B476
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorMode$DiskFreeSpace
            • String ID:
            • API String ID: 1682464887-0
            • Opcode ID: 39515a470d03aca4646e58c2af5e06e816f8e45b36591d82a74c45b87a84db57
            • Instruction ID: da3d15888d25fa5c509f13cbf74a51cb0c1065c4ff6b61a55c0f8730a00458ed
            • Opcode Fuzzy Hash: 39515a470d03aca4646e58c2af5e06e816f8e45b36591d82a74c45b87a84db57
            • Instruction Fuzzy Hash: 91213235A10518DFCB00EFA5D884EEEBBF8FF49310F1480A9E905AB362DB319955CB51
            APIs
              • Part of subcall function 00AD0F36: std::exception::exception.LIBCMT ref: 00AD0F6C
              • Part of subcall function 00AD0F36: __CxxThrowException@8.LIBCMT ref: 00AD0F81
            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B08AED
            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B08B1A
            • GetLastError.KERNEL32 ref: 00B08B27
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
            • String ID:
            • API String ID: 1922334811-0
            • Opcode ID: b0909f94b57042b98fe7c50520e20004af7554ac70858eab7a63d0c1c1e9d458
            • Instruction ID: efa44745fa3a0da0d65ddddfc84e3cec205d969378fb0cbeb6d62732db8b0bd4
            • Opcode Fuzzy Hash: b0909f94b57042b98fe7c50520e20004af7554ac70858eab7a63d0c1c1e9d458
            • Instruction Fuzzy Hash: 7B11BCB1914209AFD728AF64DCC5D3BBBF9EB44310B20816EF48693251EB30AC00CA60
            APIs
            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00B14A31
            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00B14A48
            • FreeSid.ADVAPI32(?), ref: 00B14A58
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AllocateCheckFreeInitializeMembershipToken
            • String ID:
            • API String ID: 3429775523-0
            • Opcode ID: b9356a6ced11a5250c83672a17627994e814ba187da57e5e4e9b7c952f108258
            • Instruction ID: 59d987471b58f8e1795c69181d458f975166454cfea3f0f706f3fefab65f8b8c
            • Opcode Fuzzy Hash: b9356a6ced11a5250c83672a17627994e814ba187da57e5e4e9b7c952f108258
            • Instruction Fuzzy Hash: 95F03775E5120DBFDB04DFE49D89ABEBBB8EF08201F5044A9A905E2181E6706A448B50
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e587ddcc7613276c759dbee755af33fbc4d7d080e7e53134292dd460d2e11de4
            • Instruction ID: b57108766a3d8925c3788d77a691a4b0561b32c32367786b7ddaec211d05d9bc
            • Opcode Fuzzy Hash: e587ddcc7613276c759dbee755af33fbc4d7d080e7e53134292dd460d2e11de4
            • Instruction Fuzzy Hash: E4228C75A002198FDB24DF54C490AFEB7F8FF18310F248169E956AB342E375AD85CB91
            APIs
            • FindFirstFileW.KERNEL32(?,?), ref: 00B1C787
            • FindClose.KERNEL32(00000000), ref: 00B1C7B7
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Find$CloseFileFirst
            • String ID:
            • API String ID: 2295610775-0
            • Opcode ID: 269312e11ea409df151cd2dd31f52aee4ee85d20725abfd5bdf512a781fe0965
            • Instruction ID: 86e84ae5ca905da401dfe060ab71c7350080508c18604430f8277a9d0e564cf2
            • Opcode Fuzzy Hash: 269312e11ea409df151cd2dd31f52aee4ee85d20725abfd5bdf512a781fe0965
            • Instruction Fuzzy Hash: 8D11A1326102009FD710DF29C845A6AF7E9FF84320F00855EF9A9D72A1DB70AC01CB81
            APIs
            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00B2957D,?,00B3FB84,?), ref: 00B1A121
            • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00B2957D,?,00B3FB84,?), ref: 00B1A133
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorFormatLastMessage
            • String ID:
            • API String ID: 3479602957-0
            • Opcode ID: b8575730bb5811819aa2a085680cec99548580339aad1c1521239b0e21b5ab65
            • Instruction ID: bb5c7815f9ccb6e31f16d83b873595d82d4791fe22ac5df6e2c0e6516937daa2
            • Opcode Fuzzy Hash: b8575730bb5811819aa2a085680cec99548580339aad1c1521239b0e21b5ab65
            • Instruction Fuzzy Hash: 04F0BE35505229BBDB109AA4CC48FEE73ACEF09361F0081A6B80993181DA30A940CBA1
            APIs
            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B08631), ref: 00B08508
            • CloseHandle.KERNEL32(?,?,00B08631), ref: 00B0851A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AdjustCloseHandlePrivilegesToken
            • String ID:
            • API String ID: 81990902-0
            • Opcode ID: 42d1a18660d0bb236823bf735a55cfeae68b876d6e2c299a45d7c6ae18d50afa
            • Instruction ID: bc4cfb0414baef95fd378842711785812d36210f3a00f3878496ca01fe800566
            • Opcode Fuzzy Hash: 42d1a18660d0bb236823bf735a55cfeae68b876d6e2c299a45d7c6ae18d50afa
            • Instruction Fuzzy Hash: 3CE0E671014511AFE7252F64ED05E777BE9EF44310B24842EF4D682470DF615C91DB50
            APIs
            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00AD8ED7,?,?,?,00000001), ref: 00ADA2DA
            • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00ADA2E3
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ExceptionFilterUnhandled
            • String ID:
            • API String ID: 3192549508-0
            • Opcode ID: 0ddf2f8bf37a8891759ea122525062f61c41f76f65971dae60b8b8017f970d85
            • Instruction ID: d29eda0f7f55933780b59ac1b1efb793d1011e431a82105262331ca914237df9
            • Opcode Fuzzy Hash: 0ddf2f8bf37a8891759ea122525062f61c41f76f65971dae60b8b8017f970d85
            • Instruction Fuzzy Hash: BDB0923145420AABCB002B91EC09BAE3F68EB45AA2F504020F60D86060CF6254508A99
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ce67c155959943b8b7b8a7dc1162bda538f2756ec4a0f14e68aef9dc0303d19f
            • Instruction ID: f1757c23b48d333f9d1f64f4d9a7361ff79e2dab54d1424ce3ef086220c8950a
            • Opcode Fuzzy Hash: ce67c155959943b8b7b8a7dc1162bda538f2756ec4a0f14e68aef9dc0303d19f
            • Instruction Fuzzy Hash: FB320F26D69F014DD7239635D832336A259AFB73C4F15D737E82BB6AA6EF28C5834100
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ea4ba3cc9434898f33f715a6d32bdbabba2af1942804382adc633d5c55aece7c
            • Instruction ID: 59d88326edcb994a771d72550f0f09be1517a363ba3fcb70e855feb5f40aa182
            • Opcode Fuzzy Hash: ea4ba3cc9434898f33f715a6d32bdbabba2af1942804382adc633d5c55aece7c
            • Instruction Fuzzy Hash: 8FB1F024D6AF404DD2239A398831336BA5CBFBB2C5F51D71BFC6675D22FB2186834241
            APIs
            • __time64.LIBCMT ref: 00B18944
              • Part of subcall function 00AD537A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00B19017,00000000,?,?,?,?,00B191C8,00000000,?), ref: 00AD5383
              • Part of subcall function 00AD537A: __aulldiv.LIBCMT ref: 00AD53A3
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Time$FileSystem__aulldiv__time64
            • String ID:
            • API String ID: 2893107130-0
            • Opcode ID: 21fd9c2827666ce8ce4e39083f522c507c8f66772215b9b073ac349806e5feb7
            • Instruction ID: 088520e10c1632f8485587e49a1ac02d4fc50a7cc8672488b2ad0fbebaacf3b6
            • Opcode Fuzzy Hash: 21fd9c2827666ce8ce4e39083f522c507c8f66772215b9b073ac349806e5feb7
            • Instruction Fuzzy Hash: CB21E432635910CBC729CF25D441A92B3E1EBA5310F688E6CE1F9CB2C0CE34B945DB50
            APIs
            • BlockInput.USER32(00000001), ref: 00B2403A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: BlockInput
            • String ID:
            • API String ID: 3456056419-0
            • Opcode ID: b1f131dd436e62b566bc899d58bf7b10c5e44f2d765232e298871c524309bdf3
            • Instruction ID: a11908f9fab1ae717daaa886b40abb80755057f82d3d5f0b223f33e9f2403497
            • Opcode Fuzzy Hash: b1f131dd436e62b566bc899d58bf7b10c5e44f2d765232e298871c524309bdf3
            • Instruction Fuzzy Hash: 5AE012312001145FC7109F59E445A9BBBDCAF657A0F008055F949D7652DA70A8458B95
            APIs
            • mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 00B14D1D
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: mouse_event
            • String ID:
            • API String ID: 2434400541-0
            • Opcode ID: db3dfe19d875af0edbae4482d2912d87122a1bf2e4e0e222382aedf7983a9dc1
            • Instruction ID: 999db14c5b0f329b7b1a4816753b93f5ce7bc9b40b29b2e6c664a9e961e1f0eb
            • Opcode Fuzzy Hash: db3dfe19d875af0edbae4482d2912d87122a1bf2e4e0e222382aedf7983a9dc1
            • Instruction Fuzzy Hash: FFD09EA416460AB9FC280B20BC6FBF61189F312B96FE845E97602971C5AAE85CC1A435
            APIs
            • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00B086B1), ref: 00B08A93
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: LogonUser
            • String ID:
            • API String ID: 1244722697-0
            • Opcode ID: aa1d0d16cf5180e949865c802df9a2d03210115c8c755c7526ffe5bdda2d3220
            • Instruction ID: da599a790ee8c01b96a2a041ce14fcc6a539f6dd355e1424968b782ee02f6f01
            • Opcode Fuzzy Hash: aa1d0d16cf5180e949865c802df9a2d03210115c8c755c7526ffe5bdda2d3220
            • Instruction Fuzzy Hash: 86D05E3226450EABEF018EA8DC01EBE3B69EB04B01F408111FE15C60A1C775D835AB60
            APIs
            • GetUserNameW.ADVAPI32(?,?), ref: 00AF2171
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: NameUser
            • String ID:
            • API String ID: 2645101109-0
            • Opcode ID: 68dfb85a983e3aca4248459db90171f8ff63285943378f5c34137b09d5d65446
            • Instruction ID: 7cae7adb82ed2f67b962a5a9e43d1904b9aa9bd22305905640598f4614f16c38
            • Opcode Fuzzy Hash: 68dfb85a983e3aca4248459db90171f8ff63285943378f5c34137b09d5d65446
            • Instruction Fuzzy Hash: B3C04CF580110DDBCB05DF90D988DFE77BCAB04304F204455A101F2100D7749B448B71
            APIs
            • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00ADA2AA
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ExceptionFilterUnhandled
            • String ID:
            • API String ID: 3192549508-0
            • Opcode ID: a89028d13a8634f7b5abb3835fc8e628f0da615ab52f61afb9c7ae6942944a35
            • Instruction ID: 25eac7dd0827dfbcb1274c59807c3e0fb8e88f3ec9810595b793bcc30975824d
            • Opcode Fuzzy Hash: a89028d13a8634f7b5abb3835fc8e628f0da615ab52f61afb9c7ae6942944a35
            • Instruction Fuzzy Hash: 17A0123000010DA78B001B41EC044597F5CD6011907004020F40C420218B3254104584
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ce720ab73a9d44deb0112907084d8369ccd0ba46aa690cbcc7946a9f510bd8ee
            • Instruction ID: 3f805d1bc5f23e5abd3c4051a419f736d05a2cb61fd74fdc82ad5dc1e02be7ef
            • Opcode Fuzzy Hash: ce720ab73a9d44deb0112907084d8369ccd0ba46aa690cbcc7946a9f510bd8ee
            • Instruction Fuzzy Hash: 062206706045568BDF388B28C494B7EBBE1FF01344F6A80AEE856DB9D5DB389D81CB50
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
            • Instruction ID: 8664c8ac4b2917442fd139011191e6841abc9c54b8502a2fd374390c9e7b32fb
            • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
            • Instruction Fuzzy Hash: B5C173722151930ADF2D4739843463EBEA15EA27B231A075FE8B3CB2D5EF24C964D720
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
            • Instruction ID: 3ecea0283aa28aa99dc4f1f4d0d2f3b9265a41931ae703a1427cc4290cbf8f0e
            • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
            • Instruction Fuzzy Hash: 45C1323261519309DB6D473A847423EBFA15BA27B231A176FE4B3DB2D5EF20C924D720
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
            • Instruction ID: 7cab2d126f13e520f43d447b4fc460f4a8616db480024de1c1b53e13e6339241
            • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
            • Instruction Fuzzy Hash: 91C1713231919319DF6D473A847453EBFA15AA27B231A076FE4B3CB2C4EF20C964D620
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
            • Instruction ID: cc672af35dcdce598243ea9e6721840c8dfa2381de183a9f6a335ff266a7717e
            • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
            • Instruction Fuzzy Hash: 9241D371D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB50
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
            • Instruction ID: 403e22c94cb62de84028451a32a683cf4bd3c37dabea741c224e536d2b4008cc
            • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
            • Instruction Fuzzy Hash: 12019278A01109EFCB44DF98D5A09AEF7B5FF48310F248699E809A7341D730AE82DB90
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
            • Instruction ID: 930c298620c6238339b285d5dc0b6e3bd31dff62e2a356f5c48bb90ebd995e69
            • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
            • Instruction Fuzzy Hash: 1B019278A01209EFCB48DF98D5A09AEF7F5FB48310F208599E809A7341D730AE81DB90
            Memory Dump Source
            • Source File: 00000000.00000002.1693834646.0000000000D16000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D16000, based on PE: false
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_d16000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
            • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
            • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
            • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
            APIs
            • DeleteObject.GDI32(00000000), ref: 00B27970
            • DeleteObject.GDI32(00000000), ref: 00B27982
            • DestroyWindow.USER32 ref: 00B27990
            • GetDesktopWindow.USER32 ref: 00B279AA
            • GetWindowRect.USER32(00000000), ref: 00B279B1
            • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00B27AF2
            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00B27B02
            • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B27B4A
            • GetClientRect.USER32(00000000,?), ref: 00B27B56
            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00B27B90
            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B27BB2
            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B27BC5
            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B27BD0
            • GlobalLock.KERNEL32(00000000), ref: 00B27BD9
            • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B27BE8
            • GlobalUnlock.KERNEL32(00000000), ref: 00B27BF1
            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B27BF8
            • GlobalFree.KERNEL32(00000000), ref: 00B27C03
            • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B27C15
            • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00B42CAC,00000000), ref: 00B27C2B
            • GlobalFree.KERNEL32(00000000), ref: 00B27C3B
            • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00B27C61
            • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00B27C80
            • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B27CA2
            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B27E8F
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
            • String ID: $AutoIt v3$DISPLAY$static
            • API String ID: 2211948467-2373415609
            • Opcode ID: ee57b9600988804010ba19a562a972e056ee0fb1372f85b28f4635720663529f
            • Instruction ID: 528fffdb3351d7e2ad6fe84a849d050442685d29d1796ea8fa70c3e9a61021db
            • Opcode Fuzzy Hash: ee57b9600988804010ba19a562a972e056ee0fb1372f85b28f4635720663529f
            • Instruction Fuzzy Hash: CA027E71900115EFDB14DFA8DD89EAE7BB9FF49310F108199F909AB2A1CB70AD41CB64
            APIs
            • CharUpperBuffW.USER32(?,?,00B3F910), ref: 00B33690
            • IsWindowVisible.USER32(?), ref: 00B336B4
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: BuffCharUpperVisibleWindow
            • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
            • API String ID: 4105515805-45149045
            • Opcode ID: 4fa0562865c6739bf47fe8fe84cd4312bc7ed2159f98a04baf1c654850499562
            • Instruction ID: 93b493ecf3481f14c132a1c6bdeaa577dc37a8bcf01447e221d046dcba36961a
            • Opcode Fuzzy Hash: 4fa0562865c6739bf47fe8fe84cd4312bc7ed2159f98a04baf1c654850499562
            • Instruction Fuzzy Hash: 5BD15D302147019BCB14EF10C591A6F7BE9EF94B84F644599B8965B3E3CB31EE4ACB41
            APIs
            • SetTextColor.GDI32(?,00000000), ref: 00B3A662
            • GetSysColorBrush.USER32(0000000F), ref: 00B3A693
            • GetSysColor.USER32(0000000F), ref: 00B3A69F
            • SetBkColor.GDI32(?,000000FF), ref: 00B3A6B9
            • SelectObject.GDI32(?,00000000), ref: 00B3A6C8
            • InflateRect.USER32(?,000000FF,000000FF), ref: 00B3A6F3
            • GetSysColor.USER32(00000010), ref: 00B3A6FB
            • CreateSolidBrush.GDI32(00000000), ref: 00B3A702
            • FrameRect.USER32(?,?,00000000), ref: 00B3A711
            • DeleteObject.GDI32(00000000), ref: 00B3A718
            • InflateRect.USER32(?,000000FE,000000FE), ref: 00B3A763
            • FillRect.USER32(?,?,00000000), ref: 00B3A795
            • GetWindowLongW.USER32(?,000000F0), ref: 00B3A7C0
              • Part of subcall function 00B3A8FC: GetSysColor.USER32(00000012), ref: 00B3A935
              • Part of subcall function 00B3A8FC: SetTextColor.GDI32(?,?), ref: 00B3A939
              • Part of subcall function 00B3A8FC: GetSysColorBrush.USER32(0000000F), ref: 00B3A94F
              • Part of subcall function 00B3A8FC: GetSysColor.USER32(0000000F), ref: 00B3A95A
              • Part of subcall function 00B3A8FC: GetSysColor.USER32(00000011), ref: 00B3A977
              • Part of subcall function 00B3A8FC: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B3A985
              • Part of subcall function 00B3A8FC: SelectObject.GDI32(?,00000000), ref: 00B3A996
              • Part of subcall function 00B3A8FC: SetBkColor.GDI32(?,00000000), ref: 00B3A99F
              • Part of subcall function 00B3A8FC: SelectObject.GDI32(?,?), ref: 00B3A9AC
              • Part of subcall function 00B3A8FC: InflateRect.USER32(?,000000FF,000000FF), ref: 00B3A9CB
              • Part of subcall function 00B3A8FC: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B3A9E2
              • Part of subcall function 00B3A8FC: GetWindowLongW.USER32(00000000,000000F0), ref: 00B3A9F7
              • Part of subcall function 00B3A8FC: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B3AA1F
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
            • String ID:
            • API String ID: 3521893082-0
            • Opcode ID: 74f9cce2ea9f5653a40478df8a74c91c79adead2c35326ec5e16b0ed5ac0cc10
            • Instruction ID: 50920c4a3d8534763401ff55963d7dace85410bdcf265e72755705894f966ece
            • Opcode Fuzzy Hash: 74f9cce2ea9f5653a40478df8a74c91c79adead2c35326ec5e16b0ed5ac0cc10
            • Instruction Fuzzy Hash: 03914B72808702FFD7109F64DC48E6F7BE9FB89321F204A29F5A2961A1DB71D944CB52
            APIs
            • DestroyWindow.USER32(?,?,?), ref: 00AB2CA2
            • DeleteObject.GDI32(00000000), ref: 00AB2CE8
            • DeleteObject.GDI32(00000000), ref: 00AB2CF3
            • DestroyIcon.USER32(00000000,?,?,?), ref: 00AB2CFE
            • DestroyWindow.USER32(00000000,?,?,?), ref: 00AB2D09
            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00AEC5BB
            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00AEC5F4
            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00AECA1D
              • Part of subcall function 00AB1B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00AB2036,?,00000000,?,?,?,?,00AB16CB,00000000,?), ref: 00AB1B9A
            • SendMessageW.USER32(?,00001053), ref: 00AECA5A
            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00AECA71
            • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00AECA87
            • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00AECA92
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
            • String ID: 0
            • API String ID: 464785882-4108050209
            • Opcode ID: 781fd30e59627eb326d49bbae23248bc360667fa91a435ec593401aff5d37a18
            • Instruction ID: 2076b06173146c235cd100a022b79c573271fb588206f4a27fbffe9e8330618c
            • Opcode Fuzzy Hash: 781fd30e59627eb326d49bbae23248bc360667fa91a435ec593401aff5d37a18
            • Instruction Fuzzy Hash: EA128D30600281EFDB25CF25C985BA9BBE5FF06320F54456AF895DB262CB31EC42DB91
            APIs
            • DestroyWindow.USER32(00000000), ref: 00B275F3
            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00B276B2
            • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00B276F0
            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00B27702
            • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00B27748
            • GetClientRect.USER32(00000000,?), ref: 00B27754
            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00B27798
            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00B277A7
            • GetStockObject.GDI32(00000011), ref: 00B277B7
            • SelectObject.GDI32(00000000,00000000), ref: 00B277BB
            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00B277CB
            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B277D4
            • DeleteDC.GDI32(00000000), ref: 00B277DD
            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00B27809
            • SendMessageW.USER32(00000030,00000000,00000001), ref: 00B27820
            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00B2785B
            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00B2786F
            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00B27880
            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00B278B0
            • GetStockObject.GDI32(00000011), ref: 00B278BB
            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00B278C6
            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00B278D0
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
            • API String ID: 2910397461-517079104
            • Opcode ID: 09885f5ec87bf31c26b1f3f9e303e4228800abd62500db8617f1f3075cfc227d
            • Instruction ID: f154e53647de9f9a02fbb4fb1751a04e677ea7895b67c5fcf15c3bde1136abb5
            • Opcode Fuzzy Hash: 09885f5ec87bf31c26b1f3f9e303e4228800abd62500db8617f1f3075cfc227d
            • Instruction Fuzzy Hash: 10A15371A40619BFEB14DF64DD4AFAE7BA9EB04710F104154FA15A72E1CBB0AD40CB64
            APIs
            • SetErrorMode.KERNEL32(00000001), ref: 00B1ADAA
            • GetDriveTypeW.KERNEL32(?,00B3FAC0,?,\\.\,00B3F910), ref: 00B1AE87
            • SetErrorMode.KERNEL32(00000000,00B3FAC0,?,\\.\,00B3F910), ref: 00B1AFE5
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorMode$DriveType
            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
            • API String ID: 2907320926-4222207086
            • Opcode ID: f99f84600b1721a01e51a1d69346f232ead2f149681996c8de8156147b05977f
            • Instruction ID: a775262594d953276d2cded4226ef048b9d69830355cc670b5e8918734d85ecf
            • Opcode Fuzzy Hash: f99f84600b1721a01e51a1d69346f232ead2f149681996c8de8156147b05977f
            • Instruction Fuzzy Hash: 0651A0B56492059BCB10EB50C9C28FDB3F0EB14700BA441E6E906E72E1CB75ED82DB82
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __wcsnicmp
            • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
            • API String ID: 1038674560-86951937
            • Opcode ID: 503ee01cae417a1ef4e37ab7627285415566eb2ca5ce1d56f2130a620e2622d7
            • Instruction ID: ad4462a044ce405d5761d680c7f6716702c41f4fb234597ed5864b098745c767
            • Opcode Fuzzy Hash: 503ee01cae417a1ef4e37ab7627285415566eb2ca5ce1d56f2130a620e2622d7
            • Instruction Fuzzy Hash: 93811971640205BACF20AF61CD92FFE77BCAF14740F144025F946AB2A3EBA4DA51D2A5
            APIs
            • GetSysColor.USER32(00000012), ref: 00B3A935
            • SetTextColor.GDI32(?,?), ref: 00B3A939
            • GetSysColorBrush.USER32(0000000F), ref: 00B3A94F
            • GetSysColor.USER32(0000000F), ref: 00B3A95A
            • CreateSolidBrush.GDI32(?), ref: 00B3A95F
            • GetSysColor.USER32(00000011), ref: 00B3A977
            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B3A985
            • SelectObject.GDI32(?,00000000), ref: 00B3A996
            • SetBkColor.GDI32(?,00000000), ref: 00B3A99F
            • SelectObject.GDI32(?,?), ref: 00B3A9AC
            • InflateRect.USER32(?,000000FF,000000FF), ref: 00B3A9CB
            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B3A9E2
            • GetWindowLongW.USER32(00000000,000000F0), ref: 00B3A9F7
            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B3AA1F
            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00B3AA46
            • InflateRect.USER32(?,000000FD,000000FD), ref: 00B3AA64
            • DrawFocusRect.USER32(?,?), ref: 00B3AA6F
            • GetSysColor.USER32(00000011), ref: 00B3AA7D
            • SetTextColor.GDI32(?,00000000), ref: 00B3AA85
            • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00B3AA99
            • SelectObject.GDI32(?,00B3A62C), ref: 00B3AAB0
            • DeleteObject.GDI32(?), ref: 00B3AABB
            • SelectObject.GDI32(?,?), ref: 00B3AAC1
            • DeleteObject.GDI32(?), ref: 00B3AAC6
            • SetTextColor.GDI32(?,?), ref: 00B3AACC
            • SetBkColor.GDI32(?,?), ref: 00B3AAD6
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
            • String ID:
            • API String ID: 1996641542-0
            • Opcode ID: 3cb9959431241a1893b3718ce9195288dd02c6f5a38069a3f2de4b40a5982418
            • Instruction ID: 814974e26f747ba64fefc1b42b7f5d7f65a4f3634fc133fa0110d772b9a4b155
            • Opcode Fuzzy Hash: 3cb9959431241a1893b3718ce9195288dd02c6f5a38069a3f2de4b40a5982418
            • Instruction Fuzzy Hash: F1512B71D00209FFDB119FA4DD48EAEBBB9EB48320F314665F911BB2A1DA719940DB90
            APIs
            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00B38AF3
            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B38B04
            • CharNextW.USER32(0000014E), ref: 00B38B33
            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00B38B74
            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00B38B8A
            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B38B9B
            • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00B38BB8
            • SetWindowTextW.USER32(?,0000014E), ref: 00B38C0A
            • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00B38C20
            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B38C51
            • _memset.LIBCMT ref: 00B38C76
            • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00B38CBF
            • _memset.LIBCMT ref: 00B38D1E
            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00B38D48
            • SendMessageW.USER32(?,00001074,?,00000001), ref: 00B38DA0
            • SendMessageW.USER32(?,0000133D,?,?), ref: 00B38E4D
            • InvalidateRect.USER32(?,00000000,00000001), ref: 00B38E6F
            • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00B38EB9
            • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00B38EE6
            • DrawMenuBar.USER32(?), ref: 00B38EF5
            • SetWindowTextW.USER32(?,0000014E), ref: 00B38F1D
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
            • String ID: 0
            • API String ID: 1073566785-4108050209
            • Opcode ID: 45ba3db07dce128d4738695700d8942ed90e445cde19ad9b9ba8d9998e52ecf0
            • Instruction ID: 2957f75c4b45b553b9bdde9afc762dc8d0b0bcc52d8e6dfb48d94451d61cd851
            • Opcode Fuzzy Hash: 45ba3db07dce128d4738695700d8942ed90e445cde19ad9b9ba8d9998e52ecf0
            • Instruction Fuzzy Hash: B9E17F71900309ABDF209F65CC85EFE7BB9EF05750F20819AF915AB290DB709A81DF61
            APIs
            • GetCursorPos.USER32(?), ref: 00B34A33
            • GetDesktopWindow.USER32 ref: 00B34A48
            • GetWindowRect.USER32(00000000), ref: 00B34A4F
            • GetWindowLongW.USER32(?,000000F0), ref: 00B34AB1
            • DestroyWindow.USER32(?), ref: 00B34ADD
            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00B34B06
            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B34B24
            • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00B34B4A
            • SendMessageW.USER32(?,00000421,?,?), ref: 00B34B5F
            • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00B34B72
            • IsWindowVisible.USER32(?), ref: 00B34B92
            • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00B34BAD
            • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00B34BC1
            • GetWindowRect.USER32(?,?), ref: 00B34BD9
            • MonitorFromPoint.USER32(?,?,00000002), ref: 00B34BFF
            • GetMonitorInfoW.USER32(00000000,?), ref: 00B34C19
            • CopyRect.USER32(?,?), ref: 00B34C30
            • SendMessageW.USER32(?,00000412,00000000), ref: 00B34C9B
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
            • String ID: ($0$tooltips_class32
            • API String ID: 698492251-4156429822
            • Opcode ID: 294c5b74cb28b8c810c4a889201814072c64a563f3d6cee465a4ce50df95ef9c
            • Instruction ID: 177a6f8b79cc08ee55e5b7aded492ca7f6617266463c27e9fc7f6346ff4044cd
            • Opcode Fuzzy Hash: 294c5b74cb28b8c810c4a889201814072c64a563f3d6cee465a4ce50df95ef9c
            • Instruction Fuzzy Hash: 29B16971604341AFDB44DF64C989B6BBBE4FF88310F108A5CF5999B2A2DB71E804CB95
            APIs
            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00AB28BC
            • GetSystemMetrics.USER32(00000007), ref: 00AB28C4
            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00AB28EF
            • GetSystemMetrics.USER32(00000008), ref: 00AB28F7
            • GetSystemMetrics.USER32(00000004), ref: 00AB291C
            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00AB2939
            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00AB2949
            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00AB297C
            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00AB2990
            • GetClientRect.USER32(00000000,000000FF), ref: 00AB29AE
            • GetStockObject.GDI32(00000011), ref: 00AB29CA
            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AB29D5
              • Part of subcall function 00AB2344: GetCursorPos.USER32(?), ref: 00AB2357
              • Part of subcall function 00AB2344: ScreenToClient.USER32(00B757B0,?), ref: 00AB2374
              • Part of subcall function 00AB2344: GetAsyncKeyState.USER32(00000001), ref: 00AB2399
              • Part of subcall function 00AB2344: GetAsyncKeyState.USER32(00000002), ref: 00AB23A7
            • SetTimer.USER32(00000000,00000000,00000028,00AB1256), ref: 00AB29FC
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
            • String ID: AutoIt v3 GUI
            • API String ID: 1458621304-248962490
            • Opcode ID: 09b4944de293991aba6cb4405c8042e379e69405ad8a9832697bc083aa971441
            • Instruction ID: 691ce55aac3ceb8939c7e2acec9c68caa4ee507131e0c40ae72dc7163be13d5d
            • Opcode Fuzzy Hash: 09b4944de293991aba6cb4405c8042e379e69405ad8a9832697bc083aa971441
            • Instruction Fuzzy Hash: F2B14071A0024AEFDB14DFA8DD45BED7BB8FB08311F204129FA19972A1DB749851CB51
            APIs
            • GetClassNameW.USER32(?,?,00000100), ref: 00B0A885
            • __swprintf.LIBCMT ref: 00B0A926
            • _wcscmp.LIBCMT ref: 00B0A939
            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00B0A98E
            • _wcscmp.LIBCMT ref: 00B0A9CA
            • GetClassNameW.USER32(?,?,00000400), ref: 00B0AA01
            • GetDlgCtrlID.USER32(?), ref: 00B0AA53
            • GetWindowRect.USER32(?,?), ref: 00B0AA89
            • GetParent.USER32(?), ref: 00B0AAA7
            • ScreenToClient.USER32(00000000), ref: 00B0AAAE
            • GetClassNameW.USER32(?,?,00000100), ref: 00B0AB28
            • _wcscmp.LIBCMT ref: 00B0AB3C
            • GetWindowTextW.USER32(?,?,00000400), ref: 00B0AB62
            • _wcscmp.LIBCMT ref: 00B0AB76
              • Part of subcall function 00AD37AC: _iswctype.LIBCMT ref: 00AD37B4
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
            • String ID: %s%u
            • API String ID: 3744389584-679674701
            • Opcode ID: 94718eb240867f6474183c7dd851cdfc768dc326a2c0943aef42316da8d0c4fb
            • Instruction ID: f2a1b7ae27dd97cb39356d499422a19766bf986ae13c9d69a007fbdb80623388
            • Opcode Fuzzy Hash: 94718eb240867f6474183c7dd851cdfc768dc326a2c0943aef42316da8d0c4fb
            • Instruction Fuzzy Hash: 75A1D171604706AFDB14DF24C984FAABBE9FF44354F108A69F999C21D0DB30E945CB92
            APIs
            • GetClassNameW.USER32(00000008,?,00000400), ref: 00B0B1DA
            • _wcscmp.LIBCMT ref: 00B0B1EB
            • GetWindowTextW.USER32(00000001,?,00000400), ref: 00B0B213
            • CharUpperBuffW.USER32(?,00000000), ref: 00B0B230
            • _wcscmp.LIBCMT ref: 00B0B24E
            • _wcsstr.LIBCMT ref: 00B0B25F
            • GetClassNameW.USER32(00000018,?,00000400), ref: 00B0B297
            • _wcscmp.LIBCMT ref: 00B0B2A7
            • GetWindowTextW.USER32(00000002,?,00000400), ref: 00B0B2CE
            • GetClassNameW.USER32(00000018,?,00000400), ref: 00B0B317
            • _wcscmp.LIBCMT ref: 00B0B327
            • GetClassNameW.USER32(00000010,?,00000400), ref: 00B0B34F
            • GetWindowRect.USER32(00000004,?), ref: 00B0B3B8
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
            • String ID: @$ThumbnailClass
            • API String ID: 1788623398-1539354611
            • Opcode ID: b9364854d76a2982abcbf9872e71ebaa589ec2e81aa8483d7f2c62d0a2a1e770
            • Instruction ID: aefbda9e2a6393b3388d21e24913e451feb8a24513e1d4fc2aa8677208cb4cf4
            • Opcode Fuzzy Hash: b9364854d76a2982abcbf9872e71ebaa589ec2e81aa8483d7f2c62d0a2a1e770
            • Instruction Fuzzy Hash: BE818D724082069BDB01DF14C985FAA7FE8EF44714F1885AAFD869A1E2DB30DE45CB61
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __wcsnicmp
            • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
            • API String ID: 1038674560-1810252412
            • Opcode ID: aea085c35475801a10eaeaa300a5b9afc0c660598d36c16e2016a46854321357
            • Instruction ID: ccbdc51450ce415ef51f32f0944492896103070f62a29974c559c20b2486d3d2
            • Opcode Fuzzy Hash: aea085c35475801a10eaeaa300a5b9afc0c660598d36c16e2016a46854321357
            • Instruction Fuzzy Hash: D9316631A88205A6DB24FAA0CE53EEF7BE89F10754F6005A9F452711E3FFA56F04C691
            APIs
            • LoadIconW.USER32(00000063), ref: 00B0C2D3
            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00B0C2E5
            • SetWindowTextW.USER32(?,?), ref: 00B0C2FC
            • GetDlgItem.USER32(?,000003EA), ref: 00B0C311
            • SetWindowTextW.USER32(00000000,?), ref: 00B0C317
            • GetDlgItem.USER32(?,000003E9), ref: 00B0C327
            • SetWindowTextW.USER32(00000000,?), ref: 00B0C32D
            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00B0C34E
            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00B0C368
            • GetWindowRect.USER32(?,?), ref: 00B0C371
            • SetWindowTextW.USER32(?,?), ref: 00B0C3DC
            • GetDesktopWindow.USER32 ref: 00B0C3E2
            • GetWindowRect.USER32(00000000), ref: 00B0C3E9
            • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00B0C435
            • GetClientRect.USER32(?,?), ref: 00B0C442
            • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00B0C467
            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00B0C492
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
            • String ID:
            • API String ID: 3869813825-0
            • Opcode ID: 1c7a1a55040a539a21a11043a76919a3fb079905e3cb100e0a1544a70df27c2d
            • Instruction ID: 67341d43c4e78ef8f46ff2ab2f93c28d2f4bea57f62680366f34a57f517b2afb
            • Opcode Fuzzy Hash: 1c7a1a55040a539a21a11043a76919a3fb079905e3cb100e0a1544a70df27c2d
            • Instruction Fuzzy Hash: D2513C3190070AEFDB209FA8DE86B6EBFF5FF04705F104668E646A35A0CB74A944DB50
            APIs
            • LoadCursorW.USER32(00000000,00007F8A), ref: 00B25129
            • LoadCursorW.USER32(00000000,00007F00), ref: 00B25134
            • LoadCursorW.USER32(00000000,00007F03), ref: 00B2513F
            • LoadCursorW.USER32(00000000,00007F8B), ref: 00B2514A
            • LoadCursorW.USER32(00000000,00007F01), ref: 00B25155
            • LoadCursorW.USER32(00000000,00007F81), ref: 00B25160
            • LoadCursorW.USER32(00000000,00007F88), ref: 00B2516B
            • LoadCursorW.USER32(00000000,00007F80), ref: 00B25176
            • LoadCursorW.USER32(00000000,00007F86), ref: 00B25181
            • LoadCursorW.USER32(00000000,00007F83), ref: 00B2518C
            • LoadCursorW.USER32(00000000,00007F85), ref: 00B25197
            • LoadCursorW.USER32(00000000,00007F82), ref: 00B251A2
            • LoadCursorW.USER32(00000000,00007F84), ref: 00B251AD
            • LoadCursorW.USER32(00000000,00007F04), ref: 00B251B8
            • LoadCursorW.USER32(00000000,00007F02), ref: 00B251C3
            • LoadCursorW.USER32(00000000,00007F89), ref: 00B251CE
            • GetCursorInfo.USER32(?), ref: 00B251DE
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Cursor$Load$Info
            • String ID:
            • API String ID: 2577412497-0
            • Opcode ID: 4d699f60acc963caeb95467e3cb896a158dbc6993ae7c580ed93cdf1a0f749b5
            • Instruction ID: 93df97fcdeacd22e3abe8e2731dfc20b00ad0245f190d5036df38f4b8ac3c068
            • Opcode Fuzzy Hash: 4d699f60acc963caeb95467e3cb896a158dbc6993ae7c580ed93cdf1a0f749b5
            • Instruction Fuzzy Hash: EB31E7B0D48319AADB209FB69C8996FFEE8FF04750F50452AE50DE7281DA7865018FA1
            APIs
            • _memset.LIBCMT ref: 00B3A28B
            • DestroyWindow.USER32(?,?), ref: 00B3A305
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00B3A37F
            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00B3A3A1
            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B3A3B4
            • DestroyWindow.USER32(00000000), ref: 00B3A3D6
            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00AB0000,00000000), ref: 00B3A40D
            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B3A426
            • GetDesktopWindow.USER32 ref: 00B3A43F
            • GetWindowRect.USER32(00000000), ref: 00B3A446
            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B3A45E
            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00B3A476
              • Part of subcall function 00AB25DB: GetWindowLongW.USER32(?,000000EB), ref: 00AB25EC
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
            • String ID: 0$tooltips_class32
            • API String ID: 1297703922-3619404913
            • Opcode ID: 7509385a77c3ba56b0892c33a7a6e5501d14b27f895edd230ecef290464a921b
            • Instruction ID: ea30e86b1374bfe53521c7545d3b45e862a656d9fa64a7f2ea94c8379a5f3761
            • Opcode Fuzzy Hash: 7509385a77c3ba56b0892c33a7a6e5501d14b27f895edd230ecef290464a921b
            • Instruction Fuzzy Hash: 2B719C75540245AFD720CF28CC49FAA77E9EB88700F24466DF9D6872A1DBB1E941CF22
            APIs
              • Part of subcall function 00AB2612: GetWindowLongW.USER32(?,000000EB), ref: 00AB2623
            • DragQueryPoint.SHELL32(?,?), ref: 00B3C691
              • Part of subcall function 00B3AB69: ClientToScreen.USER32(?,?), ref: 00B3AB92
              • Part of subcall function 00B3AB69: GetWindowRect.USER32(?,?), ref: 00B3AC08
              • Part of subcall function 00B3AB69: PtInRect.USER32(?,?,00B3C07E), ref: 00B3AC18
            • SendMessageW.USER32(?,000000B0,?,?), ref: 00B3C6FA
            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00B3C705
            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00B3C728
            • _wcscat.LIBCMT ref: 00B3C758
            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00B3C76F
            • SendMessageW.USER32(?,000000B0,?,?), ref: 00B3C788
            • SendMessageW.USER32(?,000000B1,?,?), ref: 00B3C79F
            • SendMessageW.USER32(?,000000B1,?,?), ref: 00B3C7C1
            • DragFinish.SHELL32(?), ref: 00B3C7C8
            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00B3C8BB
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
            • API String ID: 169749273-3440237614
            • Opcode ID: e596eb474e49f9a49e1dba088cbaae3043ecf0017f2b1985b0a16b5abe72a7f5
            • Instruction ID: 7b1a329fcf0a106f2c7ee75ef4aef1d071c43db8e0038fd442e547e1854081dc
            • Opcode Fuzzy Hash: e596eb474e49f9a49e1dba088cbaae3043ecf0017f2b1985b0a16b5abe72a7f5
            • Instruction Fuzzy Hash: FF617D71508301AFC700EF64DD85DAFBBE8EF88710F10096EF595931A2DB70AA49CB52
            APIs
            • CharUpperBuffW.USER32(?,?), ref: 00B3448D
            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B344D8
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: BuffCharMessageSendUpper
            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
            • API String ID: 3974292440-4258414348
            • Opcode ID: 3e7b26b0595eefe980bd4f4755fcbe08459bec5da6f030efd02fbf7c5051682c
            • Instruction ID: 9d09978f64364c0bb07e3cfbf12bdb7ebaa811fef8a21295eef2e4cee923b62a
            • Opcode Fuzzy Hash: 3e7b26b0595eefe980bd4f4755fcbe08459bec5da6f030efd02fbf7c5051682c
            • Instruction Fuzzy Hash: 6A914A342047019BCB14EF20C591AAAB7E5EF95350F5488ADF8965B3A3CB35ED4ACB81
            APIs
            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00B3B8E8
            • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00B36B43,?), ref: 00B3B944
            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B3B97D
            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00B3B9C0
            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B3B9F7
            • FreeLibrary.KERNEL32(?), ref: 00B3BA03
            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B3BA13
            • DestroyIcon.USER32(?), ref: 00B3BA22
            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00B3BA3F
            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00B3BA4B
              • Part of subcall function 00AD307D: __wcsicmp_l.LIBCMT ref: 00AD3106
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
            • String ID: .dll$.exe$.icl
            • API String ID: 1212759294-1154884017
            • Opcode ID: 32ebc7bf7d4b3e69b2832687166f145f1ba80c76d343e10378e25d4f62280fdc
            • Instruction ID: ac1c83520258724be081adb38d378cb02ce0bcf3edaf2355232e359220140701
            • Opcode Fuzzy Hash: 32ebc7bf7d4b3e69b2832687166f145f1ba80c76d343e10378e25d4f62280fdc
            • Instruction Fuzzy Hash: E661CF71A40619BEEB14DF64CD41FBE77ACFB08710F20425AFA16D61D1DB74AA84CBA0
            APIs
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
            • CharLowerBuffW.USER32(?,?), ref: 00B1A455
            • GetDriveTypeW.KERNEL32 ref: 00B1A4A2
            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B1A4EA
            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B1A521
            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B1A54F
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
            • API String ID: 2698844021-4113822522
            • Opcode ID: fe28075c499f6156d625b39893c0942aeb5cf11c1469035b1bc81d46848e86a1
            • Instruction ID: 6e8eb628e7c9ce52fda7c80f7963f0bf9700a4f5005ef3749e94a6bf80201b72
            • Opcode Fuzzy Hash: fe28075c499f6156d625b39893c0942aeb5cf11c1469035b1bc81d46848e86a1
            • Instruction Fuzzy Hash: 30517C711083049FC700EF20C9919AEB7E9FF94758F50496DF896972A2DB71EE06CB42
            APIs
            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,00000000,?,00AEE382,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000), ref: 00B0FC10
            • LoadStringW.USER32(00000000,?,00AEE382,00000001), ref: 00B0FC19
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
            • GetModuleHandleW.KERNEL32(00000000,00B75310,?,00000FFF,?,?,00AEE382,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000,00000001), ref: 00B0FC3B
            • LoadStringW.USER32(00000000,?,00AEE382,00000001), ref: 00B0FC3E
            • __swprintf.LIBCMT ref: 00B0FC8E
            • __swprintf.LIBCMT ref: 00B0FC9F
            • _wprintf.LIBCMT ref: 00B0FD48
            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00B0FD5F
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
            • API String ID: 984253442-2268648507
            • Opcode ID: b621152e66835dbcae1f5abb71ba7ff438acee78f46dae1beaa5f074863ab5f3
            • Instruction ID: 3d52c1e9df18499b5d9a417dd843fcac6df578e4661ed6e96bf5370d22150d77
            • Opcode Fuzzy Hash: b621152e66835dbcae1f5abb71ba7ff438acee78f46dae1beaa5f074863ab5f3
            • Instruction Fuzzy Hash: D2414D72904219AACB14FBE0CE86DFE77BCAF54740F5001A5F505720A2DE746F49CAA1
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
            • String ID:
            • API String ID: 884005220-0
            • Opcode ID: 1dd0756fc12e6c3ef0a317b6fcbe586bb4228011d76a5f8fa5489548900e569d
            • Instruction ID: d42a1db1a8d190c7de50c25e8b95f5b1e44003b13d08cdd8edc29ee17b5452ea
            • Opcode Fuzzy Hash: 1dd0756fc12e6c3ef0a317b6fcbe586bb4228011d76a5f8fa5489548900e569d
            • Instruction Fuzzy Hash: B9610A72500355AFD7205F66DE41B6A77B4EF20B61F20812AE80697291DF78ED81C793
            APIs
            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00B3BA8A
            • GetFileSize.KERNEL32(00000000,00000000), ref: 00B3BAA1
            • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00B3BAAC
            • CloseHandle.KERNEL32(00000000), ref: 00B3BAB9
            • GlobalLock.KERNEL32(00000000), ref: 00B3BAC2
            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00B3BAD1
            • GlobalUnlock.KERNEL32(00000000), ref: 00B3BADA
            • CloseHandle.KERNEL32(00000000), ref: 00B3BAE1
            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00B3BAF2
            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00B42CAC,?), ref: 00B3BB0B
            • GlobalFree.KERNEL32(00000000), ref: 00B3BB1B
            • GetObjectW.GDI32(?,00000018,000000FF), ref: 00B3BB3F
            • CopyImage.USER32(?,00000000,?,?,00002000), ref: 00B3BB6A
            • DeleteObject.GDI32(00000000), ref: 00B3BB92
            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00B3BBA8
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
            • String ID:
            • API String ID: 3840717409-0
            • Opcode ID: 34a76e62771babbb365e9b9d95dbbc17c69358a7e857e6008a3fb74faf92af27
            • Instruction ID: d7c1ade62f3a3c8cffc8d104b4c9ad390fe5cdd091df95a20e2eb741e99e8a3b
            • Opcode Fuzzy Hash: 34a76e62771babbb365e9b9d95dbbc17c69358a7e857e6008a3fb74faf92af27
            • Instruction Fuzzy Hash: 2241F975A00209EFDB119F65DC88EBFBBB9EF89711F2040A9F909D7264DB309941DB60
            APIs
            • __wsplitpath.LIBCMT ref: 00B1DA9C
            • _wcscat.LIBCMT ref: 00B1DAB4
            • _wcscat.LIBCMT ref: 00B1DAC6
            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00B1DADB
            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B1DAEF
            • GetFileAttributesW.KERNEL32(?), ref: 00B1DB07
            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00B1DB21
            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B1DB33
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
            • String ID: *.*
            • API String ID: 34673085-438819550
            • Opcode ID: 9bfda2b1c009f82c79c73aa391a2aa22c3b113e9bfe6227686d6838efb0300c3
            • Instruction ID: 04f10152509840e8db5808f06c3dbed3916ebf9358f0e5adff1b2676e7953f61
            • Opcode Fuzzy Hash: 9bfda2b1c009f82c79c73aa391a2aa22c3b113e9bfe6227686d6838efb0300c3
            • Instruction Fuzzy Hash: 228192725182459FCB24EF24C9849EBB7E8FF88350F5848AEF586D7251D730E984CB92
            APIs
              • Part of subcall function 00AB2612: GetWindowLongW.USER32(?,000000EB), ref: 00AB2623
            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B3C266
            • GetFocus.USER32 ref: 00B3C276
            • GetDlgCtrlID.USER32(00000000), ref: 00B3C281
            • _memset.LIBCMT ref: 00B3C3AC
            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00B3C3D7
            • GetMenuItemCount.USER32(?), ref: 00B3C3F7
            • GetMenuItemID.USER32(?,00000000), ref: 00B3C40A
            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00B3C43E
            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00B3C486
            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B3C4BE
            • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 00B3C4F3
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
            • String ID: 0
            • API String ID: 1296962147-4108050209
            • Opcode ID: 1dff94f38b1d9ecf755e843087166987ff1409be4ab0e08aaff439dcfaa72104
            • Instruction ID: 0131dc27bd4794e9c7c1769e3d7cb4454d8786412f19b4e3ac925ee4eb28f97b
            • Opcode Fuzzy Hash: 1dff94f38b1d9ecf755e843087166987ff1409be4ab0e08aaff439dcfaa72104
            • Instruction Fuzzy Hash: A4818D71608311AFD720DF54D994A7BBBE8EF88314F20456EF999A7291CB70D804CBA2
            APIs
            • GetDC.USER32(00000000), ref: 00B274A4
            • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00B274B0
            • CreateCompatibleDC.GDI32(?), ref: 00B274BC
            • SelectObject.GDI32(00000000,?), ref: 00B274C9
            • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00B2751D
            • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00B27559
            • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00B2757D
            • SelectObject.GDI32(00000006,?), ref: 00B27585
            • DeleteObject.GDI32(?), ref: 00B2758E
            • DeleteDC.GDI32(00000006), ref: 00B27595
            • ReleaseDC.USER32(00000000,?), ref: 00B275A0
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
            • String ID: (
            • API String ID: 2598888154-3887548279
            • Opcode ID: f0572c18107439b40b125ed3d206c1495217320450b02d2da65e87caa1fa887d
            • Instruction ID: cecabc44634d004dae12d2fbf6fd9c9c57c0a1dce500fe8c217c647de386a622
            • Opcode Fuzzy Hash: f0572c18107439b40b125ed3d206c1495217320450b02d2da65e87caa1fa887d
            • Instruction Fuzzy Hash: A4514971904219AFCB15CFA8DC85EAEBBF9EF48310F14846EF95A97210CB31A940CB50
            APIs
              • Part of subcall function 00AD0AD7: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00AB6C6C,?,00008000), ref: 00AD0AF3
              • Part of subcall function 00AB48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AB48A1,?,?,00AB37C0,?), ref: 00AB48CE
            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00AB6D0D
            • SetCurrentDirectoryW.KERNEL32(?), ref: 00AB6E5A
              • Part of subcall function 00AB59CD: _wcscpy.LIBCMT ref: 00AB5A05
              • Part of subcall function 00AD37BD: _iswctype.LIBCMT ref: 00AD37C5
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
            • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
            • API String ID: 537147316-1018226102
            • Opcode ID: 646b68bb3d12ba9baf2c628dbaa29050965e0ba4e63e491c30f1cb8738346c34
            • Instruction ID: 37392f13eec2398d87caff1cddf5cbea9ca170b53bbe82c117b01309da1da8de
            • Opcode Fuzzy Hash: 646b68bb3d12ba9baf2c628dbaa29050965e0ba4e63e491c30f1cb8738346c34
            • Instruction Fuzzy Hash: 52029D315083819FC724EF24C991AAFBBF9BF98354F14491DF48A972A2DB30D949CB52
            APIs
            • _memset.LIBCMT ref: 00AB45F9
            • GetMenuItemCount.USER32(00B75890), ref: 00AED6FD
            • GetMenuItemCount.USER32(00B75890), ref: 00AED7AD
            • GetCursorPos.USER32(?), ref: 00AED7F1
            • SetForegroundWindow.USER32(00000000), ref: 00AED7FA
            • TrackPopupMenuEx.USER32(00B75890,00000000,?,00000000,00000000,00000000), ref: 00AED80D
            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00AED819
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
            • String ID:
            • API String ID: 2751501086-0
            • Opcode ID: c99e76fdeb7843cc13d011a47601c168a514fd8260f2efe10a29fc609eb5da0e
            • Instruction ID: 3473bb90242716730b223c3524b25e35e91d5cf24b40eacfde3ea21be9378b1f
            • Opcode Fuzzy Hash: c99e76fdeb7843cc13d011a47601c168a514fd8260f2efe10a29fc609eb5da0e
            • Instruction Fuzzy Hash: 7671E530600245BFEB209F55DC49FEABFA9FF09364F204216F519AA1E2CBB16C60DB54
            APIs
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
            • _memset.LIBCMT ref: 00B07B93
            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00B07BC8
            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00B07BE4
            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00B07C00
            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00B07C2A
            • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 00B07C52
            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B07C5D
            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B07C62
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
            • API String ID: 1411258926-22481851
            • Opcode ID: d0694dd71ed20d39b2cfc751158243950c1c4cfa3bf117ecc53282c77063b30a
            • Instruction ID: 0132b0302733fa21ee1c1345a65bab8f46583c99db3094ca4eef857cda4479bc
            • Opcode Fuzzy Hash: d0694dd71ed20d39b2cfc751158243950c1c4cfa3bf117ecc53282c77063b30a
            • Instruction Fuzzy Hash: 14410B71C54229ABDB25EBA4DC95DFDB7B8FF08740F044169E815A31A2DF709E04CB90
            APIs
            • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B2FE38,?,?), ref: 00B30EBC
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: BuffCharUpper
            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
            • API String ID: 3964851224-909552448
            • Opcode ID: 4c1446f4ce1a5e4cc92d41ed89d668882323e1f87d2976f4ec7c69ef97725bfb
            • Instruction ID: e173d4e2e8ee7f9e111e4a34818b583ac981a8d6ca13f54a684ecc8b86fd5b7a
            • Opcode Fuzzy Hash: 4c1446f4ce1a5e4cc92d41ed89d668882323e1f87d2976f4ec7c69ef97725bfb
            • Instruction Fuzzy Hash: 5241603112024A8BCF24EF14DAE1AEE37A8FF51340F6444A5FC525B392DB399D5ACB60
            APIs
            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00AEE5F9,00000010,?,Bad directive syntax error,00B3F910,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 00B0FAF3
            • LoadStringW.USER32(00000000,?,00AEE5F9,00000010), ref: 00B0FAFA
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
            • _wprintf.LIBCMT ref: 00B0FB2D
            • __swprintf.LIBCMT ref: 00B0FB4F
            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00B0FBBE
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
            • API String ID: 1506413516-4153970271
            • Opcode ID: 25c9f0bb439b86065e989e17e633819bd4a1e218b5c96e99043385be817bdc9a
            • Instruction ID: 877b871ff5d18dc4a1bd8b96dd85c71dbc256b52bb00f292bf8b40269b0fa0f2
            • Opcode Fuzzy Hash: 25c9f0bb439b86065e989e17e633819bd4a1e218b5c96e99043385be817bdc9a
            • Instruction Fuzzy Hash: 7F21603294021AEBCF22EFA0CD56EFE77B9BF18300F0444A6F515660A2DA759A18DB51
            APIs
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
              • Part of subcall function 00AB7A84: _memmove.LIBCMT ref: 00AB7B0D
            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00B153D7
            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00B153ED
            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B153FE
            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00B15410
            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00B15421
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: SendString$_memmove
            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
            • API String ID: 2279737902-1007645807
            • Opcode ID: c697a5e9e7610054815a83780513f4308077c11f86169ce16af453f13158a108
            • Instruction ID: dcb881c6d38f60efcf3250deeba5701b8dc92778afffb3af1432212ea7afd96f
            • Opcode Fuzzy Hash: c697a5e9e7610054815a83780513f4308077c11f86169ce16af453f13158a108
            • Instruction Fuzzy Hash: 63119121A50129B9D730B761DD9ADFF7BFCEFD1B40F4005A9B415A20E2DEA05D85C9A0
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
            • String ID: 0.0.0.0
            • API String ID: 208665112-3771769585
            • Opcode ID: c2f4db9caf074f8f34cc5091dc9ffe50c353afe70efef9699c5cbbec4c89fc7f
            • Instruction ID: 012539a113e5866334e5d951f85b9fdc81d945649ed6cca670ecbe6a25e2813b
            • Opcode Fuzzy Hash: c2f4db9caf074f8f34cc5091dc9ffe50c353afe70efef9699c5cbbec4c89fc7f
            • Instruction Fuzzy Hash: 52110231904105ABCB24A720DD8AEEE77FCDB16710F5401B6F405971A1EFB09EC187A0
            APIs
            • timeGetTime.WINMM ref: 00B15021
              • Part of subcall function 00AD034A: timeGetTime.WINMM(?,75C0B400,00AC0FDB), ref: 00AD034E
            • Sleep.KERNEL32(0000000A), ref: 00B1504D
            • EnumThreadWindows.USER32(?,Function_00064FCF,00000000), ref: 00B15071
            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00B15093
            • SetActiveWindow.USER32 ref: 00B150B2
            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00B150C0
            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00B150DF
            • Sleep.KERNEL32(000000FA), ref: 00B150EA
            • IsWindow.USER32 ref: 00B150F6
            • EndDialog.USER32(00000000), ref: 00B15107
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
            • String ID: BUTTON
            • API String ID: 1194449130-3405671355
            • Opcode ID: 3bd98aa32f00192a3ab8d265259aca1c884ff6e1ed00bcc3a26ad7ae8814521b
            • Instruction ID: d946c9066ca087bf13083a1c11ddfc16eb4d6e664dd10c8390535fcdbb6963e2
            • Opcode Fuzzy Hash: 3bd98aa32f00192a3ab8d265259aca1c884ff6e1ed00bcc3a26ad7ae8814521b
            • Instruction Fuzzy Hash: 4021F670200A09FFE7215F60ED89F7A3BA9E798385FA41068F109932B1EF618CD4D671
            APIs
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
            • CoInitialize.OLE32(00000000), ref: 00B1D676
            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00B1D709
            • SHGetDesktopFolder.SHELL32(?), ref: 00B1D71D
            • CoCreateInstance.OLE32(00B42D7C,00000000,00000001,00B68C1C,?), ref: 00B1D769
            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00B1D7D8
            • CoTaskMemFree.OLE32(?,?), ref: 00B1D830
            • _memset.LIBCMT ref: 00B1D86D
            • SHBrowseForFolderW.SHELL32(?), ref: 00B1D8A9
            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00B1D8CC
            • CoTaskMemFree.OLE32(00000000), ref: 00B1D8D3
            • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 00B1D90A
            • CoUninitialize.OLE32(00000001,00000000), ref: 00B1D90C
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
            • String ID:
            • API String ID: 1246142700-0
            • Opcode ID: 71d911513087a7970ac57a25bc9506b0356a677aa1dd71a926fe1a265473dc25
            • Instruction ID: 8379e9c7c09fe00f218a89d471d5bf608316f3ca8f3da594f1fb9e8972033ded
            • Opcode Fuzzy Hash: 71d911513087a7970ac57a25bc9506b0356a677aa1dd71a926fe1a265473dc25
            • Instruction Fuzzy Hash: CEB1ED75A00109AFDB14DFA4C984EAEBBF9FF49304B1484A9F909EB261DB30ED45CB50
            APIs
            • GetKeyboardState.USER32(?), ref: 00B103C8
            • SetKeyboardState.USER32(?), ref: 00B10433
            • GetAsyncKeyState.USER32(000000A0), ref: 00B10453
            • GetKeyState.USER32(000000A0), ref: 00B1046A
            • GetAsyncKeyState.USER32(000000A1), ref: 00B10499
            • GetKeyState.USER32(000000A1), ref: 00B104AA
            • GetAsyncKeyState.USER32(00000011), ref: 00B104D6
            • GetKeyState.USER32(00000011), ref: 00B104E4
            • GetAsyncKeyState.USER32(00000012), ref: 00B1050D
            • GetKeyState.USER32(00000012), ref: 00B1051B
            • GetAsyncKeyState.USER32(0000005B), ref: 00B10544
            • GetKeyState.USER32(0000005B), ref: 00B10552
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: State$Async$Keyboard
            • String ID:
            • API String ID: 541375521-0
            • Opcode ID: 63555216eb4a807af668fa3ac91025bd31d6aaa9eab52f0f3724c2660e571581
            • Instruction ID: 12c26ae8a407980061ea27846bcde831caacb8508d326a6a57b0b8a0ee19dd91
            • Opcode Fuzzy Hash: 63555216eb4a807af668fa3ac91025bd31d6aaa9eab52f0f3724c2660e571581
            • Instruction Fuzzy Hash: BE51C6209187846AFB34FBA484517EEBFF4DF15380F8885D9D5C2561C2DAA49BCCCB61
            APIs
            • GetDlgItem.USER32(?,00000001), ref: 00B0C545
            • GetWindowRect.USER32(00000000,?), ref: 00B0C557
            • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00B0C5B5
            • GetDlgItem.USER32(?,00000002), ref: 00B0C5C0
            • GetWindowRect.USER32(00000000,?), ref: 00B0C5D2
            • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00B0C626
            • GetDlgItem.USER32(?,000003E9), ref: 00B0C634
            • GetWindowRect.USER32(00000000,?), ref: 00B0C645
            • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00B0C688
            • GetDlgItem.USER32(?,000003EA), ref: 00B0C696
            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00B0C6B3
            • InvalidateRect.USER32(?,00000000,00000001), ref: 00B0C6C0
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$ItemMoveRect$Invalidate
            • String ID:
            • API String ID: 3096461208-0
            • Opcode ID: d4f6dfe2e1aa31f5091f0c547b682fefd6476a98b0b1c3ef3f91de4f18e21be2
            • Instruction ID: a9971b6773338ee7f8fed15a9d081b03875f265b36488a1809d1c8d7ec944a33
            • Opcode Fuzzy Hash: d4f6dfe2e1aa31f5091f0c547b682fefd6476a98b0b1c3ef3f91de4f18e21be2
            • Instruction Fuzzy Hash: 45513071F00205ABDB18CFA9DD86ABEBBB5EB88310F248269F515D72E0DB709D00CB50
            APIs
              • Part of subcall function 00AB1B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00AB2036,?,00000000,?,?,?,?,00AB16CB,00000000,?), ref: 00AB1B9A
            • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00AB20D3
            • KillTimer.USER32(-00000001,?,?,?,?,00AB16CB,00000000,?,?,00AB1AE2,?,?), ref: 00AB216E
            • DestroyAcceleratorTable.USER32(00000000), ref: 00AEBE26
            • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00AB16CB,00000000,?,?,00AB1AE2,?,?), ref: 00AEBE57
            • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00AB16CB,00000000,?,?,00AB1AE2,?,?), ref: 00AEBE6E
            • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00AB16CB,00000000,?,?,00AB1AE2,?,?), ref: 00AEBE8A
            • DeleteObject.GDI32(00000000), ref: 00AEBE9C
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
            • String ID:
            • API String ID: 641708696-0
            • Opcode ID: f022cac529f2152615e9a1e85c2a17c8b1ffd1ecf84a33e7955bde3b155e8f88
            • Instruction ID: 201e35da425bff9fc544c7d91ca109cbcb01c2bd0844c1d00c96b4ca77843cc7
            • Opcode Fuzzy Hash: f022cac529f2152615e9a1e85c2a17c8b1ffd1ecf84a33e7955bde3b155e8f88
            • Instruction Fuzzy Hash: 20618D31510A41DFCB39AF19D948BAAB7F5FF40312F60852EE5464B972CBB1AC80DB91
            APIs
              • Part of subcall function 00AB25DB: GetWindowLongW.USER32(?,000000EB), ref: 00AB25EC
            • GetSysColor.USER32(0000000F), ref: 00AB21D3
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ColorLongWindow
            • String ID:
            • API String ID: 259745315-0
            • Opcode ID: 2ffac6fe279c4ee28f60c12c19cf73307eb807b75d8ab3ade438a2149774f794
            • Instruction ID: 2cfa4cd100666c40d50b7cb235ce379d82ea5a2d93d1d29125fcbe44e439c688
            • Opcode Fuzzy Hash: 2ffac6fe279c4ee28f60c12c19cf73307eb807b75d8ab3ade438a2149774f794
            • Instruction Fuzzy Hash: E8419A31400544EBDB255F28E889BF93B6AEB06331F284266ED65DB1E6CB318C42DB21
            APIs
            • CharLowerBuffW.USER32(?,?,00B3F910), ref: 00B1A995
            • GetDriveTypeW.KERNEL32(00000061,00B689A0,00000061), ref: 00B1AA5F
            • _wcscpy.LIBCMT ref: 00B1AA89
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: BuffCharDriveLowerType_wcscpy
            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
            • API String ID: 2820617543-1000479233
            • Opcode ID: cdcdda73d63b76ee48376a211aa97f90c9d1e3cb63145ece05c7f275d852fcc6
            • Instruction ID: b68fbacc3f2448385b5465e6e7e890e4e878ab3aeaec19dbd3b8a678505a5cf1
            • Opcode Fuzzy Hash: cdcdda73d63b76ee48376a211aa97f90c9d1e3cb63145ece05c7f275d852fcc6
            • Instruction Fuzzy Hash: 9651B0311183019BC314EF14CAD1AEFB7E9EF84340F9049ADF596572A2DB31A989CA53
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __i64tow__itow__swprintf
            • String ID: %.15g$0x%p$False$True
            • API String ID: 421087845-2263619337
            • Opcode ID: 66045562c3b4c08fe68e1d7f3ed2ee95648e3a079ca53b1dda4ee2bcfee895d4
            • Instruction ID: e51cd716b6b4e32eb52cbccda6ff1d1a692318bbbac9178fbe03d9153453e08e
            • Opcode Fuzzy Hash: 66045562c3b4c08fe68e1d7f3ed2ee95648e3a079ca53b1dda4ee2bcfee895d4
            • Instruction Fuzzy Hash: 4041D431504205AEDB389F35D942FBA77F8EF44300F2044AEE54AD72A2EA319941C711
            APIs
            • _memset.LIBCMT ref: 00B3719C
            • CreateMenu.USER32 ref: 00B371B7
            • SetMenu.USER32(?,00000000), ref: 00B371C6
            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B37253
            • IsMenu.USER32(?), ref: 00B37269
            • CreatePopupMenu.USER32 ref: 00B37273
            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B372A0
            • DrawMenuBar.USER32 ref: 00B372A8
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
            • String ID: 0$F
            • API String ID: 176399719-3044882817
            • Opcode ID: 9214a9d16ab465e1298435eed6eb34a817402304e0b683e554c0820e55a53524
            • Instruction ID: dc964aa7b1dad417c8028640c621d0587095c3fa525d0bb27007f771fd76be93
            • Opcode Fuzzy Hash: 9214a9d16ab465e1298435eed6eb34a817402304e0b683e554c0820e55a53524
            • Instruction Fuzzy Hash: 514139B5A01209EFDB20DF64D884AAA7BF5FF49300F244169FD59A7360DB70A910DBA0
            APIs
            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00B37590
            • CreateCompatibleDC.GDI32(00000000), ref: 00B37597
            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00B375AA
            • SelectObject.GDI32(00000000,00000000), ref: 00B375B2
            • GetPixel.GDI32(00000000,00000000,00000000), ref: 00B375BD
            • DeleteDC.GDI32(00000000), ref: 00B375C6
            • GetWindowLongW.USER32(?,000000EC), ref: 00B375D0
            • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00B375E4
            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00B375F0
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
            • String ID: static
            • API String ID: 2559357485-2160076837
            • Opcode ID: 28275b2faaa968f4fd1b3d3c2fde4da43c68a1ee35f66a3899265af90ce5540b
            • Instruction ID: 7b6f31afd50b14cdf2ecb88af66885d0cd3734fc50ba36458b304f3b6b00a48a
            • Opcode Fuzzy Hash: 28275b2faaa968f4fd1b3d3c2fde4da43c68a1ee35f66a3899265af90ce5540b
            • Instruction Fuzzy Hash: 2A319E71544116BBDF259F68DC49FEF3BA9FF19320F210224FA15A61A0CB31E810DBA0
            APIs
            • _memset.LIBCMT ref: 00AD6FBB
              • Part of subcall function 00AD8CA8: __getptd_noexit.LIBCMT ref: 00AD8CA8
            • __gmtime64_s.LIBCMT ref: 00AD7054
            • __gmtime64_s.LIBCMT ref: 00AD708A
            • __gmtime64_s.LIBCMT ref: 00AD70A7
            • __allrem.LIBCMT ref: 00AD70FD
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AD7119
            • __allrem.LIBCMT ref: 00AD7130
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AD714E
            • __allrem.LIBCMT ref: 00AD7165
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AD7183
            • __invoke_watson.LIBCMT ref: 00AD71F4
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
            • String ID:
            • API String ID: 384356119-0
            • Opcode ID: f1a8c047e8f29504aad4589f782c76ed1b73a3870b2d4d8a344ebdfc9c3668e8
            • Instruction ID: 67f4ed22d15b9a31a8f76a3cf2b6398ae9a578c13b40c325ca72463682c38276
            • Opcode Fuzzy Hash: f1a8c047e8f29504aad4589f782c76ed1b73a3870b2d4d8a344ebdfc9c3668e8
            • Instruction Fuzzy Hash: DB71C572A00B16ABEB189F69CD42B5EB3A8AF15724F14432BF516D7381F774DA408790
            APIs
            • _memset.LIBCMT ref: 00B1283A
            • GetMenuItemInfoW.USER32(00B75890,000000FF,00000000,00000030), ref: 00B1289B
            • SetMenuItemInfoW.USER32(00B75890,00000004,00000000,00000030), ref: 00B128D1
            • Sleep.KERNEL32(000001F4), ref: 00B128E3
            • GetMenuItemCount.USER32(?), ref: 00B12927
            • GetMenuItemID.USER32(?,00000000), ref: 00B12943
            • GetMenuItemID.USER32(?,-00000001), ref: 00B1296D
            • GetMenuItemID.USER32(?,?), ref: 00B129B2
            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B129F8
            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B12A0C
            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B12A2D
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
            • String ID:
            • API String ID: 4176008265-0
            • Opcode ID: 0507cf6b67af30eb7d8d52d4926530768aa7279751f4ade47ecde7f5856c68f8
            • Instruction ID: 1345502f92e1df763916960c9a72e3fb14f71469e8274282bc434ddce4f3d6dd
            • Opcode Fuzzy Hash: 0507cf6b67af30eb7d8d52d4926530768aa7279751f4ade47ecde7f5856c68f8
            • Instruction Fuzzy Hash: 9E619070900249AFDF21CF64D9889FE7BF8EF45344F9400A9E842A3251DB31ADA5DB20
            APIs
            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00B36FD7
            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00B36FDA
            • GetWindowLongW.USER32(?,000000F0), ref: 00B36FFE
            • _memset.LIBCMT ref: 00B3700F
            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B37021
            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00B37099
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$LongWindow_memset
            • String ID:
            • API String ID: 830647256-0
            • Opcode ID: d701b2ed88c6b8e2090f208c5b7a3375b828755eeb8d7a1f90929eedc6b735f1
            • Instruction ID: 45b10e9506a8dcf0ccfa4e941237d458659118e28ae66fab143a828fa0ece88a
            • Opcode Fuzzy Hash: d701b2ed88c6b8e2090f208c5b7a3375b828755eeb8d7a1f90929eedc6b735f1
            • Instruction Fuzzy Hash: 52617F75940608AFDB21DFA4CC81EEE77F8EF09710F24419AFA15AB2A1CB70AD45DB50
            APIs
            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00B06F15
            • SafeArrayAllocData.OLEAUT32(?), ref: 00B06F6E
            • VariantInit.OLEAUT32(?), ref: 00B06F80
            • SafeArrayAccessData.OLEAUT32(?,?), ref: 00B06FA0
            • VariantCopy.OLEAUT32(?,?), ref: 00B06FF3
            • SafeArrayUnaccessData.OLEAUT32(?), ref: 00B07007
            • VariantClear.OLEAUT32(?), ref: 00B0701C
            • SafeArrayDestroyData.OLEAUT32(?), ref: 00B07029
            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B07032
            • VariantClear.OLEAUT32(?), ref: 00B07044
            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B0704F
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
            • String ID:
            • API String ID: 2706829360-0
            • Opcode ID: 3f678e94dbc638985eb8f554d6967cbeed8446abdd10e365841d8058903aa1d8
            • Instruction ID: 89e30a730b4ecbdd5ab2c46e8b19e5d99a3a3494e8691e437f646d9540cf97c3
            • Opcode Fuzzy Hash: 3f678e94dbc638985eb8f554d6967cbeed8446abdd10e365841d8058903aa1d8
            • Instruction Fuzzy Hash: E7412E35E0021AAFCF00DFA8D8489AEBFF9EF48354F108069E955A7361DB31A955CB90
            APIs
            • WSAStartup.WSOCK32(00000101,?), ref: 00B258A9
            • inet_addr.WSOCK32(?,?,?), ref: 00B258EE
            • gethostbyname.WSOCK32(?), ref: 00B258FA
            • IcmpCreateFile.IPHLPAPI ref: 00B25908
            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00B25978
            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00B2598E
            • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00B25A03
            • WSACleanup.WSOCK32 ref: 00B25A09
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
            • String ID: Ping
            • API String ID: 1028309954-2246546115
            • Opcode ID: ab70f8a0a49afd13e30966e02d56477f5e1cf86a78de45acfb33a97ca88ddd3d
            • Instruction ID: b4e60d1eb9ec73b542771eb299db1a1f02db85ca8242deea2af0eed6324f0869
            • Opcode Fuzzy Hash: ab70f8a0a49afd13e30966e02d56477f5e1cf86a78de45acfb33a97ca88ddd3d
            • Instruction Fuzzy Hash: A9518031604711DFD720AF24DD85B6A7BE4EF48720F14456AF99ADB2A1DB70EC40DB41
            APIs
            • SetErrorMode.KERNEL32(00000001), ref: 00B1B55C
            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00B1B5D2
            • GetLastError.KERNEL32 ref: 00B1B5DC
            • SetErrorMode.KERNEL32(00000000,READY), ref: 00B1B649
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Error$Mode$DiskFreeLastSpace
            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
            • API String ID: 4194297153-14809454
            • Opcode ID: 52ed4053ac9520a78b21cf1f3b78cca092de464a4fa281453b28913a3c00ac8f
            • Instruction ID: ad19f1b65bc46e9f529825b3f9d0611e426b7c90bcc4d76f473cccbee1f7ac0e
            • Opcode Fuzzy Hash: 52ed4053ac9520a78b21cf1f3b78cca092de464a4fa281453b28913a3c00ac8f
            • Instruction Fuzzy Hash: 50316975A002099BCB10EFA4D995EEEB7F8EF68300F5441A5F501972A2DB719A82CA90
            APIs
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
              • Part of subcall function 00B0AEA4: GetClassNameW.USER32(?,?,000000FF), ref: 00B0AEC7
            • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00B092D6
            • GetDlgCtrlID.USER32 ref: 00B092E1
            • GetParent.USER32 ref: 00B092FD
            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B09300
            • GetDlgCtrlID.USER32(?), ref: 00B09309
            • GetParent.USER32(?), ref: 00B09325
            • SendMessageW.USER32(00000000,?,?,00000111), ref: 00B09328
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$CtrlParent$ClassName_memmove
            • String ID: ComboBox$ListBox
            • API String ID: 1536045017-1403004172
            • Opcode ID: 1d6717dce5d869c44850aa28baadb426623b602e90737c0c3fc8408804208cec
            • Instruction ID: c18709049e97d8aa713e602069851db93c1ea5b79eda1fe390ebfc4e06bf0a8c
            • Opcode Fuzzy Hash: 1d6717dce5d869c44850aa28baadb426623b602e90737c0c3fc8408804208cec
            • Instruction Fuzzy Hash: 8621D670D40204BBDF04AB60CC86EFEBBB8EF55310F204199F561972E2DF795815DA20
            APIs
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
              • Part of subcall function 00B0AEA4: GetClassNameW.USER32(?,?,000000FF), ref: 00B0AEC7
            • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00B093BF
            • GetDlgCtrlID.USER32 ref: 00B093CA
            • GetParent.USER32 ref: 00B093E6
            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B093E9
            • GetDlgCtrlID.USER32(?), ref: 00B093F2
            • GetParent.USER32(?), ref: 00B0940E
            • SendMessageW.USER32(00000000,?,?,00000111), ref: 00B09411
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$CtrlParent$ClassName_memmove
            • String ID: ComboBox$ListBox
            • API String ID: 1536045017-1403004172
            • Opcode ID: 8e4f5a3d7c2aacf120e31095cea11c2f69287cdd2d45ff20aee8517584953e23
            • Instruction ID: 1784ceb498eb563798c0d02116836001deec2fb98f4baef7950e4ed3a57a52dc
            • Opcode Fuzzy Hash: 8e4f5a3d7c2aacf120e31095cea11c2f69287cdd2d45ff20aee8517584953e23
            • Instruction Fuzzy Hash: 87218374E00204BBDF10ABA5CC86EFEBBB8EF55300F2041A5F951972E6DB795915DA20
            APIs
            • GetParent.USER32 ref: 00B09431
            • GetClassNameW.USER32(00000000,?,00000100), ref: 00B09446
            • _wcscmp.LIBCMT ref: 00B09458
            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00B094D3
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ClassMessageNameParentSend_wcscmp
            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
            • API String ID: 1704125052-3381328864
            • Opcode ID: fcb2abe21995b054a1eaf78ed00090defeab93bab9c314dc0b5e5c7a1968c684
            • Instruction ID: 950f37fbf1e8bb33aa3e6f96a14eac77c4d0d2a3ad7d5982866f5e71393ee22f
            • Opcode Fuzzy Hash: fcb2abe21995b054a1eaf78ed00090defeab93bab9c314dc0b5e5c7a1968c684
            • Instruction Fuzzy Hash: F71106B768C307BAFA202620AC07DBE3BDCCF05724B2040A7F905A52F2FE6568528595
            APIs
            • VariantInit.OLEAUT32(?), ref: 00B289EC
            • CoInitialize.OLE32(00000000), ref: 00B28A19
            • CoUninitialize.OLE32 ref: 00B28A23
            • GetRunningObjectTable.OLE32(00000000,?), ref: 00B28B23
            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00B28C50
            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00B42C0C), ref: 00B28C84
            • CoGetObject.OLE32(?,00000000,00B42C0C,?), ref: 00B28CA7
            • SetErrorMode.KERNEL32(00000000), ref: 00B28CBA
            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B28D3A
            • VariantClear.OLEAUT32(?), ref: 00B28D4A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
            • String ID:
            • API String ID: 2395222682-0
            • Opcode ID: f2eff1a1e503a4ee958cea45193f4c0c15d4666414eb627f4288adb959f14e28
            • Instruction ID: ae9c7a09515c1a32e3c054ad6ed8d3c0ecbaa6a865ee1f24cdd5a1ec053595a2
            • Opcode Fuzzy Hash: f2eff1a1e503a4ee958cea45193f4c0c15d4666414eb627f4288adb959f14e28
            • Instruction Fuzzy Hash: 37C157B1609315AFD700DF64D88492BB7E9FF88348F0049ADF58A9B261DB31ED05CB52
            APIs
            • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00B17B15
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ArraySafeVartype
            • String ID:
            • API String ID: 1725837607-0
            • Opcode ID: 2110c374f69835306b3aa491b7a529ac763c7aec30bbf579e3f3983eb0a00f3b
            • Instruction ID: d47cb14fefff8af43dc9c20788cf95a7c8c136672190b207196e011af12551a6
            • Opcode Fuzzy Hash: 2110c374f69835306b3aa491b7a529ac763c7aec30bbf579e3f3983eb0a00f3b
            • Instruction Fuzzy Hash: 3CB1A2B194821A9FDB10DFA8D885BFEB7F4FF09321F6444A9E501E7251DB34A981CB90
            APIs
            • GetCurrentThreadId.KERNEL32 ref: 00B11521
            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00B10599,?,00000001), ref: 00B11535
            • GetWindowThreadProcessId.USER32(00000000), ref: 00B1153C
            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B10599,?,00000001), ref: 00B1154B
            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B1155D
            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B10599,?,00000001), ref: 00B11576
            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B10599,?,00000001), ref: 00B11588
            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00B10599,?,00000001), ref: 00B115CD
            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00B10599,?,00000001), ref: 00B115E2
            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00B10599,?,00000001), ref: 00B115ED
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
            • String ID:
            • API String ID: 2156557900-0
            • Opcode ID: 8e39b1d01db84f35f811e34eb86ebfc7bccd543f30d160b0f0ac280801015819
            • Instruction ID: 2992a18c70ca91d91329b763909ad0e09803de367b55ad74ee23781e358def73
            • Opcode Fuzzy Hash: 8e39b1d01db84f35f811e34eb86ebfc7bccd543f30d160b0f0ac280801015819
            • Instruction Fuzzy Hash: 80319C71D00605BBDB10DF98EC44FB977EAEBA5311F604466FA0ACB1A0DB709DC08B61
            APIs
            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00ABFC06
            • OleUninitialize.OLE32(?,00000000), ref: 00ABFCA5
            • UnregisterHotKey.USER32(?), ref: 00ABFDFC
            • DestroyWindow.USER32(?), ref: 00AF492F
            • FreeLibrary.KERNEL32(?), ref: 00AF4994
            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00AF49C1
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
            • String ID: close all
            • API String ID: 469580280-3243417748
            • Opcode ID: bb7c001c9e2fa8671d9f52fc89adb6be99d71a5d2213ea3776ad2020bfa3b43f
            • Instruction ID: e39d449bc78d8ef30fdc5a191ed47ca82244e1dc062632091cb61a229d7c36b2
            • Opcode Fuzzy Hash: bb7c001c9e2fa8671d9f52fc89adb6be99d71a5d2213ea3776ad2020bfa3b43f
            • Instruction Fuzzy Hash: 80A17F31701216CFCB28EF54C995B7AF7A8AF05740F5542ADF90A6B262DB30AD52CF50
            APIs
            • EnumChildWindows.USER32(?,00B0A844), ref: 00B0A782
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ChildEnumWindows
            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
            • API String ID: 3555792229-1603158881
            • Opcode ID: 761bff6bd611ee34d7096e5f93cd1fde3a2896291ba54d9196b7b6b944dc25ae
            • Instruction ID: 765579b6fd78799d67e0d1be678c3ee1368152caa880bfa7b914bda98ef031a0
            • Opcode Fuzzy Hash: 761bff6bd611ee34d7096e5f93cd1fde3a2896291ba54d9196b7b6b944dc25ae
            • Instruction Fuzzy Hash: A1919031A00605AACB18DF60C5D1BE9FFF8FF04304F54859AD85AA7291DF316999CB91
            APIs
            • SetWindowLongW.USER32(?,000000EB), ref: 00AB2EAE
              • Part of subcall function 00AB1DB3: GetClientRect.USER32(?,?), ref: 00AB1DDC
              • Part of subcall function 00AB1DB3: GetWindowRect.USER32(?,?), ref: 00AB1E1D
              • Part of subcall function 00AB1DB3: ScreenToClient.USER32(?,?), ref: 00AB1E45
            • GetDC.USER32 ref: 00AECEB2
            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00AECEC5
            • SelectObject.GDI32(00000000,00000000), ref: 00AECED3
            • SelectObject.GDI32(00000000,00000000), ref: 00AECEE8
            • ReleaseDC.USER32(?,00000000), ref: 00AECEF0
            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00AECF7B
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
            • String ID: U
            • API String ID: 4009187628-3372436214
            • Opcode ID: 55fe3874f119b32bfcd8304199fc1474fbca2e1c50d9245df8801472e1b8ae1a
            • Instruction ID: 337fad1ff531266231979b5832344db6497f3f2d6954e49c5b112e764d86f139
            • Opcode Fuzzy Hash: 55fe3874f119b32bfcd8304199fc1474fbca2e1c50d9245df8801472e1b8ae1a
            • Instruction Fuzzy Hash: 0371B031500245DFCF258F65C884AFA7BBAFF48320F14426AFD555A2A6D7319C42DF60
            APIs
            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B21B66
            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00B21B92
            • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00B21BD4
            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00B21BE9
            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B21BF6
            • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00B21C26
            • InternetCloseHandle.WININET(00000000), ref: 00B21C6D
              • Part of subcall function 00B22599: GetLastError.KERNEL32(?,?,00B2192D,00000000,00000000,00000001), ref: 00B225AE
              • Part of subcall function 00B22599: SetEvent.KERNEL32(?,?,00B2192D,00000000,00000000,00000001), ref: 00B225C3
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorEventHandleInfoLastOpenSend
            • String ID:
            • API String ID: 2603140658-3916222277
            • Opcode ID: 57c988b48051e22ae403dddedae172b9e3ece18d877ecd28432f9c0721f0f5a2
            • Instruction ID: 1405accc92c6c440830116403890d66dac02c68ca577400e9fac25f6c731f3be
            • Opcode Fuzzy Hash: 57c988b48051e22ae403dddedae172b9e3ece18d877ecd28432f9c0721f0f5a2
            • Instruction Fuzzy Hash: EB41A1B1940229BFEB119F54DC89FBF77ACEF18350F104166FA099A151EB709E448BA0
            APIs
            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00B3F910), ref: 00B28E3D
            • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00B3F910), ref: 00B28E71
            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00B28FEB
            • SysFreeString.OLEAUT32(?), ref: 00B29015
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Free$FileLibraryModuleNamePathQueryStringType
            • String ID:
            • API String ID: 560350794-0
            • Opcode ID: 89d4d26ad39152e8430b6a9a4c842b04cb4b426d07e975b622302bc1bc17547e
            • Instruction ID: 2b07e3198bb39956f95d29a3a47d082c62b069f0c6cd881dd7ebe23a1cc22256
            • Opcode Fuzzy Hash: 89d4d26ad39152e8430b6a9a4c842b04cb4b426d07e975b622302bc1bc17547e
            • Instruction Fuzzy Hash: 0BF15A31A00219EFCF04DF94D888EAEB7B9FF49315F1084A8F919AB251CB31AE45CB50
            APIs
            • _memset.LIBCMT ref: 00B2F7C9
            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B2F95C
            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B2F980
            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B2F9C0
            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B2F9E2
            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B2FB5E
            • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00B2FB90
            • CloseHandle.KERNEL32(?), ref: 00B2FBBF
            • CloseHandle.KERNEL32(?), ref: 00B2FC36
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
            • String ID:
            • API String ID: 4090791747-0
            • Opcode ID: 12285ce9bd27f7f960f76547ae2d4f6cb80026a5ead207d049af10196d3a864e
            • Instruction ID: 63073a50206d8256484e96e73bb1ab34d363f854507a2160052f0e556f40b18a
            • Opcode Fuzzy Hash: 12285ce9bd27f7f960f76547ae2d4f6cb80026a5ead207d049af10196d3a864e
            • Instruction Fuzzy Hash: B2E19F316042129FC714EF24D991B6ABBF5EF89350F1485BDF88A9B2A2CB31DC41CB52
            APIs
              • Part of subcall function 00B146AF: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B136DB,?), ref: 00B146CC
              • Part of subcall function 00B146AF: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B136DB,?), ref: 00B146E5
              • Part of subcall function 00B14AD8: GetFileAttributesW.KERNEL32(?,00B1374F), ref: 00B14AD9
            • lstrcmpiW.KERNEL32(?,?), ref: 00B14DE7
            • _wcscmp.LIBCMT ref: 00B14E01
            • MoveFileW.KERNEL32(?,?), ref: 00B14E1C
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
            • String ID:
            • API String ID: 793581249-0
            • Opcode ID: 0526e6e5062c2c56602e6d9597da05fa86e3685b21fbc483892134a98aeeb239
            • Instruction ID: bfaf5835382d93d4764ad180b123f6c98ce1cba70e089c7fd9dc8858af008f42
            • Opcode Fuzzy Hash: 0526e6e5062c2c56602e6d9597da05fa86e3685b21fbc483892134a98aeeb239
            • Instruction Fuzzy Hash: 735162B24083859BC724EBA0D9819DFB7ECEF85300F50096EB189D3152EF74A688C766
            APIs
            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00B38731
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: InvalidateRect
            • String ID:
            • API String ID: 634782764-0
            • Opcode ID: 7b7517ea686b5f187cf6225b7ee3a845c87f5e18906f4de14c7341cb9377cb52
            • Instruction ID: a3809364274dd3b69c68b6d5161a0525da66941c488c24722b6fc9f549dfedff
            • Opcode Fuzzy Hash: 7b7517ea686b5f187cf6225b7ee3a845c87f5e18906f4de14c7341cb9377cb52
            • Instruction Fuzzy Hash: 02517F70A00304BAEF249B69CC86BAD7BE5EB05350F704596FA15E61E1CF71AD90CB92
            APIs
            • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00AEC477
            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00AEC499
            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00AEC4B1
            • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00AEC4CF
            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00AEC4F0
            • DestroyIcon.USER32(00000000), ref: 00AEC4FF
            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00AEC51C
            • DestroyIcon.USER32(?), ref: 00AEC52B
              • Part of subcall function 00B3A4E1: DeleteObject.GDI32(00000000), ref: 00B3A51A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
            • String ID:
            • API String ID: 2819616528-0
            • Opcode ID: df4f15ea7cbe476ca4c427d68be516b523ec4151da5820b159e4802d65fc0748
            • Instruction ID: 15030115031342a3311816297a8c1e1585d507ca53540835e926a5d63f423a6f
            • Opcode Fuzzy Hash: df4f15ea7cbe476ca4c427d68be516b523ec4151da5820b159e4802d65fc0748
            • Instruction Fuzzy Hash: DC515A70A00209EFDB24DF25DC45FAA3BB9EB58720F204529F94697291DB70AD91DB60
            APIs
              • Part of subcall function 00B0AC37: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B0AC57
              • Part of subcall function 00B0AC37: GetCurrentThreadId.KERNEL32 ref: 00B0AC5E
              • Part of subcall function 00B0AC37: AttachThreadInput.USER32(00000000,?,00B09945,?,00000001), ref: 00B0AC65
            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B09950
            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00B0996D
            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00B09970
            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B09979
            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00B09997
            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00B0999A
            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B099A3
            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00B099BA
            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00B099BD
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
            • String ID:
            • API String ID: 2014098862-0
            • Opcode ID: 602aee1ccc9d9b2b6caa644d5dc6f0f977007acfb05b0d8105edefd2e1458dde
            • Instruction ID: 462299953dae0571beb83ca70e107a75648d7ac4d4054937a58cb85616d6c9e8
            • Opcode Fuzzy Hash: 602aee1ccc9d9b2b6caa644d5dc6f0f977007acfb05b0d8105edefd2e1458dde
            • Instruction Fuzzy Hash: 3F11E1B1950618BFFA106B60DC8AF6A7F6DEB4C751F210429F344AB0E0CDF26C10DAA4
            APIs
            • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00B08864,00000B00,?,?), ref: 00B08BEC
            • HeapAlloc.KERNEL32(00000000,?,00B08864,00000B00,?,?), ref: 00B08BF3
            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B08864,00000B00,?,?), ref: 00B08C08
            • GetCurrentProcess.KERNEL32(?,00000000,?,00B08864,00000B00,?,?), ref: 00B08C10
            • DuplicateHandle.KERNEL32(00000000,?,00B08864,00000B00,?,?), ref: 00B08C13
            • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00B08864,00000B00,?,?), ref: 00B08C23
            • GetCurrentProcess.KERNEL32(00B08864,00000000,?,00B08864,00000B00,?,?), ref: 00B08C2B
            • DuplicateHandle.KERNEL32(00000000,?,00B08864,00000B00,?,?), ref: 00B08C2E
            • CreateThread.KERNEL32(00000000,00000000,00B08C54,00000000,00000000,00000000), ref: 00B08C48
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
            • String ID:
            • API String ID: 1957940570-0
            • Opcode ID: cc900cffa92c83295e439c424922e133c6ef5c44a621ff677b608db2eb73a221
            • Instruction ID: 4e3fcb686ca24c2d147e94188d0681c82729e69001937b33999ad24abee17257
            • Opcode Fuzzy Hash: cc900cffa92c83295e439c424922e133c6ef5c44a621ff677b608db2eb73a221
            • Instruction Fuzzy Hash: 3601BBB5640749FFEB10ABA5EC4DF6B3BACEB89711F104421FA05DB1A1CA709804DB20
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Variant$ClearInit$_memset
            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
            • API String ID: 2862541840-625585964
            • Opcode ID: fc5c5de1e51cf270a53e10465bffc1c6fc89977acfb77c9e30480cddbab329bd
            • Instruction ID: 917a4471741a36c96c7309156091e21eeb0f4d0dbf9036122444c4291af370bd
            • Opcode Fuzzy Hash: fc5c5de1e51cf270a53e10465bffc1c6fc89977acfb77c9e30480cddbab329bd
            • Instruction Fuzzy Hash: E4916F71A00225ABDF24DFA5E884FAEB7F8EF45710F108599F51DAB280D7709945CBA0
            APIs
              • Part of subcall function 00B07432: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00B0736C,80070057,?,?,?,00B0777D), ref: 00B0744F
              • Part of subcall function 00B07432: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00B0736C,80070057,?,?), ref: 00B0746A
              • Part of subcall function 00B07432: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00B0736C,80070057,?,?), ref: 00B07478
              • Part of subcall function 00B07432: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00B0736C,80070057,?), ref: 00B07488
            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00B2991B
            • _memset.LIBCMT ref: 00B29928
            • _memset.LIBCMT ref: 00B29A6B
            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 00B29A97
            • CoTaskMemFree.OLE32(?), ref: 00B29AA2
            Strings
            • NULL Pointer assignment, xrefs: 00B29AF0
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
            • String ID: NULL Pointer assignment
            • API String ID: 1300414916-2785691316
            • Opcode ID: 34729d36ad893caa3f325d56d8bcfb445581077a1121aa63f961ba229d3ce16f
            • Instruction ID: c11b90a65989c60d16b424031ee2feb72cc3c2011c3e708228eccb3422f09de5
            • Opcode Fuzzy Hash: 34729d36ad893caa3f325d56d8bcfb445581077a1121aa63f961ba229d3ce16f
            • Instruction Fuzzy Hash: 91912971D00229EBDF10DFA4EC85ADEBBB8EF09710F20419AF519A7291DB715A45CFA0
            APIs
            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00B36E56
            • SendMessageW.USER32(?,00001036,00000000,?), ref: 00B36E6A
            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00B36E84
            • _wcscat.LIBCMT ref: 00B36EDF
            • SendMessageW.USER32(?,00001057,00000000,?), ref: 00B36EF6
            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00B36F24
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$Window_wcscat
            • String ID: SysListView32
            • API String ID: 307300125-78025650
            • Opcode ID: f1fa5dd73f1a2bf07a9a1baad1a1bbfaa5bade03cd3eb4457aa0b4f18bcfdc7a
            • Instruction ID: c7d3beffaf290f0f60efa01a86229d39a12ab6fbd2b0f219ce1d9cc68b170d97
            • Opcode Fuzzy Hash: f1fa5dd73f1a2bf07a9a1baad1a1bbfaa5bade03cd3eb4457aa0b4f18bcfdc7a
            • Instruction Fuzzy Hash: 92418275A00308BBEB219F64CC85BEE77F8EF08350F2044AAF545E7291D6729D84CB60
            APIs
              • Part of subcall function 00B13C99: CreateToolhelp32Snapshot.KERNEL32 ref: 00B13CBE
              • Part of subcall function 00B13C99: Process32FirstW.KERNEL32(00000000,?), ref: 00B13CCC
              • Part of subcall function 00B13C99: CloseHandle.KERNEL32(00000000), ref: 00B13D96
            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B2EAB8
            • GetLastError.KERNEL32 ref: 00B2EACB
            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B2EAFA
            • TerminateProcess.KERNEL32(00000000,00000000), ref: 00B2EB77
            • GetLastError.KERNEL32(00000000), ref: 00B2EB82
            • CloseHandle.KERNEL32(00000000), ref: 00B2EBB7
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
            • String ID: SeDebugPrivilege
            • API String ID: 2533919879-2896544425
            • Opcode ID: 59f64a5ebb901f57875f7d034ff6b2bbd2e2a4dfabe861cb6ce32cf3d86e41e6
            • Instruction ID: 2ffb8ae6d76081b315d8bd2207c97bd533f5a3a79e36ddd8624e93f0202ec0f7
            • Opcode Fuzzy Hash: 59f64a5ebb901f57875f7d034ff6b2bbd2e2a4dfabe861cb6ce32cf3d86e41e6
            • Instruction Fuzzy Hash: C44199316002119FDB14EF14DC99FAEBBE5AF40710F18809DF946AB2D2CB74E804CB85
            APIs
            • LoadIconW.USER32(00000000,00007F03), ref: 00B130CD
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: IconLoad
            • String ID: blank$info$question$stop$warning
            • API String ID: 2457776203-404129466
            • Opcode ID: 6ec35c5707bca4ddf88ffbada82b3c5a76ac5c6fd545ce55f5fedb80070c9303
            • Instruction ID: 349672e8b568b461d376613ea38018e3749dc71b7c8380e6e7a631f3c42bc07a
            • Opcode Fuzzy Hash: 6ec35c5707bca4ddf88ffbada82b3c5a76ac5c6fd545ce55f5fedb80070c9303
            • Instruction Fuzzy Hash: 5F110836608347BADB205B14DC86EFA77DCDF19B20F6000ABF50596281FEA55F8045A1
            APIs
            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00B14353
            • LoadStringW.USER32(00000000), ref: 00B1435A
            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00B14370
            • LoadStringW.USER32(00000000), ref: 00B14377
            • _wprintf.LIBCMT ref: 00B1439D
            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00B143BB
            Strings
            • %s (%d) : ==> %s: %s %s, xrefs: 00B14398
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: HandleLoadModuleString$Message_wprintf
            • String ID: %s (%d) : ==> %s: %s %s
            • API String ID: 3648134473-3128320259
            • Opcode ID: 79685fecb6cbcb739406eb5b783793b1f705ffb3a1fae357b1438ac93c10a752
            • Instruction ID: c0445670b3bc5130f3fa97f695714bf3ce21cccb2bd04ce6abe003e662702052
            • Opcode Fuzzy Hash: 79685fecb6cbcb739406eb5b783793b1f705ffb3a1fae357b1438ac93c10a752
            • Instruction Fuzzy Hash: 65014FF2900209BFE7519BA0AD89EFA77ACD708701F5005B6B705E3051EE749E858B75
            APIs
              • Part of subcall function 00AB2612: GetWindowLongW.USER32(?,000000EB), ref: 00AB2623
            • GetSystemMetrics.USER32(0000000F), ref: 00B3D4E6
            • GetSystemMetrics.USER32(0000000F), ref: 00B3D506
            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00B3D741
            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00B3D75F
            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00B3D780
            • ShowWindow.USER32(00000003,00000000), ref: 00B3D79F
            • InvalidateRect.USER32(?,00000000,00000001), ref: 00B3D7C4
            • DefDlgProcW.USER32(?,00000005,?,?), ref: 00B3D7E7
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
            • String ID:
            • API String ID: 1211466189-0
            • Opcode ID: 553d7667a838513b178ca39b615eed1115fbd77387dbeba178cd4577c29b26c3
            • Instruction ID: 0738dabdd806e74ea40b1623cd20c1b0ec25153f86cf570ef8a42335eaf168db
            • Opcode Fuzzy Hash: 553d7667a838513b178ca39b615eed1115fbd77387dbeba178cd4577c29b26c3
            • Instruction Fuzzy Hash: E4B16775A00229EBDF14CF28D9857AD7BF1FF04711F2880A9EC589B295DB34AD90CB50
            APIs
            • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00AEC347,00000004,00000000,00000000,00000000), ref: 00AB2ACF
            • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,00AEC347,00000004,00000000,00000000,00000000,000000FF), ref: 00AB2B17
            • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,00AEC347,00000004,00000000,00000000,00000000), ref: 00AEC39A
            • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00AEC347,00000004,00000000,00000000,00000000), ref: 00AEC406
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ShowWindow
            • String ID:
            • API String ID: 1268545403-0
            • Opcode ID: f9a14584e08b63859db58ec812e5a1eb9ceb8daf28b03be7d62ff3b017273465
            • Instruction ID: b222b98f5a5bcab18cf645d16c3b60357f521334ce87b4f1fea32d54132a8bfb
            • Opcode Fuzzy Hash: f9a14584e08b63859db58ec812e5a1eb9ceb8daf28b03be7d62ff3b017273465
            • Instruction Fuzzy Hash: BB41D9316047C19BD7359B298D88BFBBBAABB45350F38C81FE047875A2CA75A842D711
            APIs
            • InterlockedExchange.KERNEL32(?,000001F5), ref: 00B17186
              • Part of subcall function 00AD0F36: std::exception::exception.LIBCMT ref: 00AD0F6C
              • Part of subcall function 00AD0F36: __CxxThrowException@8.LIBCMT ref: 00AD0F81
            • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00B171BD
            • EnterCriticalSection.KERNEL32(?), ref: 00B171D9
            • _memmove.LIBCMT ref: 00B17227
            • _memmove.LIBCMT ref: 00B17244
            • LeaveCriticalSection.KERNEL32(?), ref: 00B17253
            • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00B17268
            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00B17287
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
            • String ID:
            • API String ID: 256516436-0
            • Opcode ID: 55ed4d23242cf9f7c70cf70f35f60fc3ceab13cede5ca6b428fc9dee086d3027
            • Instruction ID: f751e988669612658ec64d2194bee8e2186f886ef8f17489950435ee67ea1002
            • Opcode Fuzzy Hash: 55ed4d23242cf9f7c70cf70f35f60fc3ceab13cede5ca6b428fc9dee086d3027
            • Instruction Fuzzy Hash: 93318131900205EBCF10DF94DD85EAF77B8EF49710F2441AAF905AB256DB709E55CBA0
            APIs
            • DeleteObject.GDI32(00000000), ref: 00B3621D
            • GetDC.USER32(00000000), ref: 00B36225
            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B36230
            • ReleaseDC.USER32(00000000,00000000), ref: 00B3623C
            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00B36278
            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00B36289
            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00B3905C,?,?,000000FF,00000000,?,000000FF,?), ref: 00B362C3
            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00B362E3
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
            • String ID:
            • API String ID: 3864802216-0
            • Opcode ID: cf864c9633810d1676cb07400d8739c0a5f9211e2cf424451b91014b76891ee0
            • Instruction ID: fe5a8eb860ca5defb6f9373966717665513dff8b01e6a48e4659533e3e13222d
            • Opcode Fuzzy Hash: cf864c9633810d1676cb07400d8739c0a5f9211e2cf424451b91014b76891ee0
            • Instruction Fuzzy Hash: 38319C72600210BFEB108F14DC8AFFB3FA9EF09721F144065FE089A291CA759C41CBA4
            APIs
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
              • Part of subcall function 00ACFE06: _wcscpy.LIBCMT ref: 00ACFE29
            • _wcstok.LIBCMT ref: 00B1ED20
            • _wcscpy.LIBCMT ref: 00B1EDAF
            • _memset.LIBCMT ref: 00B1EDE2
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _wcscpy$__itow__swprintf_memset_wcstok
            • String ID: X
            • API String ID: 774024439-3081909835
            • Opcode ID: 168c05db03abfbbc4b8c28c32d5d491741951c02d1f52f5417ed6fa298108ab9
            • Instruction ID: ad2595120a914b9bb0d8bef62c2587eb3b336061333e161a3ec3f9cb39058e5b
            • Opcode Fuzzy Hash: 168c05db03abfbbc4b8c28c32d5d491741951c02d1f52f5417ed6fa298108ab9
            • Instruction Fuzzy Hash: 13C192315083009FC764EF24C985A9EB7E4FF89310F54496DF8999B2A2DB70ED45CB82
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d19f5d52516e260da85a8f114c2c650210267919020b571f1f4f268ff0ea2bb9
            • Instruction ID: f458ec0d1102a34fd14756ff974c53e77f076a60926c65e856d7ab8034febc85
            • Opcode Fuzzy Hash: d19f5d52516e260da85a8f114c2c650210267919020b571f1f4f268ff0ea2bb9
            • Instruction Fuzzy Hash: 59715770900149EFCB148F99CC99AFFBBB9FF85310F608159F915AA252C734AA51CBA0
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e3024594a0afd01925d0a2bbb6c61334472c8360b3724029bed349c816e1da52
            • Instruction ID: dd368048a94aca139e5b4ea82d50a0da2f73b4522154f5b519658d70e913089a
            • Opcode Fuzzy Hash: e3024594a0afd01925d0a2bbb6c61334472c8360b3724029bed349c816e1da52
            • Instruction Fuzzy Hash: AF619971508310ABD710EF24DD86EAFB7EDEF88710F104959F55A9B2A2DA70ED04CB92
            APIs
            • IsWindow.USER32(00C95A08), ref: 00B3B41F
            • IsWindowEnabled.USER32(00C95A08), ref: 00B3B42B
            • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 00B3B50F
            • SendMessageW.USER32(00C95A08,000000B0,?,?), ref: 00B3B546
            • IsDlgButtonChecked.USER32(?,?), ref: 00B3B583
            • GetWindowLongW.USER32(00C95A08,000000EC), ref: 00B3B5A5
            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00B3B5BD
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
            • String ID:
            • API String ID: 4072528602-0
            • Opcode ID: c63052ed368b71136cfcf2e18f220acc75e53c4f699fcfb83a817a0ae91d76ad
            • Instruction ID: 14fe32e3756f40416d06fc24a18d694ed047dc1ffada17ab21dd127576961f4f
            • Opcode Fuzzy Hash: c63052ed368b71136cfcf2e18f220acc75e53c4f699fcfb83a817a0ae91d76ad
            • Instruction Fuzzy Hash: DA718F35A01204AFDB259F68C895FBABBF9EF19300F2440E9EA5597366C731AD50CB14
            APIs
            • _memset.LIBCMT ref: 00B2F55C
            • _memset.LIBCMT ref: 00B2F625
            • ShellExecuteExW.SHELL32(?), ref: 00B2F66A
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
              • Part of subcall function 00ACFE06: _wcscpy.LIBCMT ref: 00ACFE29
            • GetProcessId.KERNEL32(00000000), ref: 00B2F6E1
            • CloseHandle.KERNEL32(00000000), ref: 00B2F710
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
            • String ID: @
            • API String ID: 3522835683-2766056989
            • Opcode ID: 1161050615d1a89f736c56b7218da97a19f62212c598d6eff158095c803bf0dc
            • Instruction ID: ae4585987a5462de36b46f2e526bf336023a53bed69d49aef42b2c1e91c4d7d1
            • Opcode Fuzzy Hash: 1161050615d1a89f736c56b7218da97a19f62212c598d6eff158095c803bf0dc
            • Instruction Fuzzy Hash: D1618175A006299FCF15DF54D5819AEBBF5FF48310F1484ADE85AAB361CB30AD41CB90
            APIs
            • GetParent.USER32(?), ref: 00B112BD
            • GetKeyboardState.USER32(?), ref: 00B112D2
            • SetKeyboardState.USER32(?), ref: 00B11333
            • PostMessageW.USER32(?,00000101,00000010,?), ref: 00B11361
            • PostMessageW.USER32(?,00000101,00000011,?), ref: 00B11380
            • PostMessageW.USER32(?,00000101,00000012,?), ref: 00B113C6
            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00B113E9
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessagePost$KeyboardState$Parent
            • String ID:
            • API String ID: 87235514-0
            • Opcode ID: 397043c7dbbdddee9c27d579545c1c45c11f76ea3af66ae184272b119c6deee0
            • Instruction ID: 323730a2a25b7f40b68e207b23aaa4ac18cb0292b7f50a320e13d472d78fd057
            • Opcode Fuzzy Hash: 397043c7dbbdddee9c27d579545c1c45c11f76ea3af66ae184272b119c6deee0
            • Instruction Fuzzy Hash: A351E4A09087D23DFB36433C9C45BFA7EE99B06704F8849C9E2E5868C2C6D8ACC4D750
            APIs
            • GetParent.USER32(00000000), ref: 00B110D6
            • GetKeyboardState.USER32(?), ref: 00B110EB
            • SetKeyboardState.USER32(?), ref: 00B1114C
            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00B11178
            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00B11195
            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00B111D9
            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00B111FA
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessagePost$KeyboardState$Parent
            • String ID:
            • API String ID: 87235514-0
            • Opcode ID: 5d17d9e390712a1ed7dcf841fb66b4379534044ff342c487b4a1ef86557bd1d0
            • Instruction ID: 127ca15b3605f03d01693349893425e52a4acb971db68979a37b5e4a22c2f5ee
            • Opcode Fuzzy Hash: 5d17d9e390712a1ed7dcf841fb66b4379534044ff342c487b4a1ef86557bd1d0
            • Instruction Fuzzy Hash: 4351D5A0A047D63DFB3687288C45BFABEE9DB06300F484DC9E7D5968C2D694ACD8D750
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _wcsncpy$LocalTime
            • String ID:
            • API String ID: 2945705084-0
            • Opcode ID: 6b07740dce975bbf8f34b52e0f1c3fd9bb87ab23cfc1fed907853a2e60939341
            • Instruction ID: 34ff5adb8c6f982bbd612a1f19e495e128ccb2c6e6bd9c3ca5bc62ae2114c544
            • Opcode Fuzzy Hash: 6b07740dce975bbf8f34b52e0f1c3fd9bb87ab23cfc1fed907853a2e60939341
            • Instruction Fuzzy Hash: 0341A5A6C20914BACB11EBB49C86ADFB7BCAF05310F508467F51AE3261E6349744C3E6
            APIs
              • Part of subcall function 00B146AF: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B136DB,?), ref: 00B146CC
              • Part of subcall function 00B146AF: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B136DB,?), ref: 00B146E5
            • lstrcmpiW.KERNEL32(?,?), ref: 00B136FB
            • _wcscmp.LIBCMT ref: 00B13717
            • MoveFileW.KERNEL32(?,?), ref: 00B1372F
            • _wcscat.LIBCMT ref: 00B13777
            • SHFileOperationW.SHELL32(?), ref: 00B137E3
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
            • String ID: \*.*
            • API String ID: 1377345388-1173974218
            • Opcode ID: 2daeadb5717e8184a7800af7539b2a13bb4a08f01cd15590071e6df6a7080a04
            • Instruction ID: 6dfcca600759e546990942308638a8e161cb1a28a9fb5644736dc2eddb73e958
            • Opcode Fuzzy Hash: 2daeadb5717e8184a7800af7539b2a13bb4a08f01cd15590071e6df6a7080a04
            • Instruction Fuzzy Hash: C4416FB2508345AAC751EF64D441ADFB7ECEF89780F50096EB48AC31A1EB34D788C756
            APIs
            • _memset.LIBCMT ref: 00B372DC
            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B37383
            • IsMenu.USER32(?), ref: 00B3739B
            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B373E3
            • DrawMenuBar.USER32 ref: 00B373F6
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Menu$Item$DrawInfoInsert_memset
            • String ID: 0
            • API String ID: 3866635326-4108050209
            • Opcode ID: b78583b9cc94f2109868b6b64a89e689c2d6218d4f6cc28cdb9efd9d78a33ccf
            • Instruction ID: 5a0645db28e75899d680f2696719b10735319e687996df9c811463a9043237b6
            • Opcode Fuzzy Hash: b78583b9cc94f2109868b6b64a89e689c2d6218d4f6cc28cdb9efd9d78a33ccf
            • Instruction Fuzzy Hash: 1C4128B5A04209EFDB20DF50D884EAABBF8FB08354F248069ED5597360DB70AD55DF90
            APIs
            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 00B3105C
            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B31086
            • FreeLibrary.KERNEL32(00000000), ref: 00B3113D
              • Part of subcall function 00B3102D: RegCloseKey.ADVAPI32(?), ref: 00B310A3
              • Part of subcall function 00B3102D: FreeLibrary.KERNEL32(?), ref: 00B310F5
              • Part of subcall function 00B3102D: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00B31118
            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B310E0
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: EnumFreeLibrary$CloseDeleteOpen
            • String ID:
            • API String ID: 395352322-0
            • Opcode ID: 1622d0b856e5f3efe337a8fe5b440744dd66ab3953fd3fadceb2e7e0ad0ce999
            • Instruction ID: 721891a368dd168ee53bc2e7d5b18d0434856cad18a9bab0654a0a6b9fdf1be8
            • Opcode Fuzzy Hash: 1622d0b856e5f3efe337a8fe5b440744dd66ab3953fd3fadceb2e7e0ad0ce999
            • Instruction Fuzzy Hash: DB312BB5D01119BFDB19DF98DC89EFFB7BCEF08340F2005A9E501A2151EA749E859BA0
            APIs
            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00B3631E
            • GetWindowLongW.USER32(00C95A08,000000F0), ref: 00B36351
            • GetWindowLongW.USER32(00C95A08,000000F0), ref: 00B36386
            • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00B363B8
            • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00B363E2
            • GetWindowLongW.USER32(00000000,000000F0), ref: 00B363F3
            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00B3640D
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: LongWindow$MessageSend
            • String ID:
            • API String ID: 2178440468-0
            • Opcode ID: 239f4218f32095547cc263b4a254d4728992111f77538cd57c73a14f63f6260b
            • Instruction ID: 46b55de07a51ca86cad8e2edc18b5ff18b76cedc06897ab7e17e5529d177a553
            • Opcode Fuzzy Hash: 239f4218f32095547cc263b4a254d4728992111f77538cd57c73a14f63f6260b
            • Instruction Fuzzy Hash: C331D431A44255AFDB21CF1CDC85F6937E1FB4A710F2981A4F5158F2B2CB72A880DB55
            APIs
              • Part of subcall function 00B27EA0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00B27ECB
            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00B262DC
            • WSAGetLastError.WSOCK32(00000000), ref: 00B262EB
            • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00B26324
            • connect.WSOCK32(00000000,?,00000010), ref: 00B2632D
            • WSAGetLastError.WSOCK32 ref: 00B26337
            • closesocket.WSOCK32(00000000), ref: 00B26360
            • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00B26379
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
            • String ID:
            • API String ID: 910771015-0
            • Opcode ID: 3b8bbe810e9b2e4754cf4067a4c3c5c728453bff3604ea4af9fcd0af95f0affb
            • Instruction ID: 2749dbe7418b556a41031535145e4da77867389780c6f6d1f95ea41bf0dd9088
            • Opcode Fuzzy Hash: 3b8bbe810e9b2e4754cf4067a4c3c5c728453bff3604ea4af9fcd0af95f0affb
            • Instruction Fuzzy Hash: B531A431600129EFDB10DF64DD85BBE7BEDEB45760F1440A9F90997291DB70AC048BA5
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __wcsnicmp
            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
            • API String ID: 1038674560-2734436370
            • Opcode ID: 788440deb733e9ab21999d926374fd8aa1957b2454349dec2fa03c5768b4c34c
            • Instruction ID: 8bc0174cb668972704eaa430d110a2181d6abb0febf090b313e2bde7e8cd4189
            • Opcode Fuzzy Hash: 788440deb733e9ab21999d926374fd8aa1957b2454349dec2fa03c5768b4c34c
            • Instruction Fuzzy Hash: E9217C333081127AC630EB249D12FB777E8EF95310F504076F886875D2E7909E42D395
            APIs
              • Part of subcall function 00AB1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00AB1D73
              • Part of subcall function 00AB1D35: GetStockObject.GDI32(00000011), ref: 00AB1D87
              • Part of subcall function 00AB1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AB1D91
            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00B37664
            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00B37671
            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00B3767C
            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00B3768B
            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00B37697
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$CreateObjectStockWindow
            • String ID: Msctls_Progress32
            • API String ID: 1025951953-3636473452
            • Opcode ID: 19b9baf6d6646d6cfb194b56b05eba55e105b5a51c152b429609cbce6af85726
            • Instruction ID: 4d15931634a424a30eb3c16ff4bb2790aa85564958263581c6efa1d8785e8770
            • Opcode Fuzzy Hash: 19b9baf6d6646d6cfb194b56b05eba55e105b5a51c152b429609cbce6af85726
            • Instruction Fuzzy Hash: 4211B6B2150219BFEF159F64CC86EE77FADEF08758F114115B604A6051CA71AC21DBA0
            APIs
            • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00AD41D2,?), ref: 00AD4123
            • GetProcAddress.KERNEL32(00000000), ref: 00AD412A
            • EncodePointer.KERNEL32(00000000), ref: 00AD4136
            • DecodePointer.KERNEL32(00000001,00AD41D2,?), ref: 00AD4153
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
            • String ID: RoInitialize$combase.dll
            • API String ID: 3489934621-340411864
            • Opcode ID: 29b0a7753e7e80c4cb60632f72c6f75d52e3f27244a0f7106be0e0dd84c34bbe
            • Instruction ID: e1413d232803f9d9d7199e0a44809a249afd88af6ac539c931779ca886d53122
            • Opcode Fuzzy Hash: 29b0a7753e7e80c4cb60632f72c6f75d52e3f27244a0f7106be0e0dd84c34bbe
            • Instruction Fuzzy Hash: 08E0E570AA0301ABEB105B70EC49B283AE4AB16B02FA08474B406E79B0CEB54284BE04
            APIs
            • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00AD40F8), ref: 00AD41F8
            • GetProcAddress.KERNEL32(00000000), ref: 00AD41FF
            • EncodePointer.KERNEL32(00000000), ref: 00AD420A
            • DecodePointer.KERNEL32(00AD40F8), ref: 00AD4225
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
            • String ID: RoUninitialize$combase.dll
            • API String ID: 3489934621-2819208100
            • Opcode ID: 3280f3bf9ee92b12b7da80a046c551806fdb145c0d2711be1aafb6e5f33e59e8
            • Instruction ID: 8e23ba3b7b4b7ae9a58243ddd332851092707c1aef997fef6e8dd3068fe42bf3
            • Opcode Fuzzy Hash: 3280f3bf9ee92b12b7da80a046c551806fdb145c0d2711be1aafb6e5f33e59e8
            • Instruction Fuzzy Hash: E5E09270A81201AFEB109B61EC4DB593BE4BB08B43FA04035F115E35B0CFB64644AA15
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memmove$__itow__swprintf
            • String ID:
            • API String ID: 3253778849-0
            • Opcode ID: 315611e33a001a930c176ee637cfb43f2d7621e662e44577b942eeaf6dd46d17
            • Instruction ID: e261b3f7a6e52a27469dd93043cb62be73156d6582486d828840f873762162d0
            • Opcode Fuzzy Hash: 315611e33a001a930c176ee637cfb43f2d7621e662e44577b942eeaf6dd46d17
            • Instruction Fuzzy Hash: D861AC3050065A9BCF11EF60CD82FFE7BA9EF48308F444599F95A5B2A2DB34AD45CB90
            APIs
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
              • Part of subcall function 00B30EA5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B2FE38,?,?), ref: 00B30EBC
            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B30348
            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B30388
            • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00B303AB
            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00B303D4
            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B30417
            • RegCloseKey.ADVAPI32(00000000), ref: 00B30424
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
            • String ID:
            • API String ID: 4046560759-0
            • Opcode ID: a7e1a190d4a8f5cd4662a2ca4edfb44a10d77f43d709ee7423f07b8577dac717
            • Instruction ID: 5aee33291e3f4ce99eec173ee1eb8a2e58e330df50df7410c6d15c178143fd1a
            • Opcode Fuzzy Hash: a7e1a190d4a8f5cd4662a2ca4edfb44a10d77f43d709ee7423f07b8577dac717
            • Instruction Fuzzy Hash: AC516731618200AFC714EF64C995EAFBBE9FF88314F14496DF585872A2DB31EA04CB52
            APIs
            • GetMenu.USER32(?), ref: 00B35864
            • GetMenuItemCount.USER32(00000000), ref: 00B3589B
            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00B358C3
            • GetMenuItemID.USER32(?,?), ref: 00B35932
            • GetSubMenu.USER32(?,?), ref: 00B35940
            • PostMessageW.USER32(?,00000111,?,00000000), ref: 00B35991
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Menu$Item$CountMessagePostString
            • String ID:
            • API String ID: 650687236-0
            • Opcode ID: e0b2d512c41b385a72cb76140faf0787ffff30adfcad0549834aefd8997b6d71
            • Instruction ID: 1c6f6cd2329b31fbf2ff773bf9afae99ce293dec4369aced4cbc687d969ca799
            • Opcode Fuzzy Hash: e0b2d512c41b385a72cb76140faf0787ffff30adfcad0549834aefd8997b6d71
            • Instruction Fuzzy Hash: E5515B35A00615EFCF25DFA4C945AAEB7F5EF48720F2044A9E946BB351CB70AE41CB90
            APIs
            • VariantInit.OLEAUT32(?), ref: 00B0F218
            • VariantClear.OLEAUT32(00000013), ref: 00B0F28A
            • VariantClear.OLEAUT32(00000000), ref: 00B0F2E5
            • _memmove.LIBCMT ref: 00B0F30F
            • VariantClear.OLEAUT32(?), ref: 00B0F35C
            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00B0F38A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Variant$Clear$ChangeInitType_memmove
            • String ID:
            • API String ID: 1101466143-0
            • Opcode ID: 46a529e996c23c52eacbdecf78d9668ead6faac3821d1d6cbd5d52b7a656b6c3
            • Instruction ID: 1989691cb02121a8de214be9360c1c9afd6b2aebdd455617c38362c48ed73a72
            • Opcode Fuzzy Hash: 46a529e996c23c52eacbdecf78d9668ead6faac3821d1d6cbd5d52b7a656b6c3
            • Instruction Fuzzy Hash: C8513CB5A0020ADFCB24CF58D884AAABBF8FF4C314B158569E959DB341D730E911CFA0
            APIs
            • _memset.LIBCMT ref: 00B12550
            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B1259B
            • IsMenu.USER32(00000000), ref: 00B125BB
            • CreatePopupMenu.USER32 ref: 00B125EF
            • GetMenuItemCount.USER32(000000FF), ref: 00B1264D
            • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00B1267E
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
            • String ID:
            • API String ID: 3311875123-0
            • Opcode ID: 1bb5c883daad070e058619d515d75c11c1e16e95e15e3b8f361a57f0248fde16
            • Instruction ID: b7cbaecc099f4ba5aabf7a8a93df4f011f2ecb48d330eb0aa1a3f3a2e6fe7a26
            • Opcode Fuzzy Hash: 1bb5c883daad070e058619d515d75c11c1e16e95e15e3b8f361a57f0248fde16
            • Instruction Fuzzy Hash: 2251CE30A0024ADFCF20CF68D888AEEBBF5EF14314F5441A9E811972D4EB709DA4CB11
            APIs
              • Part of subcall function 00AB2612: GetWindowLongW.USER32(?,000000EB), ref: 00AB2623
            • BeginPaint.USER32(?,?,?,?,?,?), ref: 00AB179A
            • GetWindowRect.USER32(?,?), ref: 00AB17FE
            • ScreenToClient.USER32(?,?), ref: 00AB181B
            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00AB182C
            • EndPaint.USER32(?,?), ref: 00AB1876
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: PaintWindow$BeginClientLongRectScreenViewport
            • String ID:
            • API String ID: 1827037458-0
            • Opcode ID: d316319784efe4fd5e040aac200b70242164058ce70f1d84ef3e1c05efdf746d
            • Instruction ID: b984954f0ed0419531c3a426204809d92877e7509903b89e9e1ab13a18a9ec98
            • Opcode Fuzzy Hash: d316319784efe4fd5e040aac200b70242164058ce70f1d84ef3e1c05efdf746d
            • Instruction Fuzzy Hash: 3141AE30500601AFD720DF65DC94FBA7BF8FB45724F140669FAA98B1B2CB709845DB62
            APIs
            • ShowWindow.USER32(00B757B0,00000000,00C95A08,?,?,00B757B0,?,00B3B5DC,?,?), ref: 00B3B746
            • EnableWindow.USER32(00000000,00000000), ref: 00B3B76A
            • ShowWindow.USER32(00B757B0,00000000,00C95A08,?,?,00B757B0,?,00B3B5DC,?,?), ref: 00B3B7CA
            • ShowWindow.USER32(00000000,00000004,?,00B3B5DC,?,?), ref: 00B3B7DC
            • EnableWindow.USER32(00000000,00000001), ref: 00B3B800
            • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00B3B823
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$Show$Enable$MessageSend
            • String ID:
            • API String ID: 642888154-0
            • Opcode ID: 7ab838e186ef696973b55ee1d75c2819dd9e089b3ea1c7874aab04dbac928633
            • Instruction ID: 2b9af5f4fb2283a7e8d53c8a2a0003454dc624d968e8a701a52d19f5bc52f808
            • Opcode Fuzzy Hash: 7ab838e186ef696973b55ee1d75c2819dd9e089b3ea1c7874aab04dbac928633
            • Instruction Fuzzy Hash: A3412C34A00145EFDB26CF24C48AFA47BE5FB45315F2841F9EA498F2A6CB31AC45CB91
            APIs
            • GetForegroundWindow.USER32(?,?,?,?,?,?,00B24F57,?,?,00000000,00000001), ref: 00B271C1
              • Part of subcall function 00B23AB6: GetWindowRect.USER32(?,?), ref: 00B23AC9
            • GetDesktopWindow.USER32 ref: 00B271EB
            • GetWindowRect.USER32(00000000), ref: 00B271F2
            • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00B27224
              • Part of subcall function 00B152EB: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B15363
            • GetCursorPos.USER32(?), ref: 00B27250
            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00B272AE
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
            • String ID:
            • API String ID: 4137160315-0
            • Opcode ID: f12767c655d0d21ca332359c1247fbd580da0f10307fd4725c8ea9f719569989
            • Instruction ID: 9d1cab569b7bb85e2451a84f0e8a628f0f95c9bb2c93fe69d5a20bf0f4ff2664
            • Opcode Fuzzy Hash: f12767c655d0d21ca332359c1247fbd580da0f10307fd4725c8ea9f719569989
            • Instruction Fuzzy Hash: E431F232508316ABC720DF14D849F9FB7E9FF89304F100929F488A7191CB30E908CB92
            APIs
              • Part of subcall function 00B083D1: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B083E8
              • Part of subcall function 00B083D1: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B083F2
              • Part of subcall function 00B083D1: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B08401
              • Part of subcall function 00B083D1: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B08408
              • Part of subcall function 00B083D1: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B0841E
            • GetLengthSid.ADVAPI32(?,00000000,00B08757), ref: 00B08B8C
            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00B08B98
            • HeapAlloc.KERNEL32(00000000), ref: 00B08B9F
            • CopySid.ADVAPI32(00000000,00000000,?), ref: 00B08BB8
            • GetProcessHeap.KERNEL32(00000000,00000000,00B08757), ref: 00B08BCC
            • HeapFree.KERNEL32(00000000), ref: 00B08BD3
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
            • String ID:
            • API String ID: 3008561057-0
            • Opcode ID: c53a3113f98edf715c54e843ffdde52c4798a4a72388ca09c6920a988d0f6a8c
            • Instruction ID: bed5b4d5b0944b2465fcb6934b1192302044034b327ae5f1a454e0c1557646c3
            • Opcode Fuzzy Hash: c53a3113f98edf715c54e843ffdde52c4798a4a72388ca09c6920a988d0f6a8c
            • Instruction Fuzzy Hash: 9C11B1B5900605FFDB149F64DC09FBE7BA9EB45355F2040A8E885A7190DB329A04DB60
            APIs
            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00B0890A
            • OpenProcessToken.ADVAPI32(00000000), ref: 00B08911
            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00B08920
            • CloseHandle.KERNEL32(00000004), ref: 00B0892B
            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B0895A
            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00B0896E
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
            • String ID:
            • API String ID: 1413079979-0
            • Opcode ID: 5d1df041e485af45a3e13a982724b7cf6203328bb736e5afce74e885efce3f44
            • Instruction ID: dc98a4445c8956aa54fcce3c8a095553ba9be5992f925d028c1fe1780d2f87e3
            • Opcode Fuzzy Hash: 5d1df041e485af45a3e13a982724b7cf6203328bb736e5afce74e885efce3f44
            • Instruction Fuzzy Hash: 66115C7250020EEBDF018FA8DD49BEE7BE9FF08308F144065FE44A21A0CB718E609B61
            APIs
            • GetDC.USER32(00000000), ref: 00B0BA77
            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B0BA88
            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B0BA8F
            • ReleaseDC.USER32(00000000,00000000), ref: 00B0BA97
            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00B0BAAE
            • MulDiv.KERNEL32(000009EC,?,?), ref: 00B0BAC0
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CapsDevice$Release
            • String ID:
            • API String ID: 1035833867-0
            • Opcode ID: 039cb217c1f4003513e518a39c8499f8219b4e12178797d2cfa0c797bdabc2bc
            • Instruction ID: af9d75ff1294e90efe978aa4534a0b3703e0194eecd869856177474653479ffa
            • Opcode Fuzzy Hash: 039cb217c1f4003513e518a39c8499f8219b4e12178797d2cfa0c797bdabc2bc
            • Instruction Fuzzy Hash: 63014475E40319BBEB109BA59D46E5EBFB8EB48751F1040A5FA04A7391DA709D10CF90
            APIs
            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AD0313
            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00AD031B
            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AD0326
            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AD0331
            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00AD0339
            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AD0341
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Virtual
            • String ID:
            • API String ID: 4278518827-0
            • Opcode ID: f260602a0655bdafd55ec74e78fb8cf93afc60650e15b2185f2014e78f696762
            • Instruction ID: be386ff6b070f692ff649095ef26535213fda1bd3c3491f0d6655f8e57064cb0
            • Opcode Fuzzy Hash: f260602a0655bdafd55ec74e78fb8cf93afc60650e15b2185f2014e78f696762
            • Instruction Fuzzy Hash: 870148B090175A7DE3008F5A8C85A56FEA8FF19354F00411BA15847941C7B5A864CBE5
            APIs
            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00B154A0
            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00B154B6
            • GetWindowThreadProcessId.USER32(?,?), ref: 00B154C5
            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B154D4
            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B154DE
            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B154E5
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
            • String ID:
            • API String ID: 839392675-0
            • Opcode ID: 56958882e1bbe52b56b8294946f3bdb178773fb204e2d83bf427dc0517905f18
            • Instruction ID: bae9fc5d676354b51bcb20c18c01cac7f4f360c743221dd0aaa824bf3e41f3dd
            • Opcode Fuzzy Hash: 56958882e1bbe52b56b8294946f3bdb178773fb204e2d83bf427dc0517905f18
            • Instruction Fuzzy Hash: DFF06231540519BBD7215B929C0EEFF7A7CEBC6B11F100169F904D20609BA01A01C6B5
            APIs
            • InterlockedExchange.KERNEL32(?,?), ref: 00B172EC
            • EnterCriticalSection.KERNEL32(?,?,00AC1044,?,?), ref: 00B172FD
            • TerminateThread.KERNEL32(00000000,000001F6,?,00AC1044,?,?), ref: 00B1730A
            • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00AC1044,?,?), ref: 00B17317
              • Part of subcall function 00B16CDE: CloseHandle.KERNEL32(00000000,?,00B17324,?,00AC1044,?,?), ref: 00B16CE8
            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00B1732A
            • LeaveCriticalSection.KERNEL32(?,?,00AC1044,?,?), ref: 00B17331
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
            • String ID:
            • API String ID: 3495660284-0
            • Opcode ID: 353bfb792aca92eadc48b68b99dd3fa65ee0f0872e23f69df359ce466ec46246
            • Instruction ID: 4732b3ebf8cbc51921cc9a5139d8b426ed12283cf5f34f03bbd096eebd0df936
            • Opcode Fuzzy Hash: 353bfb792aca92eadc48b68b99dd3fa65ee0f0872e23f69df359ce466ec46246
            • Instruction Fuzzy Hash: B3F0303A980613EBDB111B64ED489EF7779EF45302B600571F502920A1CF755955CE90
            APIs
            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00B08C5F
            • UnloadUserProfile.USERENV(?,?), ref: 00B08C6B
            • CloseHandle.KERNEL32(?), ref: 00B08C74
            • CloseHandle.KERNEL32(?), ref: 00B08C7C
            • GetProcessHeap.KERNEL32(00000000,?), ref: 00B08C85
            • HeapFree.KERNEL32(00000000), ref: 00B08C8C
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
            • String ID:
            • API String ID: 146765662-0
            • Opcode ID: e55c435d6fce5e10c21be17de31b2a8f507d8258478397541727919e466ce434
            • Instruction ID: d6f86e8e1a8f83234e612d13f4d39545f33f268f41bcb6a62cfdcbb30d74ac19
            • Opcode Fuzzy Hash: e55c435d6fce5e10c21be17de31b2a8f507d8258478397541727919e466ce434
            • Instruction Fuzzy Hash: FAE0C236404402FBDB011FE2EC0CD2ABB69FB89322B208230F22992070CF329424DB50
            APIs
            • VariantInit.OLEAUT32(?), ref: 00B28728
            • CharUpperBuffW.USER32(?,?), ref: 00B28837
            • VariantClear.OLEAUT32(?), ref: 00B289AF
              • Part of subcall function 00B1760B: VariantInit.OLEAUT32(00000000), ref: 00B1764B
              • Part of subcall function 00B1760B: VariantCopy.OLEAUT32(00000000,?), ref: 00B17654
              • Part of subcall function 00B1760B: VariantClear.OLEAUT32(00000000), ref: 00B17660
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Variant$ClearInit$BuffCharCopyUpper
            • String ID: AUTOIT.ERROR$Incorrect Parameter format
            • API String ID: 4237274167-1221869570
            • Opcode ID: 2563aa7d9b4a8b0fa32ff952b30695184492259973a6394eddbf2f3b0bad5d1b
            • Instruction ID: 72b23992674c93d63048b9399b8a7188434a02fa2fdce5cb47e34fc56b75a5e4
            • Opcode Fuzzy Hash: 2563aa7d9b4a8b0fa32ff952b30695184492259973a6394eddbf2f3b0bad5d1b
            • Instruction Fuzzy Hash: 73918D756083019FC710DF24D58496BBBE8EF88350F1489ADF89A8B362DB31ED45CB52
            APIs
              • Part of subcall function 00ACFE06: _wcscpy.LIBCMT ref: 00ACFE29
            • _memset.LIBCMT ref: 00B12E7F
            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B12EAE
            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B12F61
            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00B12F8F
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ItemMenu$Info$Default_memset_wcscpy
            • String ID: 0
            • API String ID: 4152858687-4108050209
            • Opcode ID: 8b77412c753dc6c29da8325ee3157663a28496e2cacccabe7e5532eeb1a2d046
            • Instruction ID: 08a49b82b5dda9056c538ec7f3cd9c7af978e5e3a90abfbb485cffcc29167085
            • Opcode Fuzzy Hash: 8b77412c753dc6c29da8325ee3157663a28496e2cacccabe7e5532eeb1a2d046
            • Instruction Fuzzy Hash: BB51C0315083019FD7249F28D841BABB7F8EB99310F544AAEF895D32A1DB60CDA58792
            APIs
            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00B0D8E3
            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00B0D919
            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00B0D92A
            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00B0D9AC
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorMode$AddressCreateInstanceProc
            • String ID: DllGetClassObject
            • API String ID: 753597075-1075368562
            • Opcode ID: 1906f75f640dd63de4a724d8ddcf994a940ef4820b669200ef3aecab7c92dbcb
            • Instruction ID: b766fe80f84fa78e2b7ac8632277932961436f0e002013328e2f4af04ac6f24d
            • Opcode Fuzzy Hash: 1906f75f640dd63de4a724d8ddcf994a940ef4820b669200ef3aecab7c92dbcb
            • Instruction Fuzzy Hash: 2F418B72600204EFDB05CF94D8C4AAABFE9EF45314B1181E9E9059F286DBB1DE40DBA0
            APIs
            • _memset.LIBCMT ref: 00B12AB8
            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00B12AD4
            • DeleteMenu.USER32(?,00000007,00000000), ref: 00B12B1A
            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00B75890,00000000), ref: 00B12B63
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Menu$Delete$InfoItem_memset
            • String ID: 0
            • API String ID: 1173514356-4108050209
            • Opcode ID: f810943b61cf079e1bf71df31a5951cfc3733733ed8d45e2db47b23360a1e1aa
            • Instruction ID: 5f30bfb06f3098754748b1114c90569267aaa6520de32cc7ca2972fcf30d514b
            • Opcode Fuzzy Hash: f810943b61cf079e1bf71df31a5951cfc3733733ed8d45e2db47b23360a1e1aa
            • Instruction Fuzzy Hash: 0E41C3302083029FD720DF24D885BABBBE8EF85320F50469DF566972D1D770E954CB52
            APIs
            • CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 00B2D8D9
              • Part of subcall function 00AB79AB: _memmove.LIBCMT ref: 00AB79F9
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: BuffCharLower_memmove
            • String ID: cdecl$none$stdcall$winapi
            • API String ID: 3425801089-567219261
            • Opcode ID: 8efdd2b6b740c47dd370e7cb88d086f36c5a5a8c52946ef25bc70c5d005d3490
            • Instruction ID: ba477025ad986478ab9e2c1749ec87f8057c37270e17d53daae109e5cbf54474
            • Opcode Fuzzy Hash: 8efdd2b6b740c47dd370e7cb88d086f36c5a5a8c52946ef25bc70c5d005d3490
            • Instruction Fuzzy Hash: AE31B271504615AFCF10EF64C9909EEB3F8FF05310B1086AAF86AA73D1CB71A945CB80
            APIs
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
              • Part of subcall function 00B0AEA4: GetClassNameW.USER32(?,?,000000FF), ref: 00B0AEC7
            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00B091D6
            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00B091E9
            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00B09219
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$_memmove$ClassName
            • String ID: ComboBox$ListBox
            • API String ID: 365058703-1403004172
            • Opcode ID: 0132176739d9691bd923ae07c16febd61226d2d4865178198c7a0db83c1af1ee
            • Instruction ID: 50077d2aecd1cf90dd22e4dc4b4a1b910d17434dfca260d6361fdb7c3e1af361
            • Opcode Fuzzy Hash: 0132176739d9691bd923ae07c16febd61226d2d4865178198c7a0db83c1af1ee
            • Instruction Fuzzy Hash: E721F371A00104BADB14AB75CC8ADFEBBBDDF45360F2041A9F825A72E2DB795D0AD610
            APIs
            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B21962
            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B21988
            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B219B8
            • InternetCloseHandle.WININET(00000000), ref: 00B219FF
              • Part of subcall function 00B22599: GetLastError.KERNEL32(?,?,00B2192D,00000000,00000000,00000001), ref: 00B225AE
              • Part of subcall function 00B22599: SetEvent.KERNEL32(?,?,00B2192D,00000000,00000000,00000001), ref: 00B225C3
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
            • String ID:
            • API String ID: 3113390036-3916222277
            • Opcode ID: 94183cbaef9f74f76eaa1ed557c92f6232d72432f466e491f235d3e53ca66fb5
            • Instruction ID: 20862d352243a5f25b610538e444ff25f71eb2a9786d35ec94c9481695f6d322
            • Opcode Fuzzy Hash: 94183cbaef9f74f76eaa1ed557c92f6232d72432f466e491f235d3e53ca66fb5
            • Instruction Fuzzy Hash: B421FFB2500218BFEB21DF68EC95EBF77ECEB58744F10456AF409D3200EB249E4697A1
            APIs
              • Part of subcall function 00AB1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00AB1D73
              • Part of subcall function 00AB1D35: GetStockObject.GDI32(00000011), ref: 00AB1D87
              • Part of subcall function 00AB1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AB1D91
            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00B36493
            • LoadLibraryW.KERNEL32(?), ref: 00B3649A
            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00B364AF
            • DestroyWindow.USER32(?), ref: 00B364B7
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
            • String ID: SysAnimate32
            • API String ID: 4146253029-1011021900
            • Opcode ID: 3627582f9856f0a4ab78e64cbc19ee86b893c93f63c658754244271cc6ff274a
            • Instruction ID: 2ad040bc831cd55fd5dd4c8aa3d56fd3acaa82de00426cba0555b250326f27b3
            • Opcode Fuzzy Hash: 3627582f9856f0a4ab78e64cbc19ee86b893c93f63c658754244271cc6ff274a
            • Instruction Fuzzy Hash: E5218B71A00205BBEF104E64DC91EBA37EDEF49364F30C669FA54932A0DB71DC519760
            APIs
            • GetStdHandle.KERNEL32(0000000C), ref: 00B16E65
            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B16E98
            • GetStdHandle.KERNEL32(0000000C), ref: 00B16EAA
            • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00B16EE4
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CreateHandle$FilePipe
            • String ID: nul
            • API String ID: 4209266947-2873401336
            • Opcode ID: 222c379cfbb7b0fa6e8dcc5608d7658b57cb69f3327c490034b3ff44b1f26da3
            • Instruction ID: 9d82d0ad9742b7c63ab3bab68b12539f9c92a5333f187446398e82e0681ccfa3
            • Opcode Fuzzy Hash: 222c379cfbb7b0fa6e8dcc5608d7658b57cb69f3327c490034b3ff44b1f26da3
            • Instruction Fuzzy Hash: 54217779500206ABDF209F69DC45AEA77F4EF44720F6047A9FCA1D72D0DB709890CB90
            APIs
            • GetStdHandle.KERNEL32(000000F6), ref: 00B16F32
            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B16F64
            • GetStdHandle.KERNEL32(000000F6), ref: 00B16F75
            • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00B16FAF
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CreateHandle$FilePipe
            • String ID: nul
            • API String ID: 4209266947-2873401336
            • Opcode ID: ed4e7a3e748eacefe6955fc24e5f794f6fd080209c9957d57994219d48b7b511
            • Instruction ID: 7c8020c975452605c263bc2d4aec17a930decfc6faf3ad12c0f6025e642839f1
            • Opcode Fuzzy Hash: ed4e7a3e748eacefe6955fc24e5f794f6fd080209c9957d57994219d48b7b511
            • Instruction Fuzzy Hash: 26218675A04305EBDB209F69AC44AEA77E8EF45720F704699FCA1D72D0DB709892CB50
            APIs
            • SetErrorMode.KERNEL32(00000001), ref: 00B1ACDE
            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00B1AD32
            • __swprintf.LIBCMT ref: 00B1AD4B
            • SetErrorMode.KERNEL32(00000000,00000001,00000000,00B3F910), ref: 00B1AD89
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorMode$InformationVolume__swprintf
            • String ID: %lu
            • API String ID: 3164766367-685833217
            • Opcode ID: 06ffb5ee1efed6a41b233049ea771147c50c380ccd160c3a23fb4254b5e32942
            • Instruction ID: 387114b19de86e22f8b3568c7beb6be557dbd98c98fc8ca0d121e21419b00c36
            • Opcode Fuzzy Hash: 06ffb5ee1efed6a41b233049ea771147c50c380ccd160c3a23fb4254b5e32942
            • Instruction Fuzzy Hash: 72214435A00109AFCB10DF65D985EEE77F8EF49704B1040A9F505EB262DB31EA41DB61
            APIs
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
              • Part of subcall function 00B0A15C: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00B0A179
              • Part of subcall function 00B0A15C: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B0A18C
              • Part of subcall function 00B0A15C: GetCurrentThreadId.KERNEL32 ref: 00B0A193
              • Part of subcall function 00B0A15C: AttachThreadInput.USER32(00000000), ref: 00B0A19A
            • GetFocus.USER32 ref: 00B0A334
              • Part of subcall function 00B0A1A5: GetParent.USER32(?), ref: 00B0A1B3
            • GetClassNameW.USER32(?,?,00000100), ref: 00B0A37D
            • EnumChildWindows.USER32(?,00B0A3F5), ref: 00B0A3A5
            • __swprintf.LIBCMT ref: 00B0A3BF
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
            • String ID: %s%d
            • API String ID: 1941087503-1110647743
            • Opcode ID: 065f52fadc3c0415ce3db826234848b1821a384ccc3f8c51e8182d9191d948a9
            • Instruction ID: 15f1ccb5ca1edd36d985267e67c7b0a2b627577f59d8fabd952d35aa7e84ed84
            • Opcode Fuzzy Hash: 065f52fadc3c0415ce3db826234848b1821a384ccc3f8c51e8182d9191d948a9
            • Instruction Fuzzy Hash: 8F116A71600309ABDF11BFA0DD86FEE3BADAF49700F1044B5BA09AA1D2CA7059459B76
            APIs
            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00B2ED1B
            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00B2ED4B
            • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00B2EE7E
            • CloseHandle.KERNEL32(?), ref: 00B2EEFF
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Process$CloseCountersHandleInfoMemoryOpen
            • String ID:
            • API String ID: 2364364464-0
            • Opcode ID: ab0e393463f89b4935b8d3c340570a4dd8ec3c4a63cd1b2a6714f915d6ee1bfd
            • Instruction ID: d55666056857c2c0fc072d3d6c37de2ed6833d35ebe4966b818a3706fcf60a22
            • Opcode Fuzzy Hash: ab0e393463f89b4935b8d3c340570a4dd8ec3c4a63cd1b2a6714f915d6ee1bfd
            • Instruction Fuzzy Hash: 1C8181716003119FD720EF29D986F6AB7E9EF48710F14885DFA99DB292DA70EC01CB51
            APIs
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
              • Part of subcall function 00B30EA5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B2FE38,?,?), ref: 00B30EBC
            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B30188
            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B301C7
            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00B3020E
            • RegCloseKey.ADVAPI32(?,?), ref: 00B3023A
            • RegCloseKey.ADVAPI32(00000000), ref: 00B30247
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
            • String ID:
            • API String ID: 3440857362-0
            • Opcode ID: d34e5497aa3ec579ea5b3ce11c8beebcd48a318e65bb322662c70e6b259cbf6d
            • Instruction ID: d5a969545a1309e322b40c7d3577e4bf5dbce764fb3f07282328ca3364ed934a
            • Opcode Fuzzy Hash: d34e5497aa3ec579ea5b3ce11c8beebcd48a318e65bb322662c70e6b259cbf6d
            • Instruction Fuzzy Hash: 4B513931218205AFD704EF68CD95FAFB7E8EF88704F14896DB595972A2DB30E904CB52
            APIs
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
            • LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00B2DA3B
            • GetProcAddress.KERNEL32(00000000,?), ref: 00B2DABE
            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00B2DADA
            • GetProcAddress.KERNEL32(00000000,?), ref: 00B2DB1B
            • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00B2DB35
              • Part of subcall function 00AB5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00B1793F,?,?,00000000), ref: 00AB5B8C
              • Part of subcall function 00AB5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00B1793F,?,?,00000000,?,?), ref: 00AB5BB0
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
            • String ID:
            • API String ID: 327935632-0
            • Opcode ID: 60730062fd82f0eee5b371a75a8223f54c4d4f98e492754ec277057a40604ca7
            • Instruction ID: cb206065395acdd8bdc4d97106fbc8e1a943ba0aaf77bb5074f7bc3a4e5d2bdb
            • Opcode Fuzzy Hash: 60730062fd82f0eee5b371a75a8223f54c4d4f98e492754ec277057a40604ca7
            • Instruction Fuzzy Hash: 9D513B35A00615DFCB00EFA8D594DADB7F8FF49310B1580A9E919AB362DB30ED45CB91
            APIs
            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00B1E6AB
            • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00B1E6D4
            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00B1E713
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00B1E738
            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00B1E740
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
            • String ID:
            • API String ID: 1389676194-0
            • Opcode ID: 00ab76c322abc23d8792d68516e67cde7543ca6ceddc071874ba7b02f7b3f1b4
            • Instruction ID: 56c0261516e6719d744d535e9e805d815a38cd0cd7f0648ff067366a2d2f6b1a
            • Opcode Fuzzy Hash: 00ab76c322abc23d8792d68516e67cde7543ca6ceddc071874ba7b02f7b3f1b4
            • Instruction Fuzzy Hash: A0512F35A00605DFCF05EF64CA81AAEBBF9EF0D314B148099E959AB362CB31ED51DB50
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5d9740c603e5802e2598d18204d37b2ee5b195b2bdcfc3c1bf3dc5dcc689084a
            • Instruction ID: a201202e8f9312d3e4d3366a9f5d838b983724af0dddf44630e937a89a23c417
            • Opcode Fuzzy Hash: 5d9740c603e5802e2598d18204d37b2ee5b195b2bdcfc3c1bf3dc5dcc689084a
            • Instruction Fuzzy Hash: 8F41D735D00904AFD724DF28CC45FA9BBE9EB0A360F3502A5F895B72E1CB70AD41DA51
            APIs
            • GetCursorPos.USER32(?), ref: 00AB2357
            • ScreenToClient.USER32(00B757B0,?), ref: 00AB2374
            • GetAsyncKeyState.USER32(00000001), ref: 00AB2399
            • GetAsyncKeyState.USER32(00000002), ref: 00AB23A7
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AsyncState$ClientCursorScreen
            • String ID:
            • API String ID: 4210589936-0
            • Opcode ID: 8f524da34554d7a05469b8910edd2a6fe73c94895175f021127a401f932788c3
            • Instruction ID: 4e9a32f1528cff7dbdd6cc4d4107451cdf211e6285bd55384f4ec57f8d660435
            • Opcode Fuzzy Hash: 8f524da34554d7a05469b8910edd2a6fe73c94895175f021127a401f932788c3
            • Instruction Fuzzy Hash: BC419235904105FBDF159F69C844BEDBBB4FB05360F20436AF828962A2C734A995DF90
            APIs
            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B0673D
            • TranslateAcceleratorW.USER32(?,?,?), ref: 00B06789
            • TranslateMessage.USER32(?), ref: 00B067B2
            • DispatchMessageW.USER32(?), ref: 00B067BC
            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B067CB
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Message$PeekTranslate$AcceleratorDispatch
            • String ID:
            • API String ID: 2108273632-0
            • Opcode ID: d5bc06473805831fd7724a5ffb89ed5dc95a71fc57bec1d277357f23b0ff7359
            • Instruction ID: 8fa1ce30b9b9ffee3b3bd29a58f2d1e5047f477c26b25adf4b3afa91662258b0
            • Opcode Fuzzy Hash: d5bc06473805831fd7724a5ffb89ed5dc95a71fc57bec1d277357f23b0ff7359
            • Instruction Fuzzy Hash: 7631B271900606AFDB248F748C84FB67FECEB01308F1441A9E825D70E1EB65ECA5D7A0
            APIs
            • GetWindowRect.USER32(?,?), ref: 00B08CF2
            • PostMessageW.USER32(?,00000201,00000001), ref: 00B08D9C
            • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00B08DA4
            • PostMessageW.USER32(?,00000202,00000000), ref: 00B08DB2
            • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00B08DBA
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessagePostSleep$RectWindow
            • String ID:
            • API String ID: 3382505437-0
            • Opcode ID: 597b28c1c019a666151a4665ab1ddfc0c61240783f71103e245554d3df138a23
            • Instruction ID: ea5fdde80e0b13b69e642a75f8224d8ff3c069896ab1328ec0b84fae3072b676
            • Opcode Fuzzy Hash: 597b28c1c019a666151a4665ab1ddfc0c61240783f71103e245554d3df138a23
            • Instruction Fuzzy Hash: E231C07190021AEBDF14CF68D94DAAE3FB5EB14315F104369F965EB1D0CBB09A14DB90
            APIs
            • IsWindowVisible.USER32(?), ref: 00B0B4C6
            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00B0B4E3
            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00B0B51B
            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00B0B541
            • _wcsstr.LIBCMT ref: 00B0B54B
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
            • String ID:
            • API String ID: 3902887630-0
            • Opcode ID: 97f056c9f0aeefaf7e81b0a95ac84296abfc1fdd19d9728524276e645eff4d73
            • Instruction ID: 274db7a3c5efc76ee419164f80bfb744b37b0fcd5054fb29d4603954f1060fe9
            • Opcode Fuzzy Hash: 97f056c9f0aeefaf7e81b0a95ac84296abfc1fdd19d9728524276e645eff4d73
            • Instruction Fuzzy Hash: 0E210A32604101BAEB255B399C45E7F7FD8DF59750F1080AAF805DB2A1EF61DD00D3A0
            APIs
              • Part of subcall function 00AB2612: GetWindowLongW.USER32(?,000000EB), ref: 00AB2623
            • GetWindowLongW.USER32(?,000000F0), ref: 00B3B1C6
            • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 00B3B1EB
            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00B3B203
            • GetSystemMetrics.USER32(00000004), ref: 00B3B22C
            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00B20FA5,00000000), ref: 00B3B24A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$Long$MetricsSystem
            • String ID:
            • API String ID: 2294984445-0
            • Opcode ID: 0ae793922135c3d4a742c94e5a54c3b4363c04d0497ce80b649189e0289be12f
            • Instruction ID: 1fa7b0c4f32e5ba2954c275379f59b3412e7e130227421ec8516b1153a109f2d
            • Opcode Fuzzy Hash: 0ae793922135c3d4a742c94e5a54c3b4363c04d0497ce80b649189e0289be12f
            • Instruction Fuzzy Hash: 41216271914616AFCB209F398C44F6E7BE4EB05721F214779BA36D71E4DB309850DB90
            APIs
            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B095E2
              • Part of subcall function 00AB7D2C: _memmove.LIBCMT ref: 00AB7D66
            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B09614
            • __itow.LIBCMT ref: 00B0962C
            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B09654
            • __itow.LIBCMT ref: 00B09665
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$__itow$_memmove
            • String ID:
            • API String ID: 2983881199-0
            • Opcode ID: e78a8a3377d81e016efbc4f3f8f8f01cb797d532ee5961cac8c1c629a18720a7
            • Instruction ID: a56a5a80c3ed1675f888ac8d96ac9c5db1d132fb30904a5fbcbc5515470e1c2e
            • Opcode Fuzzy Hash: e78a8a3377d81e016efbc4f3f8f8f01cb797d532ee5961cac8c1c629a18720a7
            • Instruction Fuzzy Hash: 0221A131A00218BBDB10AA648D8AEEE7FEDDB59710F140065F90597292DA719D418791
            APIs
            • IsWindow.USER32(00000000), ref: 00B25B84
            • GetForegroundWindow.USER32 ref: 00B25B9B
            • GetDC.USER32(00000000), ref: 00B25BD7
            • GetPixel.GDI32(00000000,?,00000003), ref: 00B25BE3
            • ReleaseDC.USER32(00000000,00000003), ref: 00B25C1E
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$ForegroundPixelRelease
            • String ID:
            • API String ID: 4156661090-0
            • Opcode ID: 0d4e394611d8e594dc7cc1f931ba507ed81b6375198cc6676fe63f4f273df124
            • Instruction ID: 16ee38d2a241d0033b0ff5b168d6e7a1f9d8e29f248ab60facdc5a3e390f9c64
            • Opcode Fuzzy Hash: 0d4e394611d8e594dc7cc1f931ba507ed81b6375198cc6676fe63f4f273df124
            • Instruction Fuzzy Hash: DA219F35A00514AFD710EF64DD89AAEBBE9FF48310F1484B9F84AD7262CA30AC00CB50
            APIs
            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00AB134D
            • SelectObject.GDI32(?,00000000), ref: 00AB135C
            • BeginPath.GDI32(?), ref: 00AB1373
            • SelectObject.GDI32(?,00000000), ref: 00AB139C
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ObjectSelect$BeginCreatePath
            • String ID:
            • API String ID: 3225163088-0
            • Opcode ID: b3671ccd77004de06a0c0bdb9812aeb43d9a8e33f4dfe853135d5d5e6375a891
            • Instruction ID: cb6d8fad6b36ebf2dd21587a7ccd5dffd30bd1378cc217bcb747c49d0178b1c5
            • Opcode Fuzzy Hash: b3671ccd77004de06a0c0bdb9812aeb43d9a8e33f4dfe853135d5d5e6375a891
            • Instruction Fuzzy Hash: C9215130C10609EBDB208F59DD447AD7BECEB00311F684226F4159B5B2EBB19991DF51
            APIs
            • GetCurrentThreadId.KERNEL32 ref: 00B14B61
            • __beginthreadex.LIBCMT ref: 00B14B7F
            • MessageBoxW.USER32(?,?,?,?), ref: 00B14B94
            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00B14BAA
            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00B14BB1
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
            • String ID:
            • API String ID: 3824534824-0
            • Opcode ID: 764ff823f9e78f9ea0ec897bcfb69ab4e6ebce8d24f916fa46899e7ff7a473d3
            • Instruction ID: ed5037082bcf662d30ffdd714dd1b8355190fc8134a47c3c95352aede0839872
            • Opcode Fuzzy Hash: 764ff823f9e78f9ea0ec897bcfb69ab4e6ebce8d24f916fa46899e7ff7a473d3
            • Instruction Fuzzy Hash: 4A110872908605BBC7109BA8DC44AEF7FFCEB49320F2442A9F818D3251DBB1CD8487A0
            APIs
            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B08546
            • GetLastError.KERNEL32(?,00B0800A,?,?,?), ref: 00B08550
            • GetProcessHeap.KERNEL32(00000008,?,?,00B0800A,?,?,?), ref: 00B0855F
            • HeapAlloc.KERNEL32(00000000,?,00B0800A,?,?,?), ref: 00B08566
            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B0857D
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
            • String ID:
            • API String ID: 842720411-0
            • Opcode ID: 9172af82c5a9fdff3f45cc3af44f403553663bf732097ab615d83a5b9d77ff82
            • Instruction ID: b4c90b9867a7991c260aff1372653e1dbeff3f1d8c9049fbaecfe35bb05fa104
            • Opcode Fuzzy Hash: 9172af82c5a9fdff3f45cc3af44f403553663bf732097ab615d83a5b9d77ff82
            • Instruction Fuzzy Hash: 9E014B75A00215EFDB214FA6EC48D6B7FACEF99355724056AF949D3260DE328D00CA60
            APIs
            • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B15307
            • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00B15315
            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B1531D
            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00B15327
            • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B15363
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: PerformanceQuery$CounterSleep$Frequency
            • String ID:
            • API String ID: 2833360925-0
            • Opcode ID: 435ab2e7937454fc6c62dee5bb95b9d5690a45bd6a34410662d2f02d2d63019c
            • Instruction ID: c14bb1a950219d766a3d4d831c0c25b25064e13ba610c0687b46d05105df2954
            • Opcode Fuzzy Hash: 435ab2e7937454fc6c62dee5bb95b9d5690a45bd6a34410662d2f02d2d63019c
            • Instruction Fuzzy Hash: 8B015B31C01A1EDBCF109FA4FC885EDBBB8FB48741F55049AE952B3140CF70569487A5
            APIs
            • CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00B0736C,80070057,?,?,?,00B0777D), ref: 00B0744F
            • ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00B0736C,80070057,?,?), ref: 00B0746A
            • lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00B0736C,80070057,?,?), ref: 00B07478
            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00B0736C,80070057,?), ref: 00B07488
            • CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00B0736C,80070057,?,?), ref: 00B07494
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: From$Prog$FreeStringTasklstrcmpi
            • String ID:
            • API String ID: 3897988419-0
            • Opcode ID: 298380431895c0c80aef0b2c3edc9162bbc645ace47d5e4129ff13bc5df6ebab
            • Instruction ID: ecb826fa3311cea16cf719703421af65e44b01203215110912f292239395dc7b
            • Opcode Fuzzy Hash: 298380431895c0c80aef0b2c3edc9162bbc645ace47d5e4129ff13bc5df6ebab
            • Instruction Fuzzy Hash: 24015A76A01209BBDB105F64DC84AAEBFEDEB44762F244065F908D3260EF31ED409AA0
            APIs
            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B083E8
            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B083F2
            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B08401
            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B08408
            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B0841E
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: HeapInformationToken$AllocErrorLastProcess
            • String ID:
            • API String ID: 44706859-0
            • Opcode ID: aca77db3be5de7c124a147e8c5f01ba0f0fce7f6ffc137b902c51ef0e0dff597
            • Instruction ID: d22b3d2071dd3627289cc3ffdce57e6a16e8c360c2d10e4856f9b7f6503bf80d
            • Opcode Fuzzy Hash: aca77db3be5de7c124a147e8c5f01ba0f0fce7f6ffc137b902c51ef0e0dff597
            • Instruction Fuzzy Hash: D0F0AF34604206BFEB101FA4EC88E7F3FACEF89764B500025F985C72A0CE609C45DA60
            APIs
            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B08449
            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B08453
            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B08462
            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B08469
            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B0847F
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: HeapInformationToken$AllocErrorLastProcess
            • String ID:
            • API String ID: 44706859-0
            • Opcode ID: f8271a87e0452cf3bfea73f48e6c043d48a0cb3102db16ec809be6893a8f0824
            • Instruction ID: 24f6b7e2fb4027f7cd9e60d80169cb02452f431b65f4b2056c6ec1f48f082d5f
            • Opcode Fuzzy Hash: f8271a87e0452cf3bfea73f48e6c043d48a0cb3102db16ec809be6893a8f0824
            • Instruction Fuzzy Hash: 50F08C34600206AFEB111FA4ECC8E7F3FACEF49654B140025F985832A0CE609904DA60
            APIs
            • GetDlgItem.USER32(?,000003E9), ref: 00B0C4B9
            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00B0C4D0
            • MessageBeep.USER32(00000000), ref: 00B0C4E8
            • KillTimer.USER32(?,0000040A), ref: 00B0C504
            • EndDialog.USER32(?,00000001), ref: 00B0C51E
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: BeepDialogItemKillMessageTextTimerWindow
            • String ID:
            • API String ID: 3741023627-0
            • Opcode ID: ab363f459016113b8d2e91f0ecb98aecbfd1a7de3a022c95af56393decf761cc
            • Instruction ID: 3d1282e33e0d3fef60adaeaf28b27c6a507122753be7f30a2a0e58fc94f7de29
            • Opcode Fuzzy Hash: ab363f459016113b8d2e91f0ecb98aecbfd1a7de3a022c95af56393decf761cc
            • Instruction Fuzzy Hash: 93016D30900705ABEB205F20DD8FBAA7FF8FF10705F1006A9E582A21E1DBF4A954CA80
            APIs
            • EndPath.GDI32(?), ref: 00AB13BF
            • StrokeAndFillPath.GDI32(?,?,00AEBA08,00000000,?), ref: 00AB13DB
            • SelectObject.GDI32(?,00000000), ref: 00AB13EE
            • DeleteObject.GDI32 ref: 00AB1401
            • StrokePath.GDI32(?), ref: 00AB141C
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Path$ObjectStroke$DeleteFillSelect
            • String ID:
            • API String ID: 2625713937-0
            • Opcode ID: dd5823382173a9ee61e751557e7d5b7fe6e95cca6eb422e325c6a9bfd852bb20
            • Instruction ID: 302da277d303949a66f722359c1d966617a84cb980ae570a26a5def04d1362b2
            • Opcode Fuzzy Hash: dd5823382173a9ee61e751557e7d5b7fe6e95cca6eb422e325c6a9bfd852bb20
            • Instruction Fuzzy Hash: 01F0CD31404A09DBDB255F5AED4C7A83FA9E701326F588225E42A4A0F2CB7145A5DF51
            APIs
            • CoInitialize.OLE32(00000000), ref: 00B1C4BE
            • CoCreateInstance.OLE32(00B42D6C,00000000,00000001,00B42BDC,?), ref: 00B1C4D6
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
            • CoUninitialize.OLE32 ref: 00B1C743
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CreateInitializeInstanceUninitialize_memmove
            • String ID: .lnk
            • API String ID: 2683427295-24824748
            • Opcode ID: bbc7e1a570d9241aad63137bdae5447f7ab9089204aab72e3b8918befba7240c
            • Instruction ID: 1da618c9d77b5cfe11722e7315e387e98883baf382186a84bdc48a82c8289dc0
            • Opcode Fuzzy Hash: bbc7e1a570d9241aad63137bdae5447f7ab9089204aab72e3b8918befba7240c
            • Instruction Fuzzy Hash: 20A12B71108205AFD700EF64C991EAFB7ECEF85744F00495CF2569B2A2DB71EA49CB52
            APIs
              • Part of subcall function 00AD0F36: std::exception::exception.LIBCMT ref: 00AD0F6C
              • Part of subcall function 00AD0F36: __CxxThrowException@8.LIBCMT ref: 00AD0F81
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
              • Part of subcall function 00AB7BB1: _memmove.LIBCMT ref: 00AB7C0B
            • __swprintf.LIBCMT ref: 00AC302D
            Strings
            • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00AC2EC6
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
            • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
            • API String ID: 1943609520-557222456
            • Opcode ID: 09aeee9c82b701a0f30763ac54cfa532c0beac54458aca770705d29fa096a67c
            • Instruction ID: ceae94b97e043b7f46aeb28e08f01c239743b1790b1b608989a0643c6e0ef4cc
            • Opcode Fuzzy Hash: 09aeee9c82b701a0f30763ac54cfa532c0beac54458aca770705d29fa096a67c
            • Instruction Fuzzy Hash: 96916E725082059FCB18EF24D995DAFB7B8EF85710F01491DF5829B2A2DA70EE44CB92
            APIs
              • Part of subcall function 00AB48AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AB48A1,?,?,00AB37C0,?), ref: 00AB48CE
            • CoInitialize.OLE32(00000000), ref: 00B1BA47
            • CoCreateInstance.OLE32(00B42D6C,00000000,00000001,00B42BDC,?), ref: 00B1BA60
            • CoUninitialize.OLE32 ref: 00B1BA7D
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
            • String ID: .lnk
            • API String ID: 2126378814-24824748
            • Opcode ID: e0d51a86d34d55a70252fae78856aca644acaf8b0281d14b8b82cd5d61169e24
            • Instruction ID: 1846de7d58a5837bdb8c7e92b22d4a939230281b3882182f2a79a20cdc840ddd
            • Opcode Fuzzy Hash: e0d51a86d34d55a70252fae78856aca644acaf8b0281d14b8b82cd5d61169e24
            • Instruction Fuzzy Hash: 38A156756043019FCB10DF14C584EAABBE9FF89314F548998F89A9B3A2CB31ED45CB91
            APIs
            • __startOneArgErrorHandling.LIBCMT ref: 00AD521D
              • Part of subcall function 00AE0270: __87except.LIBCMT ref: 00AE02AB
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorHandling__87except__start
            • String ID: pow
            • API String ID: 2905807303-2276729525
            • Opcode ID: 8abac50382277a47eb2e499744ad6b0714fb85c7b64fa8dc15ad7d9efdeba080
            • Instruction ID: 65c52b6411376b7a8c0bf721ad7316991e20c02d504ccd3a890c6f09db991da0
            • Opcode Fuzzy Hash: 8abac50382277a47eb2e499744ad6b0714fb85c7b64fa8dc15ad7d9efdeba080
            • Instruction Fuzzy Hash: 66515B70E0CA4297DB11A735C9517AE3BE4EB00710F244D5AF0E64A3E9EFB48DC89646
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID: #$+
            • API String ID: 0-2552117581
            • Opcode ID: d410878d1dba6e52c5a4cb1a0a9346ab9e46bace770c7a7e420cd2a41afff27a
            • Instruction ID: 6859dc23b7194f349570da3575475a39f86ef83d7df1631f862824fca59d708f
            • Opcode Fuzzy Hash: d410878d1dba6e52c5a4cb1a0a9346ab9e46bace770c7a7e420cd2a41afff27a
            • Instruction Fuzzy Hash: 61510F7550524A9FDF25DF28C489BFA7FB4EF59310F144096E9929B2E1C730AC86CB60
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memset$_memmove
            • String ID: ERCP
            • API String ID: 2532777613-1384759551
            • Opcode ID: cb93c2d0b21a35e2d0f8f8cf739dde351e49592b1acd25728433e829a65df5d6
            • Instruction ID: 9717800387020bbcc8fc9b548028706aea5d6f34a4247f8fcbd48d5c41fe3f84
            • Opcode Fuzzy Hash: cb93c2d0b21a35e2d0f8f8cf739dde351e49592b1acd25728433e829a65df5d6
            • Instruction Fuzzy Hash: 3E51A571900305DBDB28CF55CA81BAABBF4FF04714F2085AEE55ACB281E775E984CB40
            APIs
              • Part of subcall function 00B117ED: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B09558,?,?,00000034,00000800,?,00000034), ref: 00B11817
            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00B09B01
              • Part of subcall function 00B117B8: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B09587,?,?,00000800,?,00001073,00000000,?,?), ref: 00B117E2
              • Part of subcall function 00B1170F: GetWindowThreadProcessId.USER32(?,?), ref: 00B1173A
              • Part of subcall function 00B1170F: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00B0951C,00000034,?,?,00001004,00000000,00000000), ref: 00B1174A
              • Part of subcall function 00B1170F: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00B0951C,00000034,?,?,00001004,00000000,00000000), ref: 00B11760
            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B09B6E
            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B09BBB
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
            • String ID: @
            • API String ID: 4150878124-2766056989
            • Opcode ID: 6810f136827d8b2c058ee6e8b7ba0badedf2b91592328a68956638200c3197cf
            • Instruction ID: 33ab17597093d84929bbe9ef5f76c99e5f35d8367728e6bad1b6acd7faf980ca
            • Opcode Fuzzy Hash: 6810f136827d8b2c058ee6e8b7ba0badedf2b91592328a68956638200c3197cf
            • Instruction Fuzzy Hash: AA414F76901218BFDB10DFA8CD81EEEBBB8EB09310F104095FA55B7291DA706E85CB61
            APIs
            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B3F910,00000000,?,?,?,?), ref: 00B37A11
            • GetWindowLongW.USER32 ref: 00B37A2E
            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B37A3E
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$Long
            • String ID: SysTreeView32
            • API String ID: 847901565-1698111956
            • Opcode ID: 5dbdc854e99d3bab7e45f33765ea1fc270e20845d5dfcecf7693a2e6f14a52c8
            • Instruction ID: 5c0fb4f8341da07ce7ac574eb58d52016725bbaccb12a4847afec44c5fa4aa9b
            • Opcode Fuzzy Hash: 5dbdc854e99d3bab7e45f33765ea1fc270e20845d5dfcecf7693a2e6f14a52c8
            • Instruction Fuzzy Hash: 5A31CD71644606ABDB218E38CC45BEA7BE9EB09324F344765F8B5A32E1CB30ED508B50
            APIs
            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00B37493
            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00B374A7
            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B374CB
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$Window
            • String ID: SysMonthCal32
            • API String ID: 2326795674-1439706946
            • Opcode ID: bb43c9cfb4489047acddff7459b836ed47fa09f917b4cab7073f40a21caa41db
            • Instruction ID: 1760332f45b6c332b234aa0a93a60c85e8edb60835b03041388de2d645b0c7ff
            • Opcode Fuzzy Hash: bb43c9cfb4489047acddff7459b836ed47fa09f917b4cab7073f40a21caa41db
            • Instruction Fuzzy Hash: 5621A332540219BBDF218F94DC82FEA3BB9EF48724F210154FE546B191DA75B855CB90
            APIs
            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00B37C7C
            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00B37C8A
            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B37C91
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$DestroyWindow
            • String ID: msctls_updown32
            • API String ID: 4014797782-2298589950
            • Opcode ID: 19dbd3e9da0013b40798232cd50d9ad1c68f704757b0d88c654a0c04daa739f1
            • Instruction ID: 88a840f38d7cb794d572f35c4bca4c4307c1c40e6d6840e98e6031578f56da95
            • Opcode Fuzzy Hash: 19dbd3e9da0013b40798232cd50d9ad1c68f704757b0d88c654a0c04daa739f1
            • Instruction Fuzzy Hash: DE217CB5600209AFDB20DF14DC91DA737EDEF4A354F540499FA049B2A1CB71EC41CBA0
            APIs
            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00B36D6D
            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00B36D7D
            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00B36DA2
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend$MoveWindow
            • String ID: Listbox
            • API String ID: 3315199576-2633736733
            • Opcode ID: a12c398c6d18b1a35f4468880856c3b5a717704777560988cdbaeafe1ab6fd66
            • Instruction ID: ae264b6fc169a802b7af3efa0fe1e67c2563021f8b06c2ee90452566f245be3f
            • Opcode Fuzzy Hash: a12c398c6d18b1a35f4468880856c3b5a717704777560988cdbaeafe1ab6fd66
            • Instruction Fuzzy Hash: 4B219F32610118BFEF118F54DC85FBB3BFAEF89764F218164FA049B1A0CA71AC5187A0
            APIs
            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00B377A4
            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00B377B9
            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00B377C6
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend
            • String ID: msctls_trackbar32
            • API String ID: 3850602802-1010561917
            • Opcode ID: b4e150b6c64ba0fe9f74f22cfcf95042b2d4493eac56edd9a39cfc3c0bdf3254
            • Instruction ID: e0aa637c2f9c60ac3ecf5d56669916379a242e5b5cbad79d4d793b3f36cdecb0
            • Opcode Fuzzy Hash: b4e150b6c64ba0fe9f74f22cfcf95042b2d4493eac56edd9a39cfc3c0bdf3254
            • Instruction Fuzzy Hash: 6F11E772244208BAEF245F60CC45FEB77EDEF89714F110118F641960E0DA71A851DB20
            APIs
            • LoadLibraryA.KERNEL32(kernel32.dll,?,00AB4C2E), ref: 00AB4CA3
            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00AB4CB5
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AddressLibraryLoadProc
            • String ID: GetNativeSystemInfo$kernel32.dll
            • API String ID: 2574300362-192647395
            • Opcode ID: a7612e847d08e79374e0de3ce1710b56b9c9f70b85a95c2b002d94385436f22a
            • Instruction ID: 2f6236805ed88bddd0b2d8bcf617ac72ad686f8f33b5e6c9814798b817a2f340
            • Opcode Fuzzy Hash: a7612e847d08e79374e0de3ce1710b56b9c9f70b85a95c2b002d94385436f22a
            • Instruction Fuzzy Hash: 53D01270910727DFD7205F31D958656B6D9AF06B51F218879D885D6161EB70D480C650
            APIs
            • LoadLibraryA.KERNEL32(kernel32.dll,?,00AB4CE1,?), ref: 00AB4DA2
            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AB4DB4
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AddressLibraryLoadProc
            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
            • API String ID: 2574300362-1355242751
            • Opcode ID: 8747e81116d65257586baa36808ef52da595c8cf53413b6143191468a5df2cca
            • Instruction ID: 3ffdea9ff9c439ca979c2af031c8fa5b6163c61b77e7bb841ad9ea04f2b5f49e
            • Opcode Fuzzy Hash: 8747e81116d65257586baa36808ef52da595c8cf53413b6143191468a5df2cca
            • Instruction Fuzzy Hash: 98D01271950B13CFD7205F31D809B9676D8AF15355F21887AD8C6D6161EB74D480C650
            APIs
            • LoadLibraryA.KERNEL32(kernel32.dll,?,00AB4D2E,?,00AB4F4F,?,00B752F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00AB4D6F
            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AB4D81
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AddressLibraryLoadProc
            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
            • API String ID: 2574300362-3689287502
            • Opcode ID: 7d4822d96c8792cb2829ba62408af079323c831a06a4fc4626eb44c0c751899d
            • Instruction ID: 0779f2689c7990c6d6a1d16c2c0bef252f9cbbaf4177350104758c8fc2121b22
            • Opcode Fuzzy Hash: 7d4822d96c8792cb2829ba62408af079323c831a06a4fc4626eb44c0c751899d
            • Instruction Fuzzy Hash: 83D01270910B13CFD7205F31D80876A77D8BF19351F21897A9486D6261EA74D480CA50
            APIs
            • LoadLibraryA.KERNEL32(advapi32.dll,?,00B310C1), ref: 00B30E80
            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B30E92
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AddressLibraryLoadProc
            • String ID: RegDeleteKeyExW$advapi32.dll
            • API String ID: 2574300362-4033151799
            • Opcode ID: b79b78b02af7c7eff16029d1da730fc5bda2cd306559518e5557d4e0fd30cb98
            • Instruction ID: c7949e23c410eed5b58afe0716ff7bfdd9fa094f3d838eb4ccd687f349ad5bb9
            • Opcode Fuzzy Hash: b79b78b02af7c7eff16029d1da730fc5bda2cd306559518e5557d4e0fd30cb98
            • Instruction Fuzzy Hash: 97D01270910723CFD7205F35D91865776D8EF15351F218C7AA486D2160DB78C480CA51
            APIs
            • LoadLibraryA.KERNEL32(kernel32.dll,00000001,00B28E09,?,00B3F910), ref: 00B29203
            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00B29215
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AddressLibraryLoadProc
            • String ID: GetModuleHandleExW$kernel32.dll
            • API String ID: 2574300362-199464113
            • Opcode ID: 5a84b36d675da0474696c9ee3e2370eb6abaa78fb11c3b22ea71961ba86d2325
            • Instruction ID: 42704e2944dde38b6ff722b530ae0359c34f0f425538238fa4ee1394b8dfd36b
            • Opcode Fuzzy Hash: 5a84b36d675da0474696c9ee3e2370eb6abaa78fb11c3b22ea71961ba86d2325
            • Instruction Fuzzy Hash: 93D01270954723DFDB205F31ED0861676D5EF05351F218C799889D6561EAB4C480C650
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: LocalTime__swprintf
            • String ID: %.3d$WIN_XPe
            • API String ID: 2070861257-2409531811
            • Opcode ID: caa039af81e017336f5a457b3f7c2b5b20c0cbc616e1e88f221dad3a2b3de235
            • Instruction ID: 386493d847bf83f8e9794a00de51b8b11328cc2bc4c311154798b27dea97c559
            • Opcode Fuzzy Hash: caa039af81e017336f5a457b3f7c2b5b20c0cbc616e1e88f221dad3a2b3de235
            • Instruction Fuzzy Hash: D3D01772C0511DEACB00EBD18D85CFEB3BCAB08350F644452FA06A2040E675CB84AB21
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 755c0a17feb185d2bb9581b0254b0992858bbb832e5b0a57983f8afd00ac0b80
            • Instruction ID: d59fd8c3cfeb14e882bff8069c5a3070048fe711c7f76baade17d89f87df44a3
            • Opcode Fuzzy Hash: 755c0a17feb185d2bb9581b0254b0992858bbb832e5b0a57983f8afd00ac0b80
            • Instruction Fuzzy Hash: 73C11875E04216EFCB14CF98C884AAAFBF5FF48714B158598E806EB291DB31ED41CB90
            APIs
            • CharLowerBuffW.USER32(?,?), ref: 00B2E1D2
            • CharLowerBuffW.USER32(?,?), ref: 00B2E215
              • Part of subcall function 00B2D8B9: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 00B2D8D9
            • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00B2E415
            • _memmove.LIBCMT ref: 00B2E428
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: BuffCharLower$AllocVirtual_memmove
            • String ID:
            • API String ID: 3659485706-0
            • Opcode ID: e4f78005cb98e0658bca473e75e4ffdc640128aa1f808d55fc96b81d86b6e2d4
            • Instruction ID: 97e23bc6accb80caf98f57b8c2d1f0f7aafc7eb36a5996ae8b93ac58a2e46a87
            • Opcode Fuzzy Hash: e4f78005cb98e0658bca473e75e4ffdc640128aa1f808d55fc96b81d86b6e2d4
            • Instruction Fuzzy Hash: 97C14C71A08311DFC704DF25D480A6ABBE4FF89714F1489AEF8AA9B351D731E945CB82
            APIs
            • CoInitialize.OLE32(00000000), ref: 00B281D8
            • CoUninitialize.OLE32 ref: 00B281E3
              • Part of subcall function 00B0D87B: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00B0D8E3
            • VariantInit.OLEAUT32(?), ref: 00B281EE
            • VariantClear.OLEAUT32(?), ref: 00B284BF
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
            • String ID:
            • API String ID: 780911581-0
            • Opcode ID: c2a62773b9bface5f85e80e579c20e5b961c801254abaca12c82d0686be34229
            • Instruction ID: 8d535b8985cb086824e3c0204cc8215bde7de608c6b1fee500caa86aad3a2f06
            • Opcode Fuzzy Hash: c2a62773b9bface5f85e80e579c20e5b961c801254abaca12c82d0686be34229
            • Instruction Fuzzy Hash: FEA148356047119FCB10EF14D581A6AB7E4FF88760F14848DFA9A9B3A2CB30ED05CB86
            APIs
            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00B42C7C,?), ref: 00B07A12
            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00B42C7C,?), ref: 00B07A2A
            • CLSIDFromProgID.OLE32(?,?,00000000,00B3FB80,000000FF,?,00000000,00000800,00000000,?,00B42C7C,?), ref: 00B07A4F
            • _memcmp.LIBCMT ref: 00B07A70
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FromProg$FreeTask_memcmp
            • String ID:
            • API String ID: 314563124-0
            • Opcode ID: 30b8d48606eb0d7c9c7870d1c16acaa751696de118a96aba9e4ac6eb784aae08
            • Instruction ID: a741df486b05b72fd2eb829add84b1ec30f26eb5da1738baa85799a0a40d83c8
            • Opcode Fuzzy Hash: 30b8d48606eb0d7c9c7870d1c16acaa751696de118a96aba9e4ac6eb784aae08
            • Instruction Fuzzy Hash: 9981EA75E00109EFCB04DF94C984EEEBBB9FF89315F204599E515AB250DB71AE05CB60
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Variant$AllocClearCopyInitString
            • String ID:
            • API String ID: 2808897238-0
            • Opcode ID: 2d36cbaf15705b8b2e2e5ceb8eca2523bf17f5b4a6fb5e8fadc87d6bc896e62d
            • Instruction ID: 80f4a7d82aef3e76993ccdf030df76aaeeef266e139821f9baaa5df260f46b25
            • Opcode Fuzzy Hash: 2d36cbaf15705b8b2e2e5ceb8eca2523bf17f5b4a6fb5e8fadc87d6bc896e62d
            • Instruction Fuzzy Hash: 1851B4307443029BDB24AF65D895A6EFBE9EF08310F20997FE596CB2D1DF7098908715
            APIs
            • GetWindowRect.USER32(00C9E9D0,?), ref: 00B39895
            • ScreenToClient.USER32(00000002,00000002), ref: 00B398C8
            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00B39935
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$ClientMoveRectScreen
            • String ID:
            • API String ID: 3880355969-0
            • Opcode ID: 602e6453e919f9335c2e5aee565bac9f0f74d9ea235d78bb791b88dc0c3b1415
            • Instruction ID: 9ebe4c6138accfff5c2a028dcf3ccd76dd743949ae9a041b75062539dc37ce13
            • Opcode Fuzzy Hash: 602e6453e919f9335c2e5aee565bac9f0f74d9ea235d78bb791b88dc0c3b1415
            • Instruction Fuzzy Hash: 74514335900109EFDF24DF58D980AAE7BF5FF85360F248299F8559B2A0D771AD81CB90
            APIs
            • socket.WSOCK32(00000002,00000002,00000011), ref: 00B26AE7
            • WSAGetLastError.WSOCK32(00000000), ref: 00B26AF7
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00B26B5B
            • WSAGetLastError.WSOCK32(00000000), ref: 00B26B67
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ErrorLast$__itow__swprintfsocket
            • String ID:
            • API String ID: 2214342067-0
            • Opcode ID: 43651898abe9ceb07cb9d4b501b1269b02839721ccbb54e2502bd9da1662cef1
            • Instruction ID: d762407e363d0da2cf580227cdcfdf1b5a421135bd8b3b59d8af650ee7e87a0c
            • Opcode Fuzzy Hash: 43651898abe9ceb07cb9d4b501b1269b02839721ccbb54e2502bd9da1662cef1
            • Instruction Fuzzy Hash: DA41B135740210AFEB24AF28DD8BF7A77EDEB08B10F548058FA599B2D3DA749C018791
            APIs
            • #16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,00B3F910), ref: 00B265BD
            • _strlen.LIBCMT ref: 00B265EF
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _strlen
            • String ID:
            • API String ID: 4218353326-0
            • Opcode ID: e580882922a1d200fa43230ee3309835a4c6653bab93eb9b1c4bf0ae5dafadd7
            • Instruction ID: f22df243c28b5935c0e93dacc4426a23e2d806cc6b004ad2b92aecf2ce674b90
            • Opcode Fuzzy Hash: e580882922a1d200fa43230ee3309835a4c6653bab93eb9b1c4bf0ae5dafadd7
            • Instruction Fuzzy Hash: 3A416031A00114AFCB15EBA4E9D5FEEB7E9EF58310F148199F91A9B292DB30AD40C751
            APIs
            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00B1B92A
            • GetLastError.KERNEL32(?,00000000), ref: 00B1B950
            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00B1B975
            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00B1B9A1
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CreateHardLink$DeleteErrorFileLast
            • String ID:
            • API String ID: 3321077145-0
            • Opcode ID: 556b21b81cfbb4ab4d23fd1283e282552ff6cc5d35ed215d9ae07873b45c6278
            • Instruction ID: 3ae71b7aedc69152d99d7baa1e904561b9dd510e46670fa2b33d75b669a591fc
            • Opcode Fuzzy Hash: 556b21b81cfbb4ab4d23fd1283e282552ff6cc5d35ed215d9ae07873b45c6278
            • Instruction Fuzzy Hash: E8412839600651DFCB11EF15C684E9EBBE5EF89310B198088E94AAB772CB30FD41CB91
            APIs
            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B38910
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: InvalidateRect
            • String ID:
            • API String ID: 634782764-0
            • Opcode ID: bec30f9068a09dd9d5f5207c1d0828f2f7f70091f025f498507f5434ab08e965
            • Instruction ID: 9e6949471e95bbc3ed00e6d1c099bf84fa50cfa0e86a51e2640f92c641435463
            • Opcode Fuzzy Hash: bec30f9068a09dd9d5f5207c1d0828f2f7f70091f025f498507f5434ab08e965
            • Instruction Fuzzy Hash: 6631D230601308BFEF219A58CC89BBC37E5EB06310F745295FA51E72E1CF70A9808A93
            APIs
            • ClientToScreen.USER32(?,?), ref: 00B3AB92
            • GetWindowRect.USER32(?,?), ref: 00B3AC08
            • PtInRect.USER32(?,?,00B3C07E), ref: 00B3AC18
            • MessageBeep.USER32(00000000), ref: 00B3AC89
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Rect$BeepClientMessageScreenWindow
            • String ID:
            • API String ID: 1352109105-0
            • Opcode ID: 2bd89ef4d0d7cb3e111d60ae289adea232eada42a334003c5c01563c6666f636
            • Instruction ID: e50cea4a8555e0c84f84e3d95255d85207ef1d0f2e1def57ce535e3e470c3707
            • Opcode Fuzzy Hash: 2bd89ef4d0d7cb3e111d60ae289adea232eada42a334003c5c01563c6666f636
            • Instruction Fuzzy Hash: 3A416E30A00115DFCF11CF59CC84AA9BBF5FB59310F7891E9E4989B261D730E945CB52
            APIs
            • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00B10E58
            • SetKeyboardState.USER32(00000080,?,00000001), ref: 00B10E74
            • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 00B10EDA
            • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 00B10F2C
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: KeyboardState$InputMessagePostSend
            • String ID:
            • API String ID: 432972143-0
            • Opcode ID: 741415c0ee74315d57aa86b7a50b1bdc27f55373b0cf52bfccf008672651f923
            • Instruction ID: 48e9b6f91b24681ef77d10e28a8cd8267ae39850aaf5746fea7fb69fb93cfe20
            • Opcode Fuzzy Hash: 741415c0ee74315d57aa86b7a50b1bdc27f55373b0cf52bfccf008672651f923
            • Instruction Fuzzy Hash: 75316B32D60208AEFF30AB268C09BFE7BE5EB58310F98469AF4C0521D1C7F589C19751
            APIs
            • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00B10F97
            • SetKeyboardState.USER32(00000080,?,00008000), ref: 00B10FB3
            • PostMessageW.USER32(00000000,00000101,00000000), ref: 00B11012
            • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00B11064
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: KeyboardState$InputMessagePostSend
            • String ID:
            • API String ID: 432972143-0
            • Opcode ID: 68406c5f32448ff3b7d5056977d8f7f41b23dedd08dabbaa61bba4b5869563a4
            • Instruction ID: 8ffb34c15df20a36bafbd69c8a22d733b3689ff08c151ae208e1681925d53b39
            • Opcode Fuzzy Hash: 68406c5f32448ff3b7d5056977d8f7f41b23dedd08dabbaa61bba4b5869563a4
            • Instruction Fuzzy Hash: 2F315C30D00288DEFF309A298C0DBFE7BE9EB5C311F94469AE581921D1C37589C19761
            APIs
            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00AE637B
            • __isleadbyte_l.LIBCMT ref: 00AE63A9
            • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00AE63D7
            • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00AE640D
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
            • String ID:
            • API String ID: 3058430110-0
            • Opcode ID: 9a3d9282597c240774de56e655902bab1b667ffddd7ae13c22ba4ada1f445b63
            • Instruction ID: d9796aa2e15d52e9908785237722b31e04a63752cefe52209a5440e8c4284f2b
            • Opcode Fuzzy Hash: 9a3d9282597c240774de56e655902bab1b667ffddd7ae13c22ba4ada1f445b63
            • Instruction Fuzzy Hash: 0A31B031600286EFDB21CF66C944BBE7FB5FF55390F154829E8258B191EB31E850DB50
            APIs
            • GetForegroundWindow.USER32 ref: 00B34F6B
              • Part of subcall function 00B13685: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00B1369F
              • Part of subcall function 00B13685: GetCurrentThreadId.KERNEL32 ref: 00B136A6
              • Part of subcall function 00B13685: AttachThreadInput.USER32(00000000,?,00B150AC), ref: 00B136AD
            • GetCaretPos.USER32(?), ref: 00B34F7C
            • ClientToScreen.USER32(00000000,?), ref: 00B34FB7
            • GetForegroundWindow.USER32 ref: 00B34FBD
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
            • String ID:
            • API String ID: 2759813231-0
            • Opcode ID: b3ef02cd555d386917b91c5671788fd09f2efc49a972e8ddf9714763f6606c16
            • Instruction ID: 124f24131a4dabc06d80550d17c22e81c048e7fc04d41afa033933ef543e022e
            • Opcode Fuzzy Hash: b3ef02cd555d386917b91c5671788fd09f2efc49a972e8ddf9714763f6606c16
            • Instruction Fuzzy Hash: B9314171D00108AFDB00EFA5C9859EFB7FDEF99300F11406AE515E7252EA759E41CBA0
            APIs
              • Part of subcall function 00AB2612: GetWindowLongW.USER32(?,000000EB), ref: 00AB2623
            • GetCursorPos.USER32(?), ref: 00B3C53C
            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00AEBB2B,?,?,?,?,?), ref: 00B3C551
            • GetCursorPos.USER32(?), ref: 00B3C59E
            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00AEBB2B,?,?,?), ref: 00B3C5D8
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Cursor$LongMenuPopupProcTrackWindow
            • String ID:
            • API String ID: 2864067406-0
            • Opcode ID: b22f0597cf8734a0fdb9536d91409bc0818646371d4125cec8f0beb33c17155e
            • Instruction ID: 5d7d12bc3af83d9ddc2ae80d62f1a316de38f3c88ffea4a5ed247a98f97fff15
            • Opcode Fuzzy Hash: b22f0597cf8734a0fdb9536d91409bc0818646371d4125cec8f0beb33c17155e
            • Instruction Fuzzy Hash: 07318536600418AFCB25CF94C859EFE7FF9EB59310F1540A9F9059B262DB31AD50DBA0
            APIs
              • Part of subcall function 00B08432: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B08449
              • Part of subcall function 00B08432: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B08453
              • Part of subcall function 00B08432: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B08462
              • Part of subcall function 00B08432: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B08469
              • Part of subcall function 00B08432: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B0847F
            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00B089CB
            • _memcmp.LIBCMT ref: 00B089EE
            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B08A24
            • HeapFree.KERNEL32(00000000), ref: 00B08A2B
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
            • String ID:
            • API String ID: 1592001646-0
            • Opcode ID: c527d46f720533a72f3df5f0888a096829d3f435bc8e9f636bb9ee6ccddc5428
            • Instruction ID: 4398c4ecc7d68c6daddbaf76ead58a54650099619c4c969515c2561a526bb0b2
            • Opcode Fuzzy Hash: c527d46f720533a72f3df5f0888a096829d3f435bc8e9f636bb9ee6ccddc5428
            • Instruction Fuzzy Hash: 9F217A71E40109EFDF10DFA4C945BEEBBF8EF44315F15409AE495A7291DB30AA05CB51
            APIs
            • __setmode.LIBCMT ref: 00AD0B2E
              • Part of subcall function 00AB5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00B1793F,?,?,00000000), ref: 00AB5B8C
              • Part of subcall function 00AB5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00B1793F,?,?,00000000,?,?), ref: 00AB5BB0
            • _fprintf.LIBCMT ref: 00AD0B65
            • OutputDebugStringW.KERNEL32(?), ref: 00B06111
              • Part of subcall function 00AD4C1A: _flsall.LIBCMT ref: 00AD4C33
            • __setmode.LIBCMT ref: 00AD0B9A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
            • String ID:
            • API String ID: 521402451-0
            • Opcode ID: f3faa09d0a7bbcd737cb0ff15f3af92c153308429bb5b022fcb06d3bf92f55a1
            • Instruction ID: 01c0701fe520162cf51c0e4afa10c398085eed7597bcb21485dcc5a334e06e1e
            • Opcode Fuzzy Hash: f3faa09d0a7bbcd737cb0ff15f3af92c153308429bb5b022fcb06d3bf92f55a1
            • Instruction Fuzzy Hash: F011D2329086047BDB04B7B49D42EFE7BADAF49320F14006BF106A72E2EE7159915795
            APIs
            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B218B9
              • Part of subcall function 00B21943: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B21962
              • Part of subcall function 00B21943: InternetCloseHandle.WININET(00000000), ref: 00B219FF
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Internet$CloseConnectHandleOpen
            • String ID:
            • API String ID: 1463438336-0
            • Opcode ID: b642d95d4cdf0707c0a49468ba5929a0b09602371ef64c6daa416da5ef0aa050
            • Instruction ID: 77995f8b69dcf8d0474170aee78649caa0ff7aef6b7cae11fd0a4a873e360b11
            • Opcode Fuzzy Hash: b642d95d4cdf0707c0a49468ba5929a0b09602371ef64c6daa416da5ef0aa050
            • Instruction Fuzzy Hash: 86210131200725BFEB119F64AC11F7AB7E9FFA8700F10446AFA1996250CB31D85297A0
            APIs
            • GetFileAttributesW.KERNEL32(?,00B3FAC0), ref: 00B13AA8
            • GetLastError.KERNEL32 ref: 00B13AB7
            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00B13AC6
            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00B3FAC0), ref: 00B13B23
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CreateDirectory$AttributesErrorFileLast
            • String ID:
            • API String ID: 2267087916-0
            • Opcode ID: e2fb023bcaa14d436fbd5dcfbc4880df8b41024b2a08f7bc7b8b6d53eb9abc4c
            • Instruction ID: 55d2b6ae6ea1d693da226159779f4f89bc257166a90f2bf3b517241054779d93
            • Opcode Fuzzy Hash: e2fb023bcaa14d436fbd5dcfbc4880df8b41024b2a08f7bc7b8b6d53eb9abc4c
            • Instruction Fuzzy Hash: 822176709092019F8310DF24C9849EFB7E8EE55B54F544A9DF499C72A2FB30DE85CB82
            APIs
            • _free.LIBCMT ref: 00AE5281
              • Part of subcall function 00AD588C: __FF_MSGBANNER.LIBCMT ref: 00AD58A3
              • Part of subcall function 00AD588C: __NMSG_WRITE.LIBCMT ref: 00AD58AA
              • Part of subcall function 00AD588C: RtlAllocateHeap.NTDLL(00C80000,00000000,00000001,00000000,?,?,?,00AD0F53,?), ref: 00AD58CF
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: AllocateHeap_free
            • String ID:
            • API String ID: 614378929-0
            • Opcode ID: a91587236a6b920163c09ba4289e97a05093c0cdf68a68b802842fd1fbc15540
            • Instruction ID: e5e017930a126507a9edd71d18b4c275d25c06cfee99ff2291ea294bd18dd65b
            • Opcode Fuzzy Hash: a91587236a6b920163c09ba4289e97a05093c0cdf68a68b802842fd1fbc15540
            • Instruction Fuzzy Hash: 3511CA32D01A569FCF202F76BD056AE3798AF00764B20452AFA069B251DE3889409B95
            APIs
            • _memset.LIBCMT ref: 00AB4560
              • Part of subcall function 00AB410D: _memset.LIBCMT ref: 00AB418D
              • Part of subcall function 00AB410D: _wcscpy.LIBCMT ref: 00AB41E1
              • Part of subcall function 00AB410D: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00AB41F1
            • KillTimer.USER32(?,00000001,?,?), ref: 00AB45B5
            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AB45C4
            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00AED5FE
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
            • String ID:
            • API String ID: 1378193009-0
            • Opcode ID: 23e0fbdda6de3e84db372698011ddc0460ac2facc378767ba8287f322a98b93e
            • Instruction ID: 8b6814c77df9c4c55486693eae701d9506ad370f0773f865994df5db41c1c1ed
            • Opcode Fuzzy Hash: 23e0fbdda6de3e84db372698011ddc0460ac2facc378767ba8287f322a98b93e
            • Instruction Fuzzy Hash: 5321D7709047849FEB328B24D855BE7BBEC9F15308F14009EE69E57243DB745E84CB51
            APIs
              • Part of subcall function 00AB5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00B1793F,?,?,00000000), ref: 00AB5B8C
              • Part of subcall function 00AB5B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00B1793F,?,?,00000000,?,?), ref: 00AB5BB0
            • gethostbyname.WSOCK32(?,?,?), ref: 00B264AF
            • WSAGetLastError.WSOCK32(00000000), ref: 00B264BA
            • _memmove.LIBCMT ref: 00B264E7
            • inet_ntoa.WSOCK32(?), ref: 00B264F2
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
            • String ID:
            • API String ID: 1504782959-0
            • Opcode ID: a156022fdb48cd84dbf414547da861aaa351193972d79b07f2e48424e3df2b3d
            • Instruction ID: 24a5a9e9715a659517e779a9bf335f4c97869e2ef7475697d99347c45ec730d9
            • Opcode Fuzzy Hash: a156022fdb48cd84dbf414547da861aaa351193972d79b07f2e48424e3df2b3d
            • Instruction Fuzzy Hash: 5F11FE35900109AFCB04FBA4DE96DEEB7BDAF18310B144165F506A7262DF31AE14DB61
            APIs
            • SendMessageW.USER32(?,000000B0,?,?), ref: 00B08E23
            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B08E35
            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B08E4B
            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B08E66
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend
            • String ID:
            • API String ID: 3850602802-0
            • Opcode ID: 2683280f07b0a96b612b2487b48ea6ee0d0c63324b69bc976f8f5dbd9f253809
            • Instruction ID: 91517625df7ed9207d1a0f8ca8b2ff83ef03838f5391d5732c29452ba06beecb
            • Opcode Fuzzy Hash: 2683280f07b0a96b612b2487b48ea6ee0d0c63324b69bc976f8f5dbd9f253809
            • Instruction Fuzzy Hash: 82112A79901218FFEB11DFA5CD85EADBBB8FB48710F204095EA04B7290DA716F11DB94
            APIs
              • Part of subcall function 00AB2612: GetWindowLongW.USER32(?,000000EB), ref: 00AB2623
            • DefDlgProcW.USER32(?,00000020,?), ref: 00AB12D8
            • GetClientRect.USER32(?,?), ref: 00AEB77B
            • GetCursorPos.USER32(?), ref: 00AEB785
            • ScreenToClient.USER32(?,?), ref: 00AEB790
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Client$CursorLongProcRectScreenWindow
            • String ID:
            • API String ID: 4127811313-0
            • Opcode ID: b5878f983054784af5402fbcd1538947ebea458b6abfeb1a4e5309fe3838483e
            • Instruction ID: a32c44899e4883ec2948c379b994f518b1e84c6ef13676986e79a2425d4b134b
            • Opcode Fuzzy Hash: b5878f983054784af5402fbcd1538947ebea458b6abfeb1a4e5309fe3838483e
            • Instruction Fuzzy Hash: C6112B35A00119EBCB14DF94D995DFE77BCEB05301F600466F951E7151CB30BA518BA5
            APIs
            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00B1001E,?,00B11071,?,00008000), ref: 00B11490
            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00B1001E,?,00B11071,?,00008000), ref: 00B114B5
            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00B1001E,?,00B11071,?,00008000), ref: 00B114BF
            • Sleep.KERNEL32(?,?,?,?,?,?,?,00B1001E,?,00B11071,?,00008000), ref: 00B114F2
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CounterPerformanceQuerySleep
            • String ID:
            • API String ID: 2875609808-0
            • Opcode ID: 1ac6ce51df1c3c82f262ca3d15d6577d1aeea62f2f38a5c077b451e0d02e2c5b
            • Instruction ID: 31cf7ab9c2fe0490218987c26f99cf15ffa933a4be9134c4876ef14ba91f40a0
            • Opcode Fuzzy Hash: 1ac6ce51df1c3c82f262ca3d15d6577d1aeea62f2f38a5c077b451e0d02e2c5b
            • Instruction Fuzzy Hash: C3113031C0092ED7CF009FA9E984AEDBBB8FF09B11F514595EA41B6340CF3495908B95
            APIs
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
            • String ID:
            • API String ID: 3016257755-0
            • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
            • Instruction ID: 757faac6cbf9b1cab2b66e184f4163f7559d23b43775b9dbbc30e990004ece13
            • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
            • Instruction Fuzzy Hash: 1901483204828ABBCF165F86CC058EE3F26BF28394B598615FE5858131D336C9B1AB81
            APIs
            • GetWindowRect.USER32(?,?), ref: 00B3B318
            • ScreenToClient.USER32(?,?), ref: 00B3B330
            • ScreenToClient.USER32(?,?), ref: 00B3B354
            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B3B36F
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ClientRectScreen$InvalidateWindow
            • String ID:
            • API String ID: 357397906-0
            • Opcode ID: be3364a3998807b545a4ce30116d9ee8853a5d2279e1fe2d97d7197c042c545f
            • Instruction ID: f775f76f43e9c08841b84363d95488f80fb8242652e48d5fb6e7b73763cf87bb
            • Opcode Fuzzy Hash: be3364a3998807b545a4ce30116d9ee8853a5d2279e1fe2d97d7197c042c545f
            • Instruction Fuzzy Hash: 69113479D0020AEFDB41CF98C4459EEBBF5FF08210F104166E914E3224D735AA55CF50
            APIs
            • _memset.LIBCMT ref: 00B3B678
            • _memset.LIBCMT ref: 00B3B687
            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00B76F20,00B76F64), ref: 00B3B6B6
            • CloseHandle.KERNEL32 ref: 00B3B6C8
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _memset$CloseCreateHandleProcess
            • String ID:
            • API String ID: 3277943733-0
            • Opcode ID: 9a3f7331a9eb18725cf17275a599928134ebb6a3632faf64ce29b292d87c1957
            • Instruction ID: a26db54412711e7050f6df7c933fded5275a0afab7c1317198aba4cac40dc033
            • Opcode Fuzzy Hash: 9a3f7331a9eb18725cf17275a599928134ebb6a3632faf64ce29b292d87c1957
            • Instruction Fuzzy Hash: 48F05EB2640704BEE3102B61BC06FBB7B9CEB19354F004425FA0DDB1A2DB715C108BA8
            APIs
            • EnterCriticalSection.KERNEL32(?), ref: 00B16C8F
              • Part of subcall function 00B1776D: _memset.LIBCMT ref: 00B177A2
            • _memmove.LIBCMT ref: 00B16CB2
            • _memset.LIBCMT ref: 00B16CBF
            • LeaveCriticalSection.KERNEL32(?), ref: 00B16CCF
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CriticalSection_memset$EnterLeave_memmove
            • String ID:
            • API String ID: 48991266-0
            • Opcode ID: 45f3a3d2629517c439a044ea3de906e43e2e93d994aec9f7ba62691d01ed9741
            • Instruction ID: 2b0840c5fe110a07cd766ba6ea471111c605786e02a679db251f88f2b46f906c
            • Opcode Fuzzy Hash: 45f3a3d2629517c439a044ea3de906e43e2e93d994aec9f7ba62691d01ed9741
            • Instruction Fuzzy Hash: 75F0543A100104BBCF016F55DD85E8ABB69FF49320F148065FE095F26ACB71A851CBB4
            APIs
            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00B0A179
            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B0A18C
            • GetCurrentThreadId.KERNEL32 ref: 00B0A193
            • AttachThreadInput.USER32(00000000), ref: 00B0A19A
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
            • String ID:
            • API String ID: 2710830443-0
            • Opcode ID: 2e47372eedbe6b46dcbc1b51316288f5ab4de2c6e97c18b42dac423f643c6a53
            • Instruction ID: 46f35bc5980ad77c371dbd2448db7f5fb676d7019d32c29c2ba2332830d48954
            • Opcode Fuzzy Hash: 2e47372eedbe6b46dcbc1b51316288f5ab4de2c6e97c18b42dac423f643c6a53
            • Instruction Fuzzy Hash: 9EE0ED31945329BBDB205FA2DC0DEEB7F5CEF277A1F508465F509A60A0CB719540CBA1
            APIs
            • GetSysColor.USER32(00000008), ref: 00AB2231
            • SetTextColor.GDI32(?,000000FF), ref: 00AB223B
            • SetBkMode.GDI32(?,00000001), ref: 00AB2250
            • GetStockObject.GDI32(00000005), ref: 00AB2258
            • GetWindowDC.USER32(?,00000000), ref: 00AEC003
            • GetPixel.GDI32(00000000,00000000,00000000), ref: 00AEC010
            • GetPixel.GDI32(00000000,?,00000000), ref: 00AEC029
            • GetPixel.GDI32(00000000,00000000,?), ref: 00AEC042
            • GetPixel.GDI32(00000000,?,?), ref: 00AEC062
            • ReleaseDC.USER32(?,00000000), ref: 00AEC06D
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
            • String ID:
            • API String ID: 1946975507-0
            • Opcode ID: a9f881111848cad4a216756d7becb7fa1eeb7f457a2b4db5dde2d153a6f63e89
            • Instruction ID: f90ab3b46b03f5b123398fb313548f2c90af2c82ec3c30ce52dd23ff0019fbe6
            • Opcode Fuzzy Hash: a9f881111848cad4a216756d7becb7fa1eeb7f457a2b4db5dde2d153a6f63e89
            • Instruction Fuzzy Hash: 13E03032500545EADB215F64FC0D7E83B10EB15332F108366FA69580E18B714590DB11
            APIs
            • GetCurrentThread.KERNEL32 ref: 00B08A43
            • OpenThreadToken.ADVAPI32(00000000,?,?,?,00B0860E), ref: 00B08A4A
            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00B0860E), ref: 00B08A57
            • OpenProcessToken.ADVAPI32(00000000,?,?,?,00B0860E), ref: 00B08A5E
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CurrentOpenProcessThreadToken
            • String ID:
            • API String ID: 3974789173-0
            • Opcode ID: 189400b2b4557a97fe7f58920064e16b330ad23e7f806df2de56901666252353
            • Instruction ID: 513b1b16c42e436e39a53b135d450be606733e8b91815be1e8ea8a247464b57c
            • Opcode Fuzzy Hash: 189400b2b4557a97fe7f58920064e16b330ad23e7f806df2de56901666252353
            • Instruction Fuzzy Hash: BEE08636B01222EFD7205FB46D0CB6B3BACEF50792F244869B285DB090DE349541C750
            APIs
            • GetDesktopWindow.USER32 ref: 00AF20B6
            • GetDC.USER32(00000000), ref: 00AF20C0
            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00AF20E0
            • ReleaseDC.USER32(?), ref: 00AF2101
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CapsDesktopDeviceReleaseWindow
            • String ID:
            • API String ID: 2889604237-0
            • Opcode ID: 5ea222f370ec5fa958402d59868e3d5524b366b2fbcf1b070d62f86bcf9260be
            • Instruction ID: 3b6cc3f79df14788e8460da7a142146f4629f76d55edd7cd20122a56de496cfe
            • Opcode Fuzzy Hash: 5ea222f370ec5fa958402d59868e3d5524b366b2fbcf1b070d62f86bcf9260be
            • Instruction Fuzzy Hash: 75E0E575C00205EFCB019FA0C909AAE7BB5EB4C350F208029F95AA7221CF388582DF40
            APIs
            • GetDesktopWindow.USER32 ref: 00AF20CA
            • GetDC.USER32(00000000), ref: 00AF20D4
            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00AF20E0
            • ReleaseDC.USER32(?), ref: 00AF2101
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CapsDesktopDeviceReleaseWindow
            • String ID:
            • API String ID: 2889604237-0
            • Opcode ID: cb49e38abfe0697307debeb19e5077fa927d4a69fc413927dbb124aec14dc18b
            • Instruction ID: 0ee7eb5821443c441465dba49695532c99278f9b29e40ccc277be84c3efa3c18
            • Opcode Fuzzy Hash: cb49e38abfe0697307debeb19e5077fa927d4a69fc413927dbb124aec14dc18b
            • Instruction Fuzzy Hash: 3AE01A75C00205AFCB019F70C909AAD7BF5EB4C350F208029F95AE7221CF389141DF40
            APIs
            • OleSetContainedObject.OLE32(?,00000001), ref: 00B0B780
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ContainedObject
            • String ID: AutoIt3GUI$Container
            • API String ID: 3565006973-3941886329
            • Opcode ID: a77c87d37ad5ac6547e641300ef9e118dbb05b43656222006169b5c173fbbbd2
            • Instruction ID: 2adaa961de36c7f040a00e38d081840eaed55852fc6055b10e22f907ab93b988
            • Opcode Fuzzy Hash: a77c87d37ad5ac6547e641300ef9e118dbb05b43656222006169b5c173fbbbd2
            • Instruction Fuzzy Hash: F6912871600601AFDB14DF64C894F6ABBE8FF48710F2485ADF94ACB6A1DBB1E840CB50
            APIs
              • Part of subcall function 00ACFE06: _wcscpy.LIBCMT ref: 00ACFE29
              • Part of subcall function 00AB9997: __itow.LIBCMT ref: 00AB99C2
              • Part of subcall function 00AB9997: __swprintf.LIBCMT ref: 00AB9A0C
            • __wcsnicmp.LIBCMT ref: 00B1B0B9
            • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 00B1B182
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
            • String ID: LPT
            • API String ID: 3222508074-1350329615
            • Opcode ID: 94f3485edaa8dbac2299439b17124dfa4342ddbbcdcb01cbc3995a20a83d071d
            • Instruction ID: 8f68b97fe33a75b8b1012d7c314e05a125895cf508eb3369466c9412b37d14ba
            • Opcode Fuzzy Hash: 94f3485edaa8dbac2299439b17124dfa4342ddbbcdcb01cbc3995a20a83d071d
            • Instruction Fuzzy Hash: B461A175A10215AFCB14DF94C995EEEB7F5EF08310F5140AAF546AB3A1DB30AE84CB90
            APIs
            • Sleep.KERNEL32(00000000), ref: 00AC2AC8
            • GlobalMemoryStatusEx.KERNEL32(?), ref: 00AC2AE1
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: GlobalMemorySleepStatus
            • String ID: @
            • API String ID: 2783356886-2766056989
            • Opcode ID: f83c6c20672bb81024816ca3a1ca906d7be150b7f8fcee9c515b9eef5a39fd2a
            • Instruction ID: ff5cc4986fbea0cf55b361115e0c7d7659ae0ab42b012bc383a0d9e7c8898035
            • Opcode Fuzzy Hash: f83c6c20672bb81024816ca3a1ca906d7be150b7f8fcee9c515b9eef5a39fd2a
            • Instruction Fuzzy Hash: 295155724187449BD320AF10DD86BAFBBFCFB86314F41885DF2D9521A2DB308569CB66
            APIs
              • Part of subcall function 00AB506B: __fread_nolock.LIBCMT ref: 00AB5089
            • _wcscmp.LIBCMT ref: 00B198CD
            • _wcscmp.LIBCMT ref: 00B198E0
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: _wcscmp$__fread_nolock
            • String ID: FILE
            • API String ID: 4029003684-3121273764
            • Opcode ID: c7f60b0005cd2155fb47cb3289540d0ad5b8cb901d74d1fc41961de56f787926
            • Instruction ID: 59dc0e159166b08eb0eea6a4815cdec1bc94fc36c2d9a432dd45cb75833b2d23
            • Opcode Fuzzy Hash: c7f60b0005cd2155fb47cb3289540d0ad5b8cb901d74d1fc41961de56f787926
            • Instruction Fuzzy Hash: B841D871A00649BEDF21ABA0CC85FEF77FDDF45710F4004B9B901B7181DA71AA4587A1
            APIs
            • _memset.LIBCMT ref: 00B226B4
            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00B226EA
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CrackInternet_memset
            • String ID: |
            • API String ID: 1413715105-2343686810
            • Opcode ID: 0d5778ccd9bc846061efb3bbd0912d9fe7e190d50cfd67111a5fa18a31720acb
            • Instruction ID: 5f48be65109bf9b19328e079f776bd77d9201463864d00820f86bb2f302a384d
            • Opcode Fuzzy Hash: 0d5778ccd9bc846061efb3bbd0912d9fe7e190d50cfd67111a5fa18a31720acb
            • Instruction Fuzzy Hash: 63311771804119AFDF01EFA4DD85EEEBFB9FF08310F100069F819A6266EB715A56DB60
            APIs
            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00B37B93
            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B37BA8
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend
            • String ID: '
            • API String ID: 3850602802-1997036262
            • Opcode ID: 3489e34ec3ea617c2224262500d4622f26e36141858c33bc6a32ee42e0af61ed
            • Instruction ID: 673ee262ff5cf39e2b393ed6c740442fee90294f2f0ed8850133071957bf95b5
            • Opcode Fuzzy Hash: 3489e34ec3ea617c2224262500d4622f26e36141858c33bc6a32ee42e0af61ed
            • Instruction Fuzzy Hash: EE410BB4A452099FDB24CF65D991BDABBF5FF09300F2441AAE904EB351EB70A941CF90
            APIs
            • DestroyWindow.USER32(?,?,?,?), ref: 00B36B49
            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00B36B85
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$DestroyMove
            • String ID: static
            • API String ID: 2139405536-2160076837
            • Opcode ID: c0e0d3e72507b367e624da9e51325702eaa8f1250296c644308cad0f7af18625
            • Instruction ID: b5a8518d788bd0825267c895a8afa6edea3234115f075095050cdf7cdc2367c0
            • Opcode Fuzzy Hash: c0e0d3e72507b367e624da9e51325702eaa8f1250296c644308cad0f7af18625
            • Instruction Fuzzy Hash: F5317C71100604AAEB109F64CC81AFBB7F9FF48720F208619F9A9D71A0DB30AC81CB60
            APIs
            • _memset.LIBCMT ref: 00B12C09
            • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00B12C44
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: InfoItemMenu_memset
            • String ID: 0
            • API String ID: 2223754486-4108050209
            • Opcode ID: 98f42cf787a8bfd40b9fe4d290ce7e9eb91c0e518da3a2c9fb69c9cd2060955d
            • Instruction ID: 0ffda901540bd8fe4873102638116e0660ff977d432d5c99ab4e3e2cf84a9fa3
            • Opcode Fuzzy Hash: 98f42cf787a8bfd40b9fe4d290ce7e9eb91c0e518da3a2c9fb69c9cd2060955d
            • Instruction Fuzzy Hash: 4531D731A002059FDF348F58D985BEEBBF5EF09350F6440A9EA85971A4D7709AA4CB90
            APIs
            • __snwprintf.LIBCMT ref: 00B23B7C
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: __snwprintf_memmove
            • String ID: , $$AUTOITCALLVARIABLE%d
            • API String ID: 3506404897-2584243854
            • Opcode ID: 01ff9059dc95075cc762b1fb63695e0797f4ce634911ae861325dc33addb7aa9
            • Instruction ID: fe73fbbc05386efe125c49a30cb64e8c63686d30d8c7a6fd26bdda6cb979d1ba
            • Opcode Fuzzy Hash: 01ff9059dc95075cc762b1fb63695e0797f4ce634911ae861325dc33addb7aa9
            • Instruction Fuzzy Hash: EF215231A00129AACF10EF64DD86EEE77F9FF45700F4044D5F505A7182DA78EA45CBA1
            APIs
            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B36793
            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B3679E
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: MessageSend
            • String ID: Combobox
            • API String ID: 3850602802-2096851135
            • Opcode ID: 554bcec0c116a2437a5b54ab2da281bda8190b47cf977d6e6c8f2898940d14f7
            • Instruction ID: 4a79cd5125b2375da0017a36f8dd107af90fbd6b8ee3d90925c31605c9bf9b6a
            • Opcode Fuzzy Hash: 554bcec0c116a2437a5b54ab2da281bda8190b47cf977d6e6c8f2898940d14f7
            • Instruction Fuzzy Hash: 1B11B675300108BFEF258F14CC81EBB37AAEB44368F608164F91497290DA319C5187A0
            APIs
              • Part of subcall function 00AB1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00AB1D73
              • Part of subcall function 00AB1D35: GetStockObject.GDI32(00000011), ref: 00AB1D87
              • Part of subcall function 00AB1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AB1D91
            • GetWindowRect.USER32(00000000,?), ref: 00B36CA3
            • GetSysColor.USER32(00000012), ref: 00B36CBD
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Window$ColorCreateMessageObjectRectSendStock
            • String ID: static
            • API String ID: 1983116058-2160076837
            • Opcode ID: 023ad820d41064d677e551e669e534f22101af29efb822ebdd5da3aea68315c9
            • Instruction ID: 15364b399439b59211d214fa90c390728f876cfe98b5bffd2a69a82618ff8d77
            • Opcode Fuzzy Hash: 023ad820d41064d677e551e669e534f22101af29efb822ebdd5da3aea68315c9
            • Instruction Fuzzy Hash: 5B21297291020AAFDB04DFA8DC45EFABBF8FB08314F115669F995D3250DA35E850DB50
            APIs
            • GetWindowTextLengthW.USER32(00000000), ref: 00B369D4
            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00B369E3
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: LengthMessageSendTextWindow
            • String ID: edit
            • API String ID: 2978978980-2167791130
            • Opcode ID: 1b41c07ed3c2f5728adb1288c8d58b91e365e483cecddfdccc6a4f4d63651abc
            • Instruction ID: ad69cf65e2a320057011dc703a4193b86f996271d1bffd89ed187b4b269ddbc5
            • Opcode Fuzzy Hash: 1b41c07ed3c2f5728adb1288c8d58b91e365e483cecddfdccc6a4f4d63651abc
            • Instruction Fuzzy Hash: A8116A71500205BBEF108E64DC85BFB37A9EB19368F718764FAA4971E0CA71EC909B60
            APIs
            • _memset.LIBCMT ref: 00B12D1A
            • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00B12D39
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: InfoItemMenu_memset
            • String ID: 0
            • API String ID: 2223754486-4108050209
            • Opcode ID: b346af7e2ed1e8d18b8daa3881d850752934444dfdec599a42a8898bab43f5d1
            • Instruction ID: e54bb61660b7ffb3f8afdb5dd1b0aa7b467b6140876d09fd7d8431c0b0fca242
            • Opcode Fuzzy Hash: b346af7e2ed1e8d18b8daa3881d850752934444dfdec599a42a8898bab43f5d1
            • Instruction Fuzzy Hash: DE11E231D01124ABCF20DB58E884BED77F9EB16300F9401B5ED15AB2A0E770AEA5C7D1
            APIs
            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00B22342
            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00B2236B
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: Internet$OpenOption
            • String ID: <local>
            • API String ID: 942729171-4266983199
            • Opcode ID: 986b9a9407ebf5c1ba1d90117cf94986861181d4468631e4a5dbdf4a5313b6e0
            • Instruction ID: d1c7adbc7302d547f801283955a66628c4ece04ff5af0be6f818c575adb61ea3
            • Opcode Fuzzy Hash: 986b9a9407ebf5c1ba1d90117cf94986861181d4468631e4a5dbdf4a5313b6e0
            • Instruction Fuzzy Hash: BF11CE70501235BEDB28CF119CC5EFAFBE8EB05351F1082AAF94996000D2786980C6F4
            APIs
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
              • Part of subcall function 00B0AEA4: GetClassNameW.USER32(?,?,000000FF), ref: 00B0AEC7
            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00B09135
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ClassMessageNameSend_memmove
            • String ID: ComboBox$ListBox
            • API String ID: 372448540-1403004172
            • Opcode ID: d8d153a4996e6d3ea2b3fffb9fac2054884f89c01bd18c635dcee29f7dbfc0b7
            • Instruction ID: c5b61a23fa27dcff3c7aeecf0f7d8a9ac1ce0fbe059757850648ee5e1a8b1ea0
            • Opcode Fuzzy Hash: d8d153a4996e6d3ea2b3fffb9fac2054884f89c01bd18c635dcee29f7dbfc0b7
            • Instruction Fuzzy Hash: 2501B171A45215ABCB04FBB4CC968FE7BADEF46360B140A99F832672D3DE356908C650
            APIs
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
              • Part of subcall function 00B0AEA4: GetClassNameW.USER32(?,?,000000FF), ref: 00B0AEC7
            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00B0902D
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ClassMessageNameSend_memmove
            • String ID: ComboBox$ListBox
            • API String ID: 372448540-1403004172
            • Opcode ID: 2b8797696d677b3ab8d3da452f0c9867da1968d65f13b951a64db1e7573efa01
            • Instruction ID: 79bce74e69ab9c3ae5831708a92bccd49ae400ec82e39aa4185422eaef9dc83d
            • Opcode Fuzzy Hash: 2b8797696d677b3ab8d3da452f0c9867da1968d65f13b951a64db1e7573efa01
            • Instruction Fuzzy Hash: 8C01F771A41204ABCB14EBB0CD96EFE77ECDF05340F240099B802632D3EE656E08D271
            APIs
              • Part of subcall function 00AB7F41: _memmove.LIBCMT ref: 00AB7F82
              • Part of subcall function 00B0AEA4: GetClassNameW.USER32(?,?,000000FF), ref: 00B0AEC7
            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00B090B0
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ClassMessageNameSend_memmove
            • String ID: ComboBox$ListBox
            • API String ID: 372448540-1403004172
            • Opcode ID: c2ff9a4a60a4975d1ea1d0fa38fdce24974ac0e00cf58d14ba558f4347071fa9
            • Instruction ID: 53161fb6ce32a842c27df7e85aef18e8a4b1420d4a6dcf5e2744e7aa3545ea1d
            • Opcode Fuzzy Hash: c2ff9a4a60a4975d1ea1d0fa38fdce24974ac0e00cf58d14ba558f4347071fa9
            • Instruction Fuzzy Hash: A801A771A45215A7CB04EA64CD86AFE77EC9F15340F2400957802632D3EE655E089271
            APIs
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: ClassName_wcscmp
            • String ID: #32770
            • API String ID: 2292705959-463685578
            • Opcode ID: 3230a23a85c101072fbc78999128450e56337b00dc5895907b4838f2a3057e81
            • Instruction ID: 38ca0c57cbb06be6bf96cc17ae7a6fad72276c3d6000361c8f62cd8d7f7070ae
            • Opcode Fuzzy Hash: 3230a23a85c101072fbc78999128450e56337b00dc5895907b4838f2a3057e81
            • Instruction Fuzzy Hash: 7DE0D873A0022D6BD7209B99AC49FA7FBECEB55770F000167FD04D3151E960DA4587E5
            APIs
              • Part of subcall function 00AEB494: _memset.LIBCMT ref: 00AEB4A1
              • Part of subcall function 00AD0AC0: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00AEB470,?,?,?,00AB100A), ref: 00AD0AC5
            • IsDebuggerPresent.KERNEL32(?,?,?,00AB100A), ref: 00AEB474
            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00AB100A), ref: 00AEB483
            Strings
            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00AEB47E
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
            • API String ID: 3158253471-631824599
            • Opcode ID: 656c4806e95a9fa82af15635f40c75ad8e47a9a9573857ac1e1d5bf09d69a1c9
            • Instruction ID: f9400932f01c04b2dc71ab2e0c91f369f3c0dfbef9ad1e0824804d64c37ffdf0
            • Opcode Fuzzy Hash: 656c4806e95a9fa82af15635f40c75ad8e47a9a9573857ac1e1d5bf09d69a1c9
            • Instruction Fuzzy Hash: 83E06D746107528FD3309F29D9087477BE4AB04304F0189ADE886C37A2EBB4D448CBA1
            APIs
            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B359D7
            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00B359EA
              • Part of subcall function 00B152EB: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B15363
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FindMessagePostSleepWindow
            • String ID: Shell_TrayWnd
            • API String ID: 529655941-2988720461
            • Opcode ID: 6ec23254df1ab296c6122a29300590c02b66f8860d4fe33dbcb475d7e30d5f0a
            • Instruction ID: 158a516478ef8d8c953b28c53e552b34ec171946dfddf4604895c5d77c6ffd2f
            • Opcode Fuzzy Hash: 6ec23254df1ab296c6122a29300590c02b66f8860d4fe33dbcb475d7e30d5f0a
            • Instruction Fuzzy Hash: 69D0A932780302B6E274AB309C0BFEB2A50FB20B00F100834B246AB0E0CCE0A840C660
            APIs
            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B35A17
            • PostMessageW.USER32(00000000), ref: 00B35A1E
              • Part of subcall function 00B152EB: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00B15363
            Strings
            Memory Dump Source
            • Source File: 00000000.00000002.1693515013.0000000000AB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AB0000, based on PE: true
            • Associated: 00000000.00000002.1693499253.0000000000AB0000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B3F000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693563251.0000000000B64000.00000002.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693605618.0000000000B6E000.00000004.00000001.01000000.00000003.sdmpDownload File
            • Associated: 00000000.00000002.1693623268.0000000000B77000.00000002.00000001.01000000.00000003.sdmpDownload File
            Joe Sandbox IDA Plugin
            • Snapshot File: hcaresult_0_2_ab0000_z37CurriculumVitaeIsabelGonzalez.jbxd
            Similarity
            • API ID: FindMessagePostSleepWindow
            • String ID: Shell_TrayWnd
            • API String ID: 529655941-2988720461
            • Opcode ID: afe236ba7e14d52cad90f4b7dc29b22b7ef2a4093b8e9fc73c136fb7bf1cbbc0
            • Instruction ID: 9fe367f1eccd1bd7970ca2fa5f12e777dae690a62f315c2088e1caad4c3cb269
            • Opcode Fuzzy Hash: afe236ba7e14d52cad90f4b7dc29b22b7ef2a4093b8e9fc73c136fb7bf1cbbc0
            • Instruction Fuzzy Hash: 01D0C932780712BAE674AB709C0BFEB6655FB64B50F110975B256EB1E0CDE4A840C664