Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VmjvNTbD5J.exe

Overview

General Information

Sample name:VmjvNTbD5J.exe
renamed because original name is a hash value
Original sample name:8ed2ebe94abc2758e4db53c476f8b7a69b5436fe176cba112802990547c5bb24.exe
Analysis ID:1586717
MD5:ab660c89d26121d4041874614646fd75
SHA1:586cb1d772f7f559786f4f5b2420e5ba5806815b
SHA256:8ed2ebe94abc2758e4db53c476f8b7a69b5436fe176cba112802990547c5bb24
Tags:exeuser-crep1x
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64
  • VmjvNTbD5J.exe (PID: 7500 cmdline: "C:\Users\user\Desktop\VmjvNTbD5J.exe" MD5: AB660C89D26121D4041874614646FD75)
    • VmjvNTbD5J.exe (PID: 7560 cmdline: "C:\Windows\TEMP\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe" -burn.clean.room="C:\Users\user\Desktop\VmjvNTbD5J.exe" -burn.filehandle.attached=568 -burn.filehandle.self=548 MD5: B153C388223577EA044ACA3908BE2935)
      • WebCopier.exe (PID: 7584 cmdline: C:\Windows\TEMP\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe MD5: E2A27870BA4DA90DF6276C4DA9E3CF82)
        • WebCopier.exe (PID: 7636 cmdline: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe MD5: E2A27870BA4DA90DF6276C4DA9E3CF82)
          • cmd.exe (PID: 7656 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • EKU_Make_debug_v4.exe (PID: 8088 cmdline: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe MD5: 967F4470627F823F4D7981E511C9824F)
  • WebCopier.exe (PID: 8160 cmdline: "C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe" MD5: E2A27870BA4DA90DF6276C4DA9E3CF82)
    • cmd.exe (PID: 8176 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • EKU_Make_debug_v4.exe (PID: 5392 cmdline: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe MD5: 967F4470627F823F4D7981E511C9824F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WCUtil.dllReversingLabs: Detection: 43%
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WCUtil.dllReversingLabs: Detection: 43%
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeReversingLabs: Detection: 58%
Multi AV Scanner detection for submitted file
Source: VmjvNTbD5J.exeReversingLabs: Detection: 47%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\gkjmkrwgmJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\cjglcikhvjgpclJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DD44CC DecryptFileW,0_2_00007FF7D0DD44CC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E173D0 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,0_2_00007FF7D0E173D0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DD4460 DecryptFileW,0_2_00007FF7D0DD4460
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DD2AEC CreateFileW,GetLastError,DecryptFileW,CloseHandle,0_2_00007FF7D0DD2AEC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DD2D04 CreateFileW,GetLastError,DecryptFileW,CloseHandle,0_2_00007FF7D0DD2D04
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DD40C4 DecryptFileW,0_2_00007FF7D0DD40C4
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D644CC DecryptFileW,2_2_00007FF6B4D644CC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DA73D0 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,2_2_00007FF6B4DA73D0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D64460 DecryptFileW,2_2_00007FF6B4D64460
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D640C4 DecryptFileW,2_2_00007FF6B4D640C4
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D62AEC CreateFileW,GetLastError,DecryptFileW,CloseHandle,2_2_00007FF6B4D62AEC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D62D04 CreateFileW,GetLastError,DecryptFileW,CloseHandle,2_2_00007FF6B4D62D04
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1000A940 ?IsEncrypted@CZipFileHeader@@QAE_NXZ,3_2_1000A940
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10006140 ?CryptDecodeBuffer@CZipArchive@@IAEXK@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?IsEncrypted@CZipFileHeader@@QAE_NXZ,?CryptDecode@CZipArchive@@IAEXAAD@Z,3_2_10006140
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10005980 ?CryptInitKeys@CZipArchive@@IAEXXZ,?CryptUpdateKeys@CZipArchive@@IAEXD@Z,3_2_10005980
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_100059D0 ?CryptUpdateKeys@CZipArchive@@IAEXD@Z,?CryptCRC32@CZipArchive@@IAEKKD@Z,?CryptCRC32@CZipArchive@@IAEKKD@Z,3_2_100059D0
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10005A30 ?CryptCheck@CZipArchive@@IAE_NXZ,?CryptDecode@CZipArchive@@IAEXAAD@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?IsDataDescr@CZipFileHeader@@QAE_NXZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,3_2_10005A30
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_100032A0 ?OpenNewFile@CZipArchive@@QAE_NAAVCZipFileHeader@@HPBD@Z,?IsClosed@CZipArchive@@QAE_N_N@Z,?GetNoEntries@CZipArchive@@QAEHXZ,?SetTime@CZipFileHeader@@QAEXABJ@Z,?SetFileHeaderAttr@CZipArchive@@QAEXAAVCZipFileHeader@@K@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?GetFileName@CZipFileHeader@@QAE?AVCZipString@@XZ,?GetNoEntries@CZipArchive@@QAEHXZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?SetFileName@CZipFileHeader@@QAE_NPBD@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?IsDirectory@CZipFileHeader@@QAE_NXZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?PrepareData@CZipFileHeader@@IAE_NH_N0@Z,?ThrowError@CZipArchive@@IAEXH_N@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?WriteLocal@CZipFileHeader@@IAEXAAVCZipStorage@@@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?SetFileName@CZipFileHeader@@QAE_NPBD@Z,?CryptCryptHeader@CZipArchive@@IAEXJAAVCZipAutoBuffer@@@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CheckForError@CZipArchive@@IAEXH@Z,3_2_100032A0
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_100042F0 ?WriteNewFile@CZipArchive@@QAE_NPBXK@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CryptEncodeBuffer@CZipArchive@@IAEXXZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CheckForError@CZipArchive@@IAEXH@Z,3_2_100042F0
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10005B00 ?CryptDecryptByte@CZipArchive@@IAEDXZ,3_2_10005B00
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10005B20 ?CryptDecode@CZipArchive@@IAEXAAD@Z,?CryptDecryptByte@CZipArchive@@IAEDXZ,?CryptUpdateKeys@CZipArchive@@IAEXD@Z,3_2_10005B20
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10008350 CreateFileMappingA,MapViewOfFile,UnmapViewOfFile,CloseHandle,?IsEncrypted@CZipFileHeader@@QAE_NXZ,?GetCrcAndSizes@CZipFileHeader@@IAEXPAD@Z,UnmapViewOfFile,CloseHandle,UnmapViewOfFile,CloseHandle,3_2_10008350
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10002BC0 ?OpenFile@CZipArchive@@QAE_NG@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?IsEncrypted@CZipFileHeader@@QAE_NXZ,?CryptInitKeys@CZipArchive@@IAEXXZ,?CryptCheck@CZipArchive@@IAE_NXZ,?ThrowError@CZipArchive@@IAEXH_N@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?ThrowError@CZipArchive@@IAEXH_N@Z,?CheckForError@CZipArchive@@IAEXH@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?IsEncrypted@CZipFileHeader@@QAE_NXZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,3_2_10002BC0
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10004410 ?CloseNewFile@CZipArchive@@QAE_NXZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CryptEncodeBuffer@CZipArchive@@IAEXXZ,?CheckForError@CZipArchive@@IAEXH@Z,?CryptEncodeBuffer@CZipArchive@@IAEXXZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CheckForError@CZipArchive@@IAEXH@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?EmptyPtrList@CZipArchive@@IAEXXZ,3_2_10004410
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10005C70 ?CryptCRC32@CZipArchive@@IAEKKD@Z,3_2_10005C70
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10005CA0 ?CryptCryptHeader@CZipArchive@@IAEXJAAVCZipAutoBuffer@@@Z,?CryptInitKeys@CZipArchive@@IAEXXZ,GetTickCount,_rand,?CryptEncode@CZipArchive@@IAEXAAD@Z,?CryptEncode@CZipArchive@@IAEXAAD@Z,?CryptEncode@CZipArchive@@IAEXAAD@Z,3_2_10005CA0
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10007D40 ?IsEncrypted@CZipFileHeader@@QAE_NXZ,?IsDataDescr@CZipFileHeader@@QAE_NXZ,?GetCrcAndSizes@CZipFileHeader@@IAEXPAD@Z,3_2_10007D40
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10005D50 ?CryptEncode@CZipArchive@@IAEXAAD@Z,?CryptDecryptByte@CZipArchive@@IAEDXZ,?CryptUpdateKeys@CZipArchive@@IAEXD@Z,3_2_10005D50
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10005D80 ?CryptEncodeBuffer@CZipArchive@@IAEXXZ,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?IsEncrypted@CZipFileHeader@@QAE_NXZ,?CryptEncode@CZipArchive@@IAEXAAD@Z,3_2_10005D80
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10005DF0 ?TestFile@CZipArchive@@QAE_NGP6A_NKHPAX@Z0K@Z,?IsDirectory@CZipFileHeader@@QAE_NXZ,?IsEncrypted@CZipFileHeader@@QAE_NXZ,?OpenFile@CZipArchive@@QAE_NG@Z,?ReadFile@CZipArchive@@QAEKPAXK@Z,?CloseFile@CZipArchive@@QAEHPBD_N@Z,3_2_10005DF0
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10002E60 ?ReadFile@CZipArchive@@QAEKPAXK@Z,?CryptDecodeBuffer@CZipArchive@@IAEXK@Z,?CurrentFile@CZipArchive@@IAEPAVCZipFileHeader@@XZ,?CheckForError@CZipArchive@@IAEXH@Z,3_2_10002E60
Source: VmjvNTbD5J.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x64\burn.pdb source: VmjvNTbD5J.exe
Source: Binary string: C:\My_Programs\WebCopier\Exe\V7_0\WebCopier.pdb source: WebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: ntdll.pdb source: EKU_Make_debug_v4.exe, 00000009.00000002.3001373009.00000000046AC000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001542627.00000000048A0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002065573.0000000004EA9000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001198646.00000000044A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002250833.00000000050A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004439300.00000000064A4000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004667724.00000000066AF000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001714216.0000000004AAD000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000662123.0000000003EA3000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004087048.00000000060A7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003698316.0000000005CA8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000833922.00000000040A5000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004947450.00000000068A6000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998828712.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002876792.00000000056AB000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000488243.0000000003CA0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003208698.00000000058A0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004259270.00000000062A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005594919.0000000006EA7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005425221.0000000006CA4000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002645344.00000000054A2000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001885954.0000000004CA1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005980111.00000000072A8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003427347.0000000005AA8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005221373.0000000006AA7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002432095.00000000052A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003901700.0000000005EA3000.00000004.00000001.00020000.
Source: Binary string: wntdll.pdbUGP source: WebCopier.exe, 00000003.00000002.1420101772.0000000009ED7000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1421460871.000000000A230000.00000004.00000800.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1477725701.000000000A070000.00000004.00000800.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1479510073.000000000A42B000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1477141252.0000000009D16000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1765225304.0000000005B30000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764722457.0000000005263000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1849383044.000000000A4BE000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1848705657.0000000009DA9000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1848922684.000000000A100000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2066944321.0000000004E72000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067464478.0000000005740000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: EKU_Make_debug_v4.exe, 00000009.00000002.3001373009.00000000046AC000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001542627.00000000048A0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002065573.0000000004EA9000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001198646.00000000044A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002250833.00000000050A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004439300.00000000064A4000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004667724.00000000066AF000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001714216.0000000004AAD000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000662123.0000000003EA3000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004087048.00000000060A7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003698316.0000000005CA8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000833922.00000000040A5000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004947450.00000000068A6000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998828712.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002876792.00000000056AB000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000488243.0000000003CA0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003208698.00000000058A0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004259270.00000000062A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005594919.0000000006EA7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005425221.0000000006CA4000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002645344.00000000054A2000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001885954.0000000004CA1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005980111.00000000072A8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003427347.0000000005AA8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005221373.0000000006AA7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002432095.00000000052A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003901700.0000000005EA3000.00000004.00000001.000200
Source: Binary string: wntdll.pdb source: WebCopier.exe, 00000003.00000002.1420101772.0000000009ED7000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1421460871.000000000A230000.00000004.00000800.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1477725701.000000000A070000.00000004.00000800.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1479510073.000000000A42B000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1477141252.0000000009D16000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1765225304.0000000005B30000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764722457.0000000005263000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1849383044.000000000A4BE000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1848705657.0000000009DA9000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1848922684.000000000A100000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2066944321.0000000004E72000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067464478.0000000005740000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x64\burn.pdb2 source: VmjvNTbD5J.exe
Source: Binary string: f:\cb\11x_main\producers\distiller\products\adobe\plugins\rndrng\wxp\objfre_wnet_amd64\amd64\AdReGP.pdb source: VmjvNTbD5J.exe, VmjvNTbD5J.exe, 00000002.00000002.1696085346.0000000065041000.00000020.00000001.01000000.00000006.sdmp
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DB72AC GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_00007FF7D0DB72AC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E22798 FindFirstFileW,FindClose,0_2_00007FF7D0E22798
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E0E914 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7D0E0E914
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DD3CF8 FindFirstFileW,FindNextFileW,FindClose,0_2_00007FF7D0DD3CF8
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DB2798 FindFirstFileW,FindClose,2_2_00007FF6B4DB2798
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D9E914 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6B4D9E914
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D472AC GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,2_2_00007FF6B4D472AC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D63CF8 FindFirstFileW,FindNextFileW,FindClose,2_2_00007FF6B4D63CF8
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_100145C2 FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,3_2_100145C2
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000A5E0 GetDlgItem,SendMessageW,SendMessageW,SendMessageW,wsprintfW,GetClientRect,SendMessageW,FindFirstFileW,lstrlenW,SendMessageW,FindNextFileW,FindClose,9_2_000000014000A5E0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140007628 FindClose,lstrlenW,lstrcpyW,FindFirstFileW,GetFullPathNameW,FindClose,SetLastError,lstrlenW,9_2_0000000140007628
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000D848 GetLogicalDriveStringsW,GetDlgItem,GetDriveTypeW,_cwprintf_s_l,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SHGetSpecialFolderPathW,lstrlenW,SHGetSpecialFolderPathW,lstrlenW,SendMessageW,SendMessageW,GetDlgItem,SendMessageW,SendMessageW,GetDlgItem,SendMessageW,RegOpenKeyExW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,SendMessageW,SendMessageW,SendMessageW,RegCloseKey,9_2_000000014000D848
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 4x nop then push esi3_2_10004AB0
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 4x nop then push ecx3_2_10004D80
Source: global trafficTCP traffic: 192.168.2.9:51156 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: WebCopier.exe, 00000003.00000002.1413193628.000000000087D000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000002.1472271380.000000000087D000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838638872.000000000087D000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.youtube.com/watch?v=******* equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: plerukilo0.site
Source: WebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: ftp://Welcome.htm_WCerror
Source: VmjvNTbD5J.exeString found in binary or memory: http://appsyndication.org/2006/appsyn
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=305594530Khttp://itunes.apple.com/
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: VmjvNTbD5J.exe, 00000000.00000003.1698652199.000001D76B17A000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1697259350.000001D76B17A000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385597811.000001D76B138000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385597811.000001D76B17A000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1698224633.000001D76CF80000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385828002.000001D76B12F000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385933234.000001D76B12F000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385933234.000001D76B17A000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000002.1696755735.00000215C4A70000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000002.1696823222.00000215C4C10000.00000004.00000800.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2B98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/2008/Burn
Source: VmjvNTbD5J.exe, 00000002.00000002.1696823222.00000215C4C10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/2008/BurnH
Source: VmjvNTbD5J.exe, 00000000.00000003.1697808958.000001D76D319000.00000004.00000800.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1697832607.000001D76D318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/2008/Burnp
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/BootstrapperApplicationData
Source: VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BAB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/schemas/v4/BundleExtensionData
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000000.1682136450.00000001401E0000.00000002.00000001.01000000.00000010.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401E0000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.???.xx/?search=%s
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: WebCopier.exe, 00000003.00000002.1418759897.00000000096EA000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.0000000009689000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.00000000055CA000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027A4000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.00000000096F6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.00000000051DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
Source: VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000002.1413193628.000000000087D000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.000000000087D000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838638872.000000000087D000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/downloads/
Source: VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/index_buy.html
Source: VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/index_skins.html
Source: VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/index_support.html7
Source: VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/index_support.htmlgClick
Source: VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/index_transl.html
Source: WebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/products/wc/tour_win_iet.htm
Source: WebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/products/wc/tour_win_nt.htm
Source: WebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/products/wc/tour_win_t.htm
Source: WebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.maximumsoft.com/products/wc/tour_win_t.htmhttp://www.maximumsoft.com/products/wc/tour_win
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000000.1682136450.00000001401E0000.00000002.00000001.01000000.00000010.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401E0000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.com
Source: EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.com/?Download=Find.Same.Images.OK
Source: EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.com/?Freeware/Find.Same.Images.OK
Source: EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.com/?Freeware/Find.Same.Images.OK/History
Source: EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.com/?seite=faq-Find.Same.Images.OK&faq=0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000000.1682136450.00000001401E0000.00000002.00000001.01000000.00000010.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401E0000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.de
Source: EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.de/?Download=Find.Same.Images.OK
Source: EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.de/?Freeware/Find.Same.Images.OK
Source: EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.de/?Freeware/Find.Same.Images.OK/History
Source: EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.softwareok.de/?seite=faq-Find.Same.Images.OK&faq=0
Source: EKU_Make_debug_v4.exe, 00000011.00000000.1981389461.0000000140156000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: http://www.surfok.de/
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: EKU_Make_debug_v4.exe, 00000011.00000003.3123828653.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/1)A0(
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/5
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2337496455.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2337141569.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2257429875.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/5)M0)
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2643478415.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/9
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2417709451.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/9)I0
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2097641487.0000000000532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/=)U0
Source: EKU_Make_debug_v4.exe, 00000011.00000003.3043954128.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.3124215128.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.3123828653.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/A
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2643195794.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2563439096.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/E
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2738401497.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2658049768.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998470735.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818350080.0000000000539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/E)
Source: EKU_Make_debug_v4.exe, 00000011.00000003.3123828653.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/G
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/GM
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2963860230.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/IA
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2738401497.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2658049768.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2177450891.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2257429875.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/M)E0
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2643478415.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/Q
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/Q)a0
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/S
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2738401497.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998470735.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818350080.0000000000539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/Se)
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998470735.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/U
Source: EKU_Make_debug_v4.exe, 00000009.00000002.2998470735.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/U)m0
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/Y
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2643478415.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.3124215128.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/e
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2963860230.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2483381818.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2563439096.0000000000469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/i
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2417709451.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/i)
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2482573056.0000000000471000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2402949621.000000000046F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/m
Source: EKU_Make_debug_v4.exe, 00000009.00000002.2998698321.0000000000896000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/proprietes
Source: EKU_Make_debug_v4.exe, 00000009.00000002.2998698321.0000000000896000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/proprietes2.40
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2403029365.000000000044D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/proprietes?hnjw3jwgcrj=viecBZ17TbrJ0plncMPhyySmKom8GzHFEOPa51csL1qYzU39OAnqM
Source: EKU_Make_debug_v4.exe, 00000009.00000002.2998698321.0000000000896000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/proprietesGHz
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2658049768.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2417709451.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site/u)
Source: EKU_Make_debug_v4.exe, 00000011.00000003.3043954128.0000000000483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site:443
Source: EKU_Make_debug_v4.exe, 00000009.00000002.2998251246.00000000004BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site:443/proprietes?hnjw3jwgcrj=viecBZ17TbrJ0plncMPhyySmKom8GzHFEOPa51csL1qYzU39O
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2643195794.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2563439096.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2483381818.0000000000483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site:443D
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2883525042.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2963563397.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2963860230.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.3043954128.0000000000483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site:443RR
Source: EKU_Make_debug_v4.exe, 00000009.00000002.2998470735.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2738401497.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818350080.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site:443X
Source: EKU_Make_debug_v4.exe, 00000011.00000003.2963860230.0000000000483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site:443_
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2337496455.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2257429875.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2337141569.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2417288895.0000000000540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site:443lRZ0
Source: EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.0000000000540000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://plerukilo0.site:443o;
Source: VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: WebCopier.exe, 00000003.00000002.1413193628.000000000087D000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000002.1472271380.000000000087D000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838638872.000000000087D000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://www.youtube.com/watch?v=
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140007860 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SetClipboardData,CloseClipboard,9_2_0000000140007860
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140007860 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SetClipboardData,CloseClipboard,9_2_0000000140007860
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140007274 GetDlgItem,GetDlgItem,GetWindowRect,ScreenToClient,ScreenToClient,GetClientRect,CreateDIBSection,GetDC,CreateCompatibleDC,SelectObject,SelectObject,ReleaseDC,SendMessageW,9_2_0000000140007274
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400038A8 KillTimer,GetAsyncKeyState,SetTimer,9_2_00000001400038A8
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014011FF38 CreateFileW,malloc,ReadFile,NtClose,9_2_000000014011FF38
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeFile deleted: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DB72AC0_2_00007FF7D0DB72AC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DC02380_2_00007FF7D0DC0238
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DB94640_2_00007FF7D0DB9464
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DD1BE00_2_00007FF7D0DD1BE0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DCEB980_2_00007FF7D0DCEB98
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DB9C840_2_00007FF7D0DB9C84
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DB4D480_2_00007FF7D0DB4D48
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DEF1E40_2_00007FF7D0DEF1E4
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DF81840_2_00007FF7D0DF8184
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DE81800_2_00007FF7D0DE8180
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DBB1400_2_00007FF7D0DBB140
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DC22840_2_00007FF7D0DC2284
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DDB24C0_2_00007FF7D0DDB24C
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E173D00_2_00007FF7D0E173D0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E2A3AC0_2_00007FF7D0E2A3AC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E163980_2_00007FF7D0E16398
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DE93B40_2_00007FF7D0DE93B4
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E2C3640_2_00007FF7D0E2C364
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E084BC0_2_00007FF7D0E084BC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E094A00_2_00007FF7D0E094A0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DCC5C80_2_00007FF7D0DCC5C8
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E086C80_2_00007FF7D0E086C8
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DC47F80_2_00007FF7D0DC47F8
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DF37AC0_2_00007FF7D0DF37AC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E0D77C0_2_00007FF7D0E0D77C
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E0E9140_2_00007FF7D0E0E914
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E088D40_2_00007FF7D0E088D4
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E258AC0_2_00007FF7D0E258AC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E118300_2_00007FF7D0E11830
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E1B9E00_2_00007FF7D0E1B9E0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DFEAC00_2_00007FF7D0DFEAC0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E0BA800_2_00007FF7D0E0BA80
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E2AA500_2_00007FF7D0E2AA50
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DEBA3C0_2_00007FF7D0DEBA3C
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DE7D100_2_00007FF7D0DE7D10
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E27D000_2_00007FF7D0E27D00
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E11CCC0_2_00007FF7D0E11CCC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E0CC680_2_00007FF7D0E0CC68
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DEDC200_2_00007FF7D0DEDC20
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DC9C1C0_2_00007FF7D0DC9C1C
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DEFC300_2_00007FF7D0DEFC30
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DB7D600_2_00007FF7D0DB7D60
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DECD540_2_00007FF7D0DECD54
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DFAEF00_2_00007FF7D0DFAEF0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E21ED00_2_00007FF7D0E21ED0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E02E580_2_00007FF7D0E02E58
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DF2E380_2_00007FF7D0DF2E38
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E0D0FC0_2_00007FF7D0E0D0FC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DFA0F00_2_00007FF7D0DFA0F0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DCB0680_2_00007FF7D0DCB068
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_650422302_2_65042230
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_650436C82_2_650436C8
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_650440D42_2_650440D4
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_650458FC2_2_650458FC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D502382_2_00007FF6B4D50238
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D494642_2_00007FF6B4D49464
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D44D482_2_00007FF6B4D44D48
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D5EB982_2_00007FF6B4D5EB98
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D49C842_2_00007FF6B4D49C84
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D5C5C82_2_00007FF6B4D5C5C8
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D986C82_2_00007FF6B4D986C8
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DA18302_2_00007FF6B4DA1830
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D547F82_2_00007FF6B4D547F8
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D837AC2_2_00007FF6B4D837AC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D9D77C2_2_00007FF6B4D9D77C
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D9E9142_2_00007FF6B4D9E914
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D988D42_2_00007FF6B4D988D4
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DB58AC2_2_00007FF6B4DB58AC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D7F1E42_2_00007FF6B4D7F1E4
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D881842_2_00007FF6B4D88184
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D781802_2_00007FF6B4D78180
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D4B1402_2_00007FF6B4D4B140
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D472AC2_2_00007FF6B4D472AC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D522842_2_00007FF6B4D52284
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D6B24C2_2_00007FF6B4D6B24C
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DA73D02_2_00007FF6B4DA73D0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DA63982_2_00007FF6B4DA6398
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D793B42_2_00007FF6B4D793B4
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DBA3AC2_2_00007FF6B4DBA3AC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DBC3642_2_00007FF6B4DBC364
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D984BC2_2_00007FF6B4D984BC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D994A02_2_00007FF6B4D994A0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D47D602_2_00007FF6B4D47D60
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D7CD542_2_00007FF6B4D7CD54
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D8AEF02_2_00007FF6B4D8AEF0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DB1ED02_2_00007FF6B4DB1ED0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D92E582_2_00007FF6B4D92E58
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D82E382_2_00007FF6B4D82E38
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D9D0FC2_2_00007FF6B4D9D0FC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D8A0F02_2_00007FF6B4D8A0F0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D5B0682_2_00007FF6B4D5B068
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DAB9E02_2_00007FF6B4DAB9E0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D8EAC02_2_00007FF6B4D8EAC0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D9BA802_2_00007FF6B4D9BA80
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D7BA3C2_2_00007FF6B4D7BA3C
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DBAA502_2_00007FF6B4DBAA50
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D59C1C2_2_00007FF6B4D59C1C
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D7DC202_2_00007FF6B4D7DC20
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D7FC302_2_00007FF6B4D7FC30
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D61BE02_2_00007FF6B4D61BE0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DB7D002_2_00007FF6B4DB7D00
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D77D102_2_00007FF6B4D77D10
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DA1CCC2_2_00007FF6B4DA1CCC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D9CC682_2_00007FF6B4D9CC68
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_100100903_2_10010090
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1000D9003_2_1000D900
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1000E9603_2_1000E960
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_100111803_2_10011180
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1000FA1E3_2_1000FA1E
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10016A983_2_10016A98
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1001F3B73_2_1001F3B7
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1000DDC03_2_1000DDC0
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10011DD03_2_10011DD0
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1000EE003_2_1000EE00
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10012E103_2_10012E10
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_100117003_2_10011700
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10013F403_2_10013F40
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1000F7CE3_2_1000F7CE
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000BFFC9_2_000000014000BFFC
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014001D0009_2_000000014001D000
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000B8249_2_000000014000B824
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014002F8389_2_000000014002F838
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000D8489_2_000000014000D848
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400210689_2_0000000140021068
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000909C9_2_000000014000909C
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400238F89_2_00000001400238F8
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014001A9B89_2_000000014001A9B8
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400041C89_2_00000001400041C8
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400231CC9_2_00000001400231CC
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140021A009_2_0000000140021A00
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000E2149_2_000000014000E214
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140024A789_2_0000000140024A78
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014001F2A49_2_000000014001F2A4
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000A3789_2_000000014000A378
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140122B989_2_0000000140122B98
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400133909_2_0000000140013390
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140020BB89_2_0000000140020BB8
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400014249_2_0000000140001424
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140008C3C9_2_0000000140008C3C
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400054509_2_0000000140005450
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000D4589_2_000000014000D458
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014011B4509_2_000000014011B450
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014001048C9_2_000000014001048C
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400EE4C49_2_00000001400EE4C4
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400FC53C9_2_00000001400FC53C
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000A5E09_2_000000014000A5E0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140022E309_2_0000000140022E30
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014002267C9_2_000000014002267C
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014001AE889_2_000000014001AE88
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140011EF49_2_0000000140011EF4
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400FF7149_2_00000001400FF714
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014001DF449_2_000000014001DF44
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140040F489_2_0000000140040F48
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400187909_2_0000000140018790
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDF2E309_2_00007FF60CDF2E30
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEC5809_2_00007FF60CDEC580
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEAD409_2_00007FF60CDEAD40
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE667809_2_00007FF60CE66780
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE66A609_2_00007FF60CE66A60
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEB3609_2_00007FF60CDEB360
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CEF4B609_2_00007FF60CEF4B60
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEF5309_2_00007FF60CDEF530
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDECCF09_2_00007FF60CDECCF0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE44509_2_00007FF60CDE4450
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CF746A09_2_00007FF60CF746A0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE95A09_2_00007FF60CDE95A0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE205809_2_00007FF60CE20580
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE32D409_2_00007FF60CE32D40
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE26A09_2_00007FF60CDE26A0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE7F309_2_00007FF60CDE7F30
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEA7109_2_00007FF60CDEA710
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEF6A09_2_00007FF60CDEF6A0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE26A09_2_00007FF60CDE26A0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE35EA09_2_00007FF60CE35EA0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEBE809_2_00007FF60CDEBE80
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CEF4E909_2_00007FF60CEF4E90
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE65E909_2_00007FF60CE65E90
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDECCF09_2_00007FF60CDECCF0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE8FD09_2_00007FF60CDE8FD0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE20F909_2_00007FF60CE20F90
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE87409_2_00007FF60CDE8740
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE637509_2_00007FF60CE63750
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE0DF409_2_00007FF60CE0DF40
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE26A09_2_00007FF60CDE26A0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE661209_2_00007FF60CE66120
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE331109_2_00007FF60CE33110
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE48F09_2_00007FF60CDE48F0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE9CD09_2_00007FF60CDE9CD0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CEF48D09_2_00007FF60CEF48D0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE88D09_2_00007FF60CDE88D0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE80809_2_00007FF60CDE8080
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE40409_2_00007FF60CDE4040
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE362009_2_00007FF60CE36200
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE99D09_2_00007FF60CDE99D0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE79C89_2_00007FF60CDE79C8
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE419F9_2_00007FF60CDE419F
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE329B09_2_00007FF60CE329B0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE41409_2_00007FF60CDE4140
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE83009_2_00007FF60CDE8300
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEEAFC9_2_00007FF60CDEEAFC
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE1B069_2_00007FF60CDE1B06
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEFAE09_2_00007FF60CDEFAE0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE0B2F09_2_00007FF60CE0B2F0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE92B09_2_00007FF60CDE92B0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CEB82929_2_00007FF60CEB8292
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEDA909_2_00007FF60CDEDA90
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE99D09_2_00007FF60CDE99D0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE942409_2_00007FF60CE94240
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE7C009_2_00007FF60CDE7C00
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDED3E09_2_00007FF60CDED3E0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CF013D09_2_00007FF60CF013D0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEA3B09_2_00007FF60CDEA3B0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE13609_2_00007FF60CDE1360
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE0BB709_2_00007FF60CE0BB70
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE1B3A9_2_00007FF60CDE1B3A
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDF23409_2_00007FF60CDF2340
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE1B3A9_2_00007FF60CDE1B3A
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDF0D009_2_00007FF60CDF0D00
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE1E5109_2_00007FF60CE1E510
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE44509_2_00007FF60CDE4450
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CEE44E09_2_00007FF60CEE44E0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE9CD09_2_00007FF60CDE9CD0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE20CB09_2_00007FF60CE20CB0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDEDC809_2_00007FF60CDEDC80
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE364909_2_00007FF60CE36490
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CE664909_2_00007FF60CE66490
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CEE4C709_2_00007FF60CEE4C70
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: String function: 00007FF7D0DB12B4 appears 394 times
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: String function: 00007FF7D0DB12B0 appears 359 times
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: String function: 00007FF7D0E1E988 appears 89 times
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: String function: 00007FF7D0DBC0C0 appears 65 times
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: String function: 00007FF7D0DB31DC appears 50 times
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: String function: 00007FF6B4DAE988 appears 89 times
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: String function: 00007FF6B4D412B0 appears 359 times
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: String function: 00007FF6B4D412B4 appears 394 times
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: String function: 00007FF6B4D4C0C0 appears 65 times
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: String function: 00007FF6B4D431DC appears 50 times
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: String function: 00007FF60CDEF6A0 appears 51 times
Source: EKU_Make_debug_v4.exe.5.drStatic PE information: Resource name: ZIP type: Zip archive data (empty)
Source: cjglcikhvjgpcl.5.drStatic PE information: Number of sections : 12 > 10
Source: gkjmkrwgm.11.drStatic PE information: Number of sections : 12 > 10
Source: VmjvNTbD5J.exeBinary or memory string: OriginalFilename vs VmjvNTbD5J.exe
Source: VmjvNTbD5J.exe, 00000000.00000000.1385019052.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamethresh.exe8 vs VmjvNTbD5J.exe
Source: VmjvNTbD5J.exeBinary or memory string: OriginalFilename vs VmjvNTbD5J.exe
Source: VmjvNTbD5J.exe, 00000002.00000002.1697061156.00007FF6B4E00000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamethresh.exe8 vs VmjvNTbD5J.exe
Source: VmjvNTbD5J.exe, 00000002.00000002.1696134043.0000000065049000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenameADREGP.DLLV vs VmjvNTbD5J.exe
Source: VmjvNTbD5J.exeBinary or memory string: OriginalFilenamethresh.exe8 vs VmjvNTbD5J.exe
Source: classification engineClassification label: mal84.evad.winEXE@18/20@14/0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E17928 FormatMessageW,GetLastError,LocalFree,0_2_00007FF7D0E17928
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E18F38 LookupPrivilegeValueW,GetLastError,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,0_2_00007FF7D0E18F38
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DA8F38 LookupPrivilegeValueW,GetLastError,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,CloseHandle,2_2_00007FF6B4DA8F38
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1000B320 GetDiskFreeSpaceA,3_2_1000B320
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E1E4B8 GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess,0_2_00007FF7D0E1E4B8
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E26D00 FindResourceExA,GetLastError,LoadResource,GetLastError,SizeofResource,GetLastError,LockResource,GetLastError,0_2_00007FF7D0E26D00
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DF3D48 ChangeServiceConfigW,GetLastError,0_2_00007FF7D0DF3D48
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeFile created: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7664:120:WilError_03
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeFile created: C:\Users\user\AppData\Local\Temp\Acupressure_20250109085441.cleanroom.logJump to behavior
Source: VmjvNTbD5J.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: VmjvNTbD5J.exeReversingLabs: Detection: 47%
Source: VmjvNTbD5J.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VmjvNTbD5J.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: EKU_Make_debug_v4.exeString found in binary or memory: -install -runas
Source: EKU_Make_debug_v4.exeString found in binary or memory: -install
Source: EKU_Make_debug_v4.exeString found in binary or memory: -install -nolisense
Source: VmjvNTbD5J.exeString found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeFile read: C:\Users\user\Desktop\VmjvNTbD5J.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\VmjvNTbD5J.exe "C:\Users\user\Desktop\VmjvNTbD5J.exe"
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeProcess created: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe "C:\Windows\TEMP\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe" -burn.clean.room="C:\Users\user\Desktop\VmjvNTbD5J.exe" -burn.filehandle.attached=568 -burn.filehandle.self=548
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeProcess created: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe C:\Windows\TEMP\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeProcess created: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe
Source: unknownProcess created: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe "C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe"
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeProcess created: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe "C:\Windows\TEMP\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe" -burn.clean.room="C:\Users\user\Desktop\VmjvNTbD5J.exe" -burn.filehandle.attached=568 -burn.filehandle.self=548Jump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeProcess created: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe C:\Windows\TEMP\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeProcess created: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: msi.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: feclient.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: wcutil.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: pla.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: tdh.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: wcutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: wcutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}\InProcServer32Jump to behavior
Source: ipeytalci.5.drLNK file: ..\..\Roaming\ChromeQuick_DVBv5\WebCopier.exe
Source: VmjvNTbD5J.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: VmjvNTbD5J.exeStatic file information: File size 7884295 > 1048576
Source: VmjvNTbD5J.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: VmjvNTbD5J.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: VmjvNTbD5J.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: VmjvNTbD5J.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: VmjvNTbD5J.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: VmjvNTbD5J.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: VmjvNTbD5J.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: VmjvNTbD5J.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x64\burn.pdb source: VmjvNTbD5J.exe
Source: Binary string: C:\My_Programs\WebCopier\Exe\V7_0\WebCopier.pdb source: WebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: ntdll.pdb source: EKU_Make_debug_v4.exe, 00000009.00000002.3001373009.00000000046AC000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001542627.00000000048A0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002065573.0000000004EA9000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001198646.00000000044A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002250833.00000000050A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004439300.00000000064A4000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004667724.00000000066AF000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001714216.0000000004AAD000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000662123.0000000003EA3000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004087048.00000000060A7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003698316.0000000005CA8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000833922.00000000040A5000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004947450.00000000068A6000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998828712.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002876792.00000000056AB000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000488243.0000000003CA0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003208698.00000000058A0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004259270.00000000062A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005594919.0000000006EA7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005425221.0000000006CA4000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002645344.00000000054A2000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001885954.0000000004CA1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005980111.00000000072A8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003427347.0000000005AA8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005221373.0000000006AA7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002432095.00000000052A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003901700.0000000005EA3000.00000004.00000001.00020000.
Source: Binary string: wntdll.pdbUGP source: WebCopier.exe, 00000003.00000002.1420101772.0000000009ED7000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1421460871.000000000A230000.00000004.00000800.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1477725701.000000000A070000.00000004.00000800.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1479510073.000000000A42B000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1477141252.0000000009D16000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1765225304.0000000005B30000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764722457.0000000005263000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1849383044.000000000A4BE000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1848705657.0000000009DA9000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1848922684.000000000A100000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2066944321.0000000004E72000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067464478.0000000005740000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: EKU_Make_debug_v4.exe, 00000009.00000002.3001373009.00000000046AC000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001542627.00000000048A0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002065573.0000000004EA9000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001198646.00000000044A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002250833.00000000050A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004439300.00000000064A4000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004667724.00000000066AF000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001714216.0000000004AAD000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000662123.0000000003EA3000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004087048.00000000060A7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003698316.0000000005CA8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000833922.00000000040A5000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004947450.00000000068A6000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998828712.00000000023A0000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002876792.00000000056AB000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3000488243.0000000003CA0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003208698.00000000058A0000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3004259270.00000000062A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005594919.0000000006EA7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005425221.0000000006CA4000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002645344.00000000054A2000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3001885954.0000000004CA1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005980111.00000000072A8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003427347.0000000005AA8000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3005221373.0000000006AA7000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3002432095.00000000052A1000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.3003901700.0000000005EA3000.00000004.00000001.000200
Source: Binary string: wntdll.pdb source: WebCopier.exe, 00000003.00000002.1420101772.0000000009ED7000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1421460871.000000000A230000.00000004.00000800.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1477725701.000000000A070000.00000004.00000800.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1479510073.000000000A42B000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1477141252.0000000009D16000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1765225304.0000000005B30000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764722457.0000000005263000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1849383044.000000000A4BE000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1848705657.0000000009DA9000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1848922684.000000000A100000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2066944321.0000000004E72000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067464478.0000000005740000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\wix4\wix4\build\burn\Release\x64\burn.pdb2 source: VmjvNTbD5J.exe
Source: Binary string: f:\cb\11x_main\producers\distiller\products\adobe\plugins\rndrng\wxp\objfre_wnet_amd64\amd64\AdReGP.pdb source: VmjvNTbD5J.exe, VmjvNTbD5J.exe, 00000002.00000002.1696085346.0000000065041000.00000020.00000001.01000000.00000006.sdmp
Source: VmjvNTbD5J.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: VmjvNTbD5J.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: VmjvNTbD5J.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: VmjvNTbD5J.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: VmjvNTbD5J.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1001AA2F LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_1001AA2F
Source: WCUtil.dll.3.drStatic PE information: real checksum: 0x0 should be: 0x2dc11
Source: cjglcikhvjgpcl.5.drStatic PE information: real checksum: 0x269089 should be: 0x273aaf
Source: WCUtil.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x2dc11
Source: VmjvNTbD5J.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x778cbb
Source: VmjvNTbD5J.exeStatic PE information: real checksum: 0x0 should be: 0x78600c
Source: Pedlary.dll.2.drStatic PE information: real checksum: 0xd3c8 should be: 0x10a4a
Source: gkjmkrwgm.11.drStatic PE information: real checksum: 0x269089 should be: 0x273aaf
Source: VmjvNTbD5J.exeStatic PE information: section name: .didat
Source: VmjvNTbD5J.exeStatic PE information: section name: .wixburn
Source: VmjvNTbD5J.exeStatic PE information: section name: _RDATA
Source: VmjvNTbD5J.exe.0.drStatic PE information: section name: .didat
Source: VmjvNTbD5J.exe.0.drStatic PE information: section name: .wixburn
Source: VmjvNTbD5J.exe.0.drStatic PE information: section name: _RDATA
Source: EKU_Make_debug_v4.exe.5.drStatic PE information: section name: Shared
Source: cjglcikhvjgpcl.5.drStatic PE information: section name: .xdata
Source: cjglcikhvjgpcl.5.drStatic PE information: section name: epj
Source: gkjmkrwgm.11.drStatic PE information: section name: .xdata
Source: gkjmkrwgm.11.drStatic PE information: section name: epj
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1001AA00 push eax; ret 3_2_1001AA2E
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1001E714 push eax; ret 3_2_1001E732
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58CB push edi; retf 4_2_00CB58CE
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB64CB push edi; retf 4_2_00CB64CE
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB64C9 pushad ; retf 4_2_00CB64CA
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58CF push edi; retf 4_2_00CB58D2
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58DB push edi; retf 4_2_00CB58DE
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58DF push edi; retf 4_2_00CB58E2
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58D3 push edi; retf 4_2_00CB58D6
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58D7 push edi; retf 4_2_00CB58DA
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB64D7 push edi; retf 4_2_00CB64DA
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB64D5 pushad ; retf 4_2_00CB64D6
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58EF push edi; retf 4_2_00CB58F2
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58E3 push edi; retf 4_2_00CB58E6
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB64E3 push edi; retf 4_2_00CB64E6
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB64E0 pushad ; retf 4_2_00CB64E2
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58E7 push edi; retf 4_2_00CB58EE
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58FB push edi; retf 4_2_00CB58FE
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB64FB push edi; retf 4_2_00CB64FE
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58FF push edi; retf 4_2_00CB5902
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58F3 push edi; retf 4_2_00CB58F6
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB58F7 push edi; retf 4_2_00CB58FA
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB588B push edi; retf 4_2_00CB588E
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB588F push edi; retf 4_2_00CB5892
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB648F push edi; retf 4_2_00CB6492
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB648C pushad ; retf 4_2_00CB648E
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB5883 push edi; retf 4_2_00CB5886
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB6483 push edi; retf 4_2_00CB6486
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB6481 pushad ; retf 4_2_00CB6482
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB5887 push edi; retf 4_2_00CB588A
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeCode function: 4_2_00CB589B push edi; retf 4_2_00CB589E
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeFile created: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WCUtil.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\cjglcikhvjgpclJump to dropped file
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeFile created: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeJump to dropped file
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeFile created: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeJump to dropped file
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeFile created: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WCUtil.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\gkjmkrwgmJump to dropped file
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeFile created: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeJump to dropped file
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeFile created: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\Pedlary.dllJump to dropped file
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeFile created: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeJump to dropped file
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeFile created: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WCUtil.dllJump to dropped file
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeFile created: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeJump to dropped file
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeFile created: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\Pedlary.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\cjglcikhvjgpclJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\gkjmkrwgmJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00000001400853D4 GetPrivateProfileStringW,lstrlenW,9_2_00000001400853D4

Hooking and other Techniques for Hiding and Protection

barindex
Found hidden mapped module (file has been removed from disk)
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\CJGLCIKHVJGPCL
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\GKJMKRWGM
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeAPI/Special instruction interceptor: Address: 6D177C44
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeAPI/Special instruction interceptor: Address: 6D177C44
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeAPI/Special instruction interceptor: Address: 6D177945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6D173B54
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\cjglcikhvjgpclJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gkjmkrwgmJump to dropped file
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeDropped PE file which has not been started: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\Pedlary.dllJump to dropped file
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeEvaded block: after key decision
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeEvasive API call chain: GetLocalTime,DecisionNodes
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-42254
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleep
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_0-42937
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCheck user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeAPI coverage: 2.9 %
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeAPI coverage: 1.5 %
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe TID: 7564Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe TID: 8092Thread sleep time: -31760s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe TID: 7516Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe TID: 7516Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe TID: 6404Thread sleep time: -31760s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe TID: 3376Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe TID: 3376Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E17A38 GetLocalTime followed by cmp: cmp esi, 05h and CTI: je 00007FF7D0E17AFAh0_2_00007FF7D0E17A38
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E17A38 GetLocalTime followed by cmp: cmp esi, 01h and CTI: je 00007FF7D0E17AF1h0_2_00007FF7D0E17A38
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DA7A38 GetLocalTime followed by cmp: cmp esi, 05h and CTI: je 00007FF6B4DA7AFAh2_2_00007FF6B4DA7A38
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DA7A38 GetLocalTime followed by cmp: cmp esi, 01h and CTI: je 00007FF6B4DA7AF1h2_2_00007FF6B4DA7A38
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DB72AC GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_00007FF7D0DB72AC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E22798 FindFirstFileW,FindClose,0_2_00007FF7D0E22798
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E0E914 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF7D0E0E914
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DD3CF8 FindFirstFileW,FindNextFileW,FindClose,0_2_00007FF7D0DD3CF8
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4DB2798 FindFirstFileW,FindClose,2_2_00007FF6B4DB2798
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D9E914 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF6B4D9E914
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D472AC GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,GetLastError,DeleteFileW,MoveFileExW,MoveFileExW,GetLastError,FindNextFileW,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,2_2_00007FF6B4D472AC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D63CF8 FindFirstFileW,FindNextFileW,FindClose,2_2_00007FF6B4D63CF8
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_100145C2 FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,3_2_100145C2
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000A5E0 GetDlgItem,SendMessageW,SendMessageW,SendMessageW,wsprintfW,GetClientRect,SendMessageW,FindFirstFileW,lstrlenW,SendMessageW,FindNextFileW,FindClose,9_2_000000014000A5E0
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_0000000140007628 FindClose,lstrlenW,lstrcpyW,FindFirstFileW,GetFullPathNameW,FindClose,SetLastError,lstrlenW,9_2_0000000140007628
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000D848 GetLogicalDriveStringsW,GetDlgItem,GetDriveTypeW,_cwprintf_s_l,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SHGetSpecialFolderPathW,lstrlenW,SHGetSpecialFolderPathW,lstrlenW,SendMessageW,SendMessageW,GetDlgItem,SendMessageW,SendMessageW,GetDlgItem,SendMessageW,RegOpenKeyExW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,lstrlenW,SendMessageW,SendMessageW,SendMessageW,RegCloseKey,9_2_000000014000D848
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E2DEE0 VirtualQuery,GetSystemInfo,0_2_00007FF7D0E2DEE0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
Source: cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
Source: cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
Source: cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
Source: WebCopier.exe, 00000003.00000002.1413193628.000000000087D000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000002.1472271380.000000000087D000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838638872.000000000087D000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: aihgfs
Source: cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
Source: cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
Source: cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
Source: EKU_Make_debug_v4.exe, 00000009.00000002.2998251246.00000000004BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeAPI call chain: ExitProcess graph end nodegraph_0-42908
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E042EC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D0E042EC
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_1001AA2F LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_1001AA2F
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DB6A48 GetProcessHeap,RtlFreeHeap,GetLastError,0_2_00007FF7D0DB6A48
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E042EC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D0E042EC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E044D0 SetUnhandledExceptionFilter,0_2_00007FF7D0E044D0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E0A42C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D0E0A42C
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E03DE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7D0E03DE4
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_65045040 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_65045040
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D942EC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6B4D942EC
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D9A42C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF6B4D9A42C
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D944D0 SetUnhandledExceptionFilter,2_2_00007FF6B4D944D0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_00007FF6B4D93DE4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF6B4D93DE4
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10017C4A SetUnhandledExceptionFilter,3_2_10017C4A
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: 3_2_10017C5C SetUnhandledExceptionFilter,3_2_10017C5C
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_00007FF60CDE11B5 Sleep,exit,SetUnhandledExceptionFilter,exit,9_2_00007FF60CDE11B5

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQuerySystemInformation: Direct from: 0x7FF60CE6FB8DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF908164B5EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryValueKey: Direct from: 0x14011D93EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryValueKey: Direct from: 0x7FF60CE9B100Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtReadVirtualMemory: Direct from: 0x7FF60CE78A4DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF7D65BF51A
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF60CDF3319Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Indirect: 0x14012000F
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF60CFE04AAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF7D65C1B4D
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF7D65CBE06Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF60CFEBD2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtReadFile: Direct from: 0x7FF7D645B6F3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D645B65BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryValueKey: Direct from: 0x7FF60CE9A1C6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryInformationProcess: Direct from: 0x7FF60CE81033Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryValueKey: Direct from: 0x7FF7D647AD3AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtOpenKeyEx: Direct from: 0x7FF7D6479C13Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryInformationToken: Direct from: 0x7FF60CECAAF2Jump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeNtProtectVirtualMemory: Direct from: 0x6E9FD380Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF60CFEA237Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF7D63CF65AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQuerySystemInformation: Direct from: 0x7FF7D64D4E4DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D63C4472Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQuerySystemInformation: Direct from: 0x7FF60CECDF12Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtSetInformationProcess: Direct from: 0x7FF7D6461F2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D63CAD78Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryInformationProcess: Direct from: 0x7FF60CE81447Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x14011D808Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQuerySystemInformation: Direct from: 0x7FF7D65C4ECAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF60CFE1B2B
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateFile: Direct from: 0x7FF7D65BD111Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF60CE70043Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQuerySystemInformation: Direct from: 0x7FF7D64ADF12Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF60CDEAD78Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D645CC67Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF7D64B1304
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateFile: Direct from: 0x7FF60CFDF4FCJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF60CE741C9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF60CFE1B3F
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D63CC691Jump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeNtQuerySystemInformation: Direct from: 0x10002918Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateThreadEx: Direct from: 0x7FF60CDE484DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF60CFE08D8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF60CFEBE06Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateThreadEx: Direct from: 0x7FF60CDE4B8BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryInformationToken: Direct from: 0x7FF60CE97C4CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateFile: Direct from: 0x7FF7D645B4C9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF60CFE1B4D
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D64AD07CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtSetInformationProcess: Direct from: 0x7FF60CE80F49Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryValueKey: Direct from: 0x7FF7D647A1C6Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF7D65CBD2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF60CFDF51A
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQuerySystemInformation: Direct from: 0x7FF7D644FB8DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D63D1BDEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x14011D864
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF60CDE4472Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtSetInformationProcess: Direct from: 0x7FF60CE81F2EJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryInformationProcess: Direct from: 0x7FF7D6461447Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF60CECD07CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF7D646178F
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D63CE400Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryValueKey: Direct from: 0x7FF60CE9AD3AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF60CDEF65AJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQuerySystemInformation: Direct from: 0x7FF60CFE4ECAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF7D65CA237Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtReadFile: Direct from: 0x7FF60CE7B6F3Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF60CE7B65BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF7D65C04AAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtReadVirtualMemory: Direct from: 0x7FF7D6458A4DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryValueKey: Direct from: 0x7FF7D647A514Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryInformationProcess: Direct from: 0x7FF7D6461033Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtOpenKeyEx: Direct from: 0x7FF60CE99C13Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateFile: Direct from: 0x7FF60CFDD111Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D64B12C2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtSetInformationProcess: Direct from: 0x7FF7D6460F49Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF7D6450043Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryValueKey: Direct from: 0x7FF60CE9A514Jump to behavior
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeNtProtectVirtualMemory: Direct from: 0x77537B2EJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeNtProtectVirtualMemory: Direct from: 0x6FE82D74Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryInformationToken: Direct from: 0x7FF9081426A1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtReadFile: Direct from: 0x14011D832Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF7D65C1B2B
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQuerySystemInformation: Direct from: 0x7FF60CEF4E4DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateFile: Direct from: 0x7FF60CE7B4C9Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryInformationToken: Direct from: 0x7FF7D64AAAF2Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateFile: Direct from: 0x14011D7A4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF60CE8178F
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF7D65C08D8Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryInformationToken: Direct from: 0x7FF7D6477C4CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtClose: Direct from: 0x7FF7D65C1B3F
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF60CE7CC67Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateThreadEx: Direct from: 0x7FF7D63C4B8BJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x7FF60CDEC691Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtAllocateVirtualMemory: Direct from: 0x140120A3CJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateFile: Direct from: 0x7FF7D65BF4FCJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtQueryValueKey: Direct from: 0x7FF7D647B100Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtCreateThreadEx: Direct from: 0x7FF7D63C484DJump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeNtProtectVirtualMemory: Direct from: 0x7FF7D64541C9Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe protection: read writeJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe protection: read writeJump to behavior
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe base: 236010Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe base: 14011BC08Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe base: 2DA010Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeCode function: 9_2_000000014000BFFC CharLowerW,lstrcmpiW,lstrcmpiW,lstrlenW,lstrlenW,lstrcmpiW,lstrcmpW,lstrlenW,GetActiveWindow,GetTempPathW,lstrlenW,GetModuleFileNameW,CopyFileW,MessageBoxW,lstrlenW,ShellExecuteW,GetModuleFileNameW,CharLowerW,lstrlenW,9_2_000000014000BFFC
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeProcess created: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe "C:\Windows\TEMP\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe" -burn.clean.room="C:\Users\user\Desktop\VmjvNTbD5J.exe" -burn.filehandle.attached=568 -burn.filehandle.self=548Jump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E1B9E0 InitializeSecurityDescriptor,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,CreateWellKnownSid,GetLastError,SetEntriesInAclA,SetSecurityDescriptorOwner,GetLastError,SetSecurityDescriptorGroup,GetLastError,SetSecurityDescriptorDacl,GetLastError,CoInitializeSecurity,LocalFree,0_2_00007FF7D0E1B9E0
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E18ABC AllocateAndInitializeSid,CheckTokenMembership,0_2_00007FF7D0E18ABC
Source: WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: )[%d] Shell_TrayWndTrayNotifyWnd
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E15E80 cpuid 0_2_00007FF7D0E15E80
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: GetLocaleInfoA,MultiByteToWideChar,3_2_1001D810
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoW,WideCharToMultiByte,3_2_1001D866
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: EnumSystemLocalesA,3_2_1001C8A8
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: GetLocaleInfoW,WideCharToMultiByte,3_2_1001D929
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: EnumSystemLocalesA,3_2_1001C9BB
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: GetLocaleInfoA,3_2_1001CBAF
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: GetLocaleInfoA,IsValidCodePage,IsValidLocale,3_2_1001C448
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: EnumSystemLocalesA,3_2_1001C61D
Source: C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exeCode function: GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,MultiByteToWideChar,3_2_1001D753
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DD0488 GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,CloseHandle,LocalFree,0_2_00007FF7D0DD0488
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E17A38 EnterCriticalSection,GetCurrentProcessId,GetCurrentThreadId,GetLocalTime,LeaveCriticalSection,0_2_00007FF7D0E17A38
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0DBAF70 GetUserNameW,GetLastError,0_2_00007FF7D0DBAF70
Source: C:\Users\user\Desktop\VmjvNTbD5J.exeCode function: 0_2_00007FF7D0E2CDF0 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,0_2_00007FF7D0E2CDF0
Source: C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exeCode function: 2_2_65042F4C __swprintf_l,RegCreateKeyW,memset,_itow,RegQueryValueExW,memset,GetVersionExW,_itow,RegQueryValueExW,??2@YAPEAX_K@Z,RegQueryValueExW,RegDeleteValueW,FindWindowW,SendMessageW,RegCloseKey,2_2_65042F4C
Source: C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts4
Native API		11
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Deobfuscate/Decode Files or Information		11
Input Capture		12
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Windows Service		1
Abuse Elevation Control Mechanism		1
Abuse Elevation Control Mechanism		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Screen Capture		1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Service Execution		Logon Script (Windows)11
DLL Side-Loading		3
Obfuscated Files or Information		Security Account Manager4
File and Directory Discovery		SMB/Windows Admin Shares11
Input Capture		1
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Access Token Manipulation		11
DLL Side-Loading		NTDS146
System Information Discovery		Distributed Component Object Model2
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Windows Service		1
File Deletion		LSA Secrets221
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts213
Process Injection		21
Masquerading		Cached Domain Credentials2
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Virtualization/Sandbox Evasion		DCSync11
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem1
System Owner/User Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt213
Process Injection		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586717 Sample: VmjvNTbD5J.exe Startdate: 09/01/2025 Architecture: WINDOWS Score: 84 61 plerukilo0.site 2->61 69 Multi AV Scanner detection for dropped file 2->69 71 Multi AV Scanner detection for submitted file 2->71 73 Machine Learning detection for dropped file 2->73 75 AI detected suspicious sample 2->75 11 VmjvNTbD5J.exe 8 2->11         started        14 WebCopier.exe 1 2->14         started        signatures3 process4 file5 59 C:\Windows\Temp\...\VmjvNTbD5J.exe, PE32+ 11->59 dropped 17 VmjvNTbD5J.exe 15 11->17         started        91 Maps a DLL or memory area into another process 14->91 93 Found direct / indirect Syscall (likely to bypass EDR) 14->93 21 cmd.exe 2 14->21         started        signatures6 process7 file8 43 C:\Windows\Temp\...\WebCopier.exe, PE32 17->43 dropped 45 C:\Windows\Temp\...\WCUtil.dll, PE32 17->45 dropped 47 C:\Windows\Temp\...\Pedlary.dll, PE32+ 17->47 dropped 63 Multi AV Scanner detection for dropped file 17->63 23 WebCopier.exe 5 17->23         started        49 C:\Users\user\AppData\Local\Temp\gkjmkrwgm, PE32+ 21->49 dropped 65 Writes to foreign memory regions 21->65 67 Maps a DLL or memory area into another process 21->67 27 EKU_Make_debug_v4.exe 21->27         started        29 conhost.exe 21->29         started        signatures9 process10 file11 55 C:\Users\user\AppData\...\WebCopier.exe, PE32 23->55 dropped 57 C:\Users\user\AppData\Roaming\...\WCUtil.dll, PE32 23->57 dropped 87 Switches to a custom stack to bypass stack traces 23->87 89 Found direct / indirect Syscall (likely to bypass EDR) 23->89 31 WebCopier.exe 1 23->31         started        signatures12 process13 signatures14 95 Maps a DLL or memory area into another process 31->95 97 Switches to a custom stack to bypass stack traces 31->97 99 Found direct / indirect Syscall (likely to bypass EDR) 31->99 34 cmd.exe 5 31->34         started        process15 file16 51 C:\Users\user\AppData\...\cjglcikhvjgpcl, PE32+ 34->51 dropped 53 C:\Users\user\...KU_Make_debug_v4.exe, PE32+ 34->53 dropped 77 Writes to foreign memory regions 34->77 79 Found hidden mapped module (file has been removed from disk) 34->79 81 Maps a DLL or memory area into another process 34->81 83 Switches to a custom stack to bypass stack traces 34->83 38 EKU_Make_debug_v4.exe 34->38         started        41 conhost.exe 34->41         started        signatures17 process18 signatures19 85 Found direct / indirect Syscall (likely to bypass EDR) 38->85

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
VmjvNTbD5J.exe47%ReversingLabsWin64.Trojan.Rugmi

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\gkjmkrwgm100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\cjglcikhvjgpcl100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WCUtil.dll43%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe0%ReversingLabs
C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\Pedlary.dll0%ReversingLabs
C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WCUtil.dll43%ReversingLabsWin32.Trojan.Generic
C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe0%ReversingLabs
C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe58%ReversingLabsWin64.Trojan.Nekark

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://plerukilo0.site/GM0%Avira URL Cloudsafe
https://plerukilo0.site/A0%Avira URL Cloudsafe
https://plerukilo0.site/G0%Avira URL Cloudsafe
https://plerukilo0.site/5)M0)0%Avira URL Cloudsafe
https://plerukilo0.site/E0%Avira URL Cloudsafe
https://plerukilo0.site/50%Avira URL Cloudsafe
http://www.maximumsoft.com/products/wc/tour_win_t.htm0%Avira URL Cloudsafe
http://wixtoolset.org/schemas/v4/2008/BurnH0%Avira URL Cloudsafe
https://plerukilo0.site/u)0%Avira URL Cloudsafe
https://plerukilo0.site:443X0%Avira URL Cloudsafe
https://plerukilo0.site:443D0%Avira URL Cloudsafe
https://plerukilo0.site/=)U00%Avira URL Cloudsafe
https://plerukilo0.site/M)E00%Avira URL Cloudsafe
https://plerukilo0.site/90%Avira URL Cloudsafe
https://plerukilo0.site/i)0%Avira URL Cloudsafe
http://wixtoolset.org/schemas/v4/BootstrapperApplicationData0%Avira URL Cloudsafe
ftp://Welcome.htm_WCerror0%Avira URL Cloudsafe
https://plerukilo0.site/E)0%Avira URL Cloudsafe
https://plerukilo0.site/Q)a00%Avira URL Cloudsafe
https://plerukilo0.site/i0%Avira URL Cloudsafe
https://plerukilo0.site:4430%Avira URL Cloudsafe
http://www.softwareok.de/?seite=faq-Find.Same.Images.OK&faq=00%Avira URL Cloudsafe
http://www.maximumsoft.com/downloads/0%Avira URL Cloudsafe
https://plerukilo0.site/1)A0(0%Avira URL Cloudsafe
http://wixtoolset.org/schemas/v4/2008/Burn0%Avira URL Cloudsafe
https://plerukilo0.site/proprietes?hnjw3jwgcrj=viecBZ17TbrJ0plncMPhyySmKom8GzHFEOPa51csL1qYzU39OAnqM0%Avira URL Cloudsafe
http://www.maximumsoft.com/products/wc/tour_win_t.htmhttp://www.maximumsoft.com/products/wc/tour_win0%Avira URL Cloudsafe
http://www.maximumsoft.com/index_buy.html0%Avira URL Cloudsafe
https://plerukilo0.site/U0%Avira URL Cloudsafe
https://plerukilo0.site:443/proprietes?hnjw3jwgcrj=viecBZ17TbrJ0plncMPhyySmKom8GzHFEOPa51csL1qYzU39O0%Avira URL Cloudsafe
https://plerukilo0.site/U)m00%Avira URL Cloudsafe
https://plerukilo0.site/Y0%Avira URL Cloudsafe
http://www.softwareok.de/?Freeware/Find.Same.Images.OK/History0%Avira URL Cloudsafe
http://www.maximumsoft.com/0%Avira URL Cloudsafe
https://plerukilo0.site/Q0%Avira URL Cloudsafe
https://plerukilo0.site:443o;0%Avira URL Cloudsafe
https://plerukilo0.site/S0%Avira URL Cloudsafe
http://wixtoolset.org/schemas/v4/BundleExtensionData0%Avira URL Cloudsafe
http://www.maximumsoft.com/products/wc/tour_win_nt.htm0%Avira URL Cloudsafe
http://www.softwareok.de/?Download=Find.Same.Images.OK0%Avira URL Cloudsafe
http://www.maximumsoft.com/index_support.htmlgClick0%Avira URL Cloudsafe
https://plerukilo0.site:443RR0%Avira URL Cloudsafe
https://plerukilo0.site/0%Avira URL Cloudsafe
https://plerukilo0.site/proprietes2.400%Avira URL Cloudsafe
https://plerukilo0.site/IA0%Avira URL Cloudsafe
https://plerukilo0.site/m0%Avira URL Cloudsafe
https://plerukilo0.site:443lRZ00%Avira URL Cloudsafe
http://www.maximumsoft.com/index_support.html70%Avira URL Cloudsafe
https://plerukilo0.site/proprietesGHz0%Avira URL Cloudsafe
http://www.maximumsoft.com/index_skins.html0%Avira URL Cloudsafe
https://plerukilo0.site/proprietes0%Avira URL Cloudsafe
https://plerukilo0.site/9)I00%Avira URL Cloudsafe
https://plerukilo0.site/Se)0%Avira URL Cloudsafe
http://www.maximumsoft.com/products/wc/tour_win_iet.htm0%Avira URL Cloudsafe
http://www.maximumsoft.com/index_transl.html0%Avira URL Cloudsafe
https://plerukilo0.site:443_0%Avira URL Cloudsafe
http://wixtoolset.org/schemas/v4/2008/Burnp0%Avira URL Cloudsafe
http://www.softwareok.de/?Freeware/Find.Same.Images.OK0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0017.t-0009.t-msedge.net
13.107.246.45
truefalse
    		high
    plerukilo0.site
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://plerukilo0.site/EEKU_Make_debug_v4.exe, 00000011.00000003.2643195794.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2563439096.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://plerukilo0.site/GMEKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://plerukilo0.site/GEKU_Make_debug_v4.exe, 00000011.00000003.3123828653.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://plerukilo0.site:443XEKU_Make_debug_v4.exe, 00000009.00000002.2998470735.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2738401497.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818350080.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000483000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.vmware.com/0WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://www.softwareok.com/?Freeware/Find.Same.Images.OK/HistoryEKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpfalse
          		high
          http://ocsp.sectigo.com0VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpfalse
            		high
            http://www.maximumsoft.com/products/wc/tour_win_t.htmWebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.softwareok.com/?Freeware/Find.Same.Images.OKEKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpfalse
              		high
              https://plerukilo0.site/AEKU_Make_debug_v4.exe, 00000011.00000003.3043954128.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.3124215128.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.3123828653.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://plerukilo0.site/5EKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://plerukilo0.site/u)EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2658049768.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2417709451.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://wixtoolset.org/schemas/v4/2008/BurnHVmjvNTbD5J.exe, 00000002.00000002.1696823222.00000215C4C10000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://plerukilo0.site/5)M0)EKU_Make_debug_v4.exe, 00000009.00000003.2337496455.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2337141569.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2257429875.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://plerukilo0.site/9EKU_Make_debug_v4.exe, 00000011.00000003.2643478415.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://plerukilo0.site/=)U0EKU_Make_debug_v4.exe, 00000009.00000003.2097641487.0000000000532000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              ftp://Welcome.htm_WCerrorWebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://plerukilo0.site:443DEKU_Make_debug_v4.exe, 00000011.00000003.2643195794.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2563439096.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2483381818.0000000000483000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                http://wixtoolset.org/schemas/v4/BootstrapperApplicationDataVmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://plerukilo0.site/M)E0EKU_Make_debug_v4.exe, 00000009.00000003.2738401497.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2658049768.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2177450891.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2257429875.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://plerukilo0.site/i)EKU_Make_debug_v4.exe, 00000009.00000003.2417709451.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.softwareok.de/?Freeware/Find.Same.Images.OKEKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://plerukilo0.site/eEKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2643478415.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.3124215128.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://plerukilo0.site/E)EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2738401497.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2658049768.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998470735.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818350080.0000000000539000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://plerukilo0.site/Q)a0EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://plerukilo0.site:443EKU_Make_debug_v4.exe, 00000011.00000003.3043954128.0000000000483000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://plerukilo0.site/iEKU_Make_debug_v4.exe, 00000011.00000003.2963860230.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2483381818.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2563439096.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://crl.thawte.com/ThawteTimestampingCA.crl0VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpfalse
                    		high
                    http://wixtoolset.org/schemas/v4/2008/BurnVmjvNTbD5J.exe, 00000000.00000003.1698652199.000001D76B17A000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1697259350.000001D76B17A000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385597811.000001D76B138000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385597811.000001D76B17A000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1698224633.000001D76CF80000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385828002.000001D76B12F000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385933234.000001D76B12F000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1385933234.000001D76B17A000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000002.1696755735.00000215C4A70000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000002.1696823222.00000215C4C10000.00000004.00000800.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2B98000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.maximumsoft.com/products/wc/tour_win_t.htmhttp://www.maximumsoft.com/products/wc/tour_winWebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.maximumsoft.com/index_buy.htmlVmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.softwareok.de/?seite=faq-Find.Same.Images.OK&faq=0EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.maximumsoft.com/downloads/VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.softwareok.deWebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000000.1682136450.00000001401E0000.00000002.00000001.01000000.00000010.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401E0000.00000002.00000001.01000000.00000010.sdmpfalse
                      		high
                      https://plerukilo0.site/1)A0(EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://plerukilo0.site/proprietes?hnjw3jwgcrj=viecBZ17TbrJ0plncMPhyySmKom8GzHFEOPa51csL1qYzU39OAnqMEKU_Make_debug_v4.exe, 00000011.00000003.2403029365.000000000044D000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://plerukilo0.site/UEKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998470735.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://plerukilo0.site:443/proprietes?hnjw3jwgcrj=viecBZ17TbrJ0plncMPhyySmKom8GzHFEOPa51csL1qYzU39OEKU_Make_debug_v4.exe, 00000009.00000002.2998251246.00000000004BC000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.softwareok.de/?Freeware/Find.Same.Images.OK/HistoryEKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://plerukilo0.site/U)m0EKU_Make_debug_v4.exe, 00000009.00000002.2998470735.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://plerukilo0.site/YEKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.softwareok.com/?Download=Find.Same.Images.OKEKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpfalse
                        		high
                        http://www.maximumsoft.com/VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000002.1413193628.000000000087D000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.000000000087D000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838638872.000000000087D000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://plerukilo0.site/QEKU_Make_debug_v4.exe, 00000011.00000003.2723660343.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000469000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2643478415.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://plerukilo0.site/SEKU_Make_debug_v4.exe, 00000009.00000003.2577757181.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sectigo.com/CPS0VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          http://wixtoolset.org/schemas/v4/BundleExtensionDataVmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BAB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.maximumsoft.com/products/wc/tour_win_nt.htmWebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://plerukilo0.site:443o;EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2577757181.0000000000540000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.softwareok.de/?Download=Find.Same.Images.OKEKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.thawte.com0VmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpfalse
                            		high
                            http://www.maximumsoft.com/index_support.htmlgClickVmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.vmware.com/0/WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://plerukilo0.site:443RREKU_Make_debug_v4.exe, 00000011.00000003.2883525042.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2963563397.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2883754212.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2963860230.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2803783948.0000000000483000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.3043954128.0000000000483000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sVmjvNTbD5J.exe, 00000002.00000003.1393788158.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000002.00000003.1393854032.00000215C2BA2000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                http://www.softwareok.com/?seite=faq-Find.Same.Images.OK&faq=0EKU_Make_debug_v4.exe, 00000009.00000002.3006721487.00000001401F4000.00000002.00000001.01000000.00000010.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401F4000.00000002.00000001.01000000.00000010.sdmpfalse
                                  		high
                                  https://plerukilo0.site/EKU_Make_debug_v4.exe, 00000011.00000003.3123828653.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://plerukilo0.site/proprietes2.40EKU_Make_debug_v4.exe, 00000009.00000002.2998698321.0000000000896000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.???.xx/?search=%sWebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000000.1682136450.00000001401E0000.00000002.00000001.01000000.00000010.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401E0000.00000002.00000001.01000000.00000010.sdmpfalse
                                    		high
                                    https://plerukilo0.site/IAEKU_Make_debug_v4.exe, 00000011.00000003.2963860230.0000000000469000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://plerukilo0.site/mEKU_Make_debug_v4.exe, 00000011.00000003.2482573056.0000000000471000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000003.2402949621.000000000046F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.symauth.com/cps0(WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://plerukilo0.site:443lRZ0EKU_Make_debug_v4.exe, 00000009.00000003.2337496455.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2257429875.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2337141569.0000000000540000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2417288895.0000000000540000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.maximumsoft.com/index_support.html7VmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://plerukilo0.site/proprietesGHzEKU_Make_debug_v4.exe, 00000009.00000002.2998698321.0000000000896000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://plerukilo0.site/9)I0EKU_Make_debug_v4.exe, 00000009.00000003.2417709451.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2497745298.000000000052C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.maximumsoft.com/index_skins.htmlVmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://plerukilo0.site/proprietesEKU_Make_debug_v4.exe, 00000009.00000002.2998698321.0000000000896000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.symauth.com/rpa00WebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.maximumsoft.com/products/wc/tour_win_iet.htmWebCopier.exe, 00000003.00000002.1412910476.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000000.1394789970.000000000078F000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000000.1411481827.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 00000004.00000002.1471995614.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838147139.000000000078F000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1775871689.000000000078F000.00000002.00000001.01000000.0000000A.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.info-zip.org/WebCopier.exe, 00000003.00000002.1418759897.00000000096EA000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.0000000009689000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.00000000055CA000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027A4000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.00000000096F6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.00000000051DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://plerukilo0.site/Se)EKU_Make_debug_v4.exe, 00000009.00000003.2738401497.0000000000539000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2998470735.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818641441.000000000052C000.00000004.00000020.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000003.2818350080.0000000000539000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.youtube.com/watch?v=WebCopier.exe, 00000003.00000002.1413193628.000000000087D000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000004.00000002.1472271380.000000000087D000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000002.1838638872.000000000087D000.00000002.00000001.01000000.0000000A.sdmpfalse
                                            		high
                                            http://www.surfok.de/EKU_Make_debug_v4.exe, 00000011.00000000.1981389461.0000000140156000.00000002.00000001.01000000.00000010.sdmpfalse
                                              		high
                                              http://www.maximumsoft.com/index_transl.htmlVmjvNTbD5J.exe, 00000002.00000003.1393600419.00000215C2BBB000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000003.00000002.1413193628.0000000000B12000.00000002.00000001.01000000.00000007.sdmp, WebCopier.exe, 00000003.00000003.1408226836.0000000009D6D000.00000004.00000001.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1472271380.0000000000B12000.00000002.00000001.01000000.0000000A.sdmp, WebCopier.exe, 0000000A.00000000.1776026282.0000000000B12000.00000002.00000001.01000000.0000000A.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://wixtoolset.org/schemas/v4/2008/BurnpVmjvNTbD5J.exe, 00000000.00000003.1697808958.000001D76D319000.00000004.00000800.00020000.00000000.sdmp, VmjvNTbD5J.exe, 00000000.00000003.1697832607.000001D76D318000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.softwareok.comWebCopier.exe, 00000003.00000002.1418759897.0000000009740000.00000004.00000020.00020000.00000000.sdmp, WebCopier.exe, 00000004.00000002.1476234402.00000000096DF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000005.00000002.1764860391.0000000005613000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000002.2999006711.00000000027ED000.00000004.00000001.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000009.00000000.1682136450.00000001401E0000.00000002.00000001.01000000.00000010.sdmp, WebCopier.exe, 0000000A.00000002.1847686411.000000000974C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.2067116449.0000000005228000.00000004.00000800.00020000.00000000.sdmp, EKU_Make_debug_v4.exe, 00000011.00000000.1981513589.00000001401E0000.00000002.00000001.01000000.00000010.sdmpfalse
                                                		high
                                                https://plerukilo0.site:443_EKU_Make_debug_v4.exe, 00000011.00000003.2963860230.0000000000483000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://appsyndication.org/2006/appsynVmjvNTbD5J.exefalse
                                                  		high

                                                  World Map of Contacted IPs

                                                  No contacted IP infos

                                                  General Information

                                                  Joe Sandbox version:42.0.0 Malachite
                                                  Analysis ID:1586717
                                                  Start date and time:2025-01-09 14:53:46 +01:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:0h 10m 24s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                  Run name:Run with higher sleep bypass
                                                  Number of analysed new started processes analysed:19
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Sample name:VmjvNTbD5J.exe
                                                  renamed because original name is a hash value
                                                  Original Sample Name:8ed2ebe94abc2758e4db53c476f8b7a69b5436fe176cba112802990547c5bb24.exe
                                                  Detection:MAL
                                                  Classification:mal84.evad.winEXE@18/20@14/0
                                                  EGA Information:
                                                  • Successful, ratio: 80%
                                                  HCA Information:
                                                  • Successful, ratio: 79%
                                                  • Number of executed functions: 63
                                                  • Number of non-executed functions: 238
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe
                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                  • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                  • Excluded IPs from analysis (whitelisted): 13.107.246.45, 52.149.20.212, 23.206.229.209
                                                  • Excluded domains from analysis (whitelisted): www.bing.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
                                                  • Execution Graph export aborted for target WebCopier.exe, PID 7636 because there are no executed function
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  • VT rate limit hit for: VmjvNTbD5J.exe

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  13:54:59AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BITA49D.tmp
                                                  13:55:12AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\writercloud_VMX_alpha.lnk

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  No context

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  s-part-0017.t-0009.t-msedge.nethttps://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.45
                                                  cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.45
                                                  EMfRi659Ir.exeGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.45
                                                  https://laserglow-technologies-industrial-48815730.hubspotpagebuilder.com/laserglowGet hashmaliciousHTMLPhisherBrowse
                                                  • 13.107.246.45
                                                  colleague[1].htmGet hashmaliciousUnknownBrowse
                                                  • 13.107.246.45
                                                  bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                  • 13.107.246.45
                                                  https://mo.iecxtug.ru/eoQpd/Get hashmaliciousUnknownBrowse
                                                  • 13.107.246.45
                                                  1In8uYbvZJ.ps1Get hashmaliciousUnknownBrowse
                                                  • 13.107.246.45
                                                  fuk7RfLrD3.exeGet hashmaliciousLummaCBrowse
                                                  • 13.107.246.45
                                                  Subscription_Renewal_Invoice_2025_FGHDCS.htmlGet hashmaliciousHTMLPhisherBrowse
                                                  • 13.107.246.45

                                                  ASNs

                                                  No context

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exeK3UtwU3CH9.msiGet hashmaliciousUnknownBrowse
                                                    24EPV9vjc5.exeGet hashmaliciousUnknownBrowse
                                                      1wrLmYiC62.exeGet hashmaliciousUnknownBrowse
                                                        vV5EOx0ipU.exeGet hashmaliciousUnknownBrowse
                                                          kXzODlqJak.exeGet hashmaliciousUnknownBrowse
                                                            8Rmoal0v85.exeGet hashmaliciousUnknownBrowse
                                                              cLm7ThwEvh.msiGet hashmaliciousUnknownBrowse
                                                                LVkAi4PBv6.exeGet hashmaliciousUnknownBrowse
                                                                  w3245.exeGet hashmaliciousUnknownBrowse

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Temp\98376141

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):5602086
                                                                    Entropy (8bit):7.734295595551604
                                                                    Encrypted:false
                                                                    SSDEEP:98304:i6eqhd9aZj3Yxzb9gOQXBFPVGjiaaE6Oj1OM8WBqft6oJjl/eb:iSsjseVPEWfOjT8WBWt6Xb
                                                                    MD5:F70BD74D3A388054605DFE5E6BF952C1
                                                                    SHA1:B56B789875BDD5298AEC31AF27E3595B344C3D00
                                                                    SHA-256:596F237101082191497450BA51F62BBDA60CD71ACCEF5116F9C522AA3E9335D2
                                                                    SHA-512:3B23FE8551675B9BA6B0B202E2B89178BE04841EA4938A9B02D43E082182913A3F27754A77ED0E262DBDCAF4F8152752F8CA6E1A1CCA61B5A93B84E4062AFB41
                                                                    Malicious:false
                                                                    Preview:X...Z...[...[...Z.......O...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...~.......~..8.4...4......./...5...).:...../...[...[...[...[...[...[...[...[...[...[...[.....2...7.....[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[.....>...:.[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...~........).=.....).,.[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...-...u...i...[...[...[...[...[...[...[...[...[...[...

                                                                    C:\Users\user\AppData\Local\Temp\Acupressure_20250109085441.cleanroom.log

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\VmjvNTbD5J.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):728
                                                                    Entropy (8bit):5.388810150273398
                                                                    Encrypted:false
                                                                    SSDEEP:12:S9XXKP7uXNULLWUz2m9XXK39XXKfSRcP2EmRKVv9XXKfSRcP2EWKN9XXKfSRcP2W:SxoYNwLLzPx6xhcP2qxhcP2SxhcP2Yw0
                                                                    MD5:B215A5BA1184FA4B8F7134C906F87777
                                                                    SHA1:D1B1C2FA8ABC6C052CF794A5E013C33C0A8816A1
                                                                    SHA-256:9E76440DD4A4386350DEDE956E17D8BA65DC1FD03463791A39AA159A2F36098E
                                                                    SHA-512:0CF84DCF272686E7888D70D2C59BB40DD680BADE741F311B6774C7B7EEC013C3C6B550E880BAA409A9C04A89BB7AFD6524A913127589D6901E4070D81062C362
                                                                    Malicious:false
                                                                    Preview:[1D4C:1D50][2025-01-09T08:54:41]i001: Burn x64 v4.0.0+8c757c0f67f26f21c6bcbbfb81b7ea8b91c35fe4, Windows v10.0 x64 (Build 19045: Service Pack 0), path: C:\Users\user\Desktop\VmjvNTbD5J.exe..[1D4C:1D50][2025-01-09T08:54:41]i009: Command Line: ''..[1D4C:1D50][2025-01-09T08:54:41]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\VmjvNTbD5J.exe'..[1D4C:1D50][2025-01-09T08:54:41]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[1D4C:1D50][2025-01-09T08:54:41]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\Acupressure_20250109085441.cleanroom.log'..[1D4C:1D50][2025-01-09T08:55:12]i017: Exit code: 0x0..

                                                                    C:\Users\user\AppData\Local\Temp\Acupressure_20250109085442.log

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):1118
                                                                    Entropy (8bit):5.46979933804025
                                                                    Encrypted:false
                                                                    SSDEEP:24:noYNwLLzOWK1PThcP2vhcP2nMcP2YwZe+qMcP25McP2EmMcP2M:n3NujK17AAAgDDwZefDWDnmDr
                                                                    MD5:C01DEC1718F2710221740362DD4E186A
                                                                    SHA1:6FE265EA1AA73E79384C0D58DF4A9455245222DB
                                                                    SHA-256:88B31F9A56212451912BC89BF5E2FE6068CF4008EDE28EEE6B0437A8019AFDE2
                                                                    SHA-512:43435DACD84D6603A11244F1AE9E712BB0260D4B3C11C9CA4BCDBA2AC3B2F785EB08A5BF4C7E4DD6500C6D5FC1C4A746089898C0C9F4B83A3C2655C85A5DC3BE
                                                                    Malicious:false
                                                                    Preview:[1D88:1D8C][2025-01-09T08:54:41]i001: Burn x64 v4.0.0+8c757c0f67f26f21c6bcbbfb81b7ea8b91c35fe4, Windows v10.0 x64 (Build 19045: Service Pack 0), path: C:\Windows\TEMP\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe..[1D88:1D8C][2025-01-09T08:54:41]i009: Command Line: '-burn.clean.room=C:\Users\user\Desktop\VmjvNTbD5J.exe -burn.filehandle.attached=568 -burn.filehandle.self=548'..[1D88:1D8C][2025-01-09T08:54:41]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\user\Desktop\VmjvNTbD5J.exe'..[1D88:1D8C][2025-01-09T08:54:41]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\user\Desktop\'..[1D88:1D8C][2025-01-09T08:54:42]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\user\AppData\Local\Temp\Acupressure_20250109085442.log'..[1D88:1D8C][2025-01-09T08:54:42]i000: Setting string variable 'WixBundleInProgressName' to value ''..[1D88:1D8C][2025-01-09T08:54:42]i000: Setting string variable 'WixBundleName' to value 'A

                                                                    C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):2364728
                                                                    Entropy (8bit):6.606009669324617
                                                                    Encrypted:false
                                                                    SSDEEP:49152:lbCT2kOGRpfJMi3kLRQrjYgeeZyTDwMHfDYZNBi:TkOKMiY0BZMHfDYZNBi
                                                                    MD5:967F4470627F823F4D7981E511C9824F
                                                                    SHA1:416501B096DF80DDC49F4144C3832CF2CADB9CB2
                                                                    SHA-256:B22BF1210B5FD173A210EBFA9092390AA0513C41E1914CBE161EB547F049EF91
                                                                    SHA-512:8883EAD428C9D4B415046DE9F8398AA1F65AE81FE7945A840C822620E18F6F9930CCE2E10ACFF3B5DA8B9C817ADE3DABC1DE576CBD255087267F77341900A41C
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Joe Sandbox View:
                                                                    • Filename: K3UtwU3CH9.msi, Detection: malicious, Browse
                                                                    • Filename: 24EPV9vjc5.exe, Detection: malicious, Browse
                                                                    • Filename: 1wrLmYiC62.exe, Detection: malicious, Browse
                                                                    • Filename: vV5EOx0ipU.exe, Detection: malicious, Browse
                                                                    • Filename: kXzODlqJak.exe, Detection: malicious, Browse
                                                                    • Filename: 8Rmoal0v85.exe, Detection: malicious, Browse
                                                                    • Filename: cLm7ThwEvh.msi, Detection: malicious, Browse
                                                                    • Filename: LVkAi4PBv6.exe, Detection: malicious, Browse
                                                                    • Filename: w3245.exe, Detection: malicious, Browse
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:<..To..To..To.:.o..To...o..To.:9o..To.:.o..To.:/o..To..Uoe.To...o|.To...o..To...o..To...o..ToRich..To................PE..d...^.?e..........#......H.....................@..............................%.....h.$.....................................................XW..,........q...p..$h....#.8)......................................(....................`...............................text...RG.......H.................. ..`.rdata..R/...`...0...L..............@..@.data................|..............@....pdata..$h...p...j..................@..@Shared...............p..............@....tls.................x..............@....rsrc....q.......r...z..............@..@................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\adece56a

                                                                    Download File
                                                                    Process:C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):5602086
                                                                    Entropy (8bit):7.734296298577451
                                                                    Encrypted:false
                                                                    SSDEEP:98304:j6eqhd9aZj3Yxzb9gOQXBFPVGjiaaE6Oj1OM8WBqft6oJjl/eb:jSsjseVPEWfOjT8WBWt6Xb
                                                                    MD5:E9E86508715BE7F15D408337CDB165BD
                                                                    SHA1:D0B65C1AC105FD8A559C37846FDC67DBB3A46D48
                                                                    SHA-256:471D2D6C46E8421E9B8B9DDFD6E566971992C34ECA2C168CBD69D96E5F36DABF
                                                                    SHA-512:3558646D8FDCFDDAC0EF3F08BFA4AA08F045A0982AD7B010543526FBAD48FF3A7EC85E943A808CBE0F7F2EF4ECDFF736F587FFA12481364535C5112116D89C41
                                                                    Malicious:false
                                                                    Preview:X...Z...[...[...Z.......O...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...~.......~..8.4...4......./...5...).:...../...[...[...[...[...[...[...[...[...[...[...[.....2...7.....[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[.....>...:.[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...~........).=.....).,.[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...[...-...u...i...[...[...[...[...[...[...[...[...[...[...

                                                                    C:\Users\user\AppData\Local\Temp\cjglcikhvjgpcl

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                    File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):2505728
                                                                    Entropy (8bit):6.683714555081184
                                                                    Encrypted:false
                                                                    SSDEEP:49152:QW0DiTqAgRUKAMG3qA+W65WZTN4hS2EDUrkaV4RQGSKqBfV7m3Y2hIm9RGSQX100:JipWZ2qRcBT
                                                                    MD5:B596AF2DE1506E0C2BD760A8E3D60479
                                                                    SHA1:0F241562F68D07CCC6600844272096806AB35CEE
                                                                    SHA-256:B7177B171BD935890D0493CEC143EE900D4AF3B8C57EAC0AA1E99C82ABFD966B
                                                                    SHA-512:8ADCABD698F9A6D5C03C7DC2FBB7788391CCD63F3B4A4254ED3F9857499BC8E741B5FBEA77B53106B8EA69F2506FD9892721CB80442FFEFA5351A0C323C0494C
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Q.@Q.................. .. &..x..W..........@.............................00.......&...`... .............................................../......./.8....`%.lu............0..............................W%.(...................x./..............................text..... ....... .................`..`.data......... ....... .............@....rdata........!.......!.............@..@.pdata..lu...`%..v...F%.............@..@.xdata..0W....%..X....%.............@..@.bss.....w...@&..........................idata......../.......&.............@....CRT....0...../.......&.............@....tls........../.......&.............@....rsrc...8...../.......&.............@..@.reloc........0...... &.............@..Bepj...... ....0......$&.............@...................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\gkjmkrwgm

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                    File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):2505728
                                                                    Entropy (8bit):6.683714555081184
                                                                    Encrypted:false
                                                                    SSDEEP:49152:QW0DiTqAgRUKAMG3qA+W65WZTN4hS2EDUrkaV4RQGSKqBfV7m3Y2hIm9RGSQX100:JipWZ2qRcBT
                                                                    MD5:B596AF2DE1506E0C2BD760A8E3D60479
                                                                    SHA1:0F241562F68D07CCC6600844272096806AB35CEE
                                                                    SHA-256:B7177B171BD935890D0493CEC143EE900D4AF3B8C57EAC0AA1E99C82ABFD966B
                                                                    SHA-512:8ADCABD698F9A6D5C03C7DC2FBB7788391CCD63F3B4A4254ED3F9857499BC8E741B5FBEA77B53106B8EA69F2506FD9892721CB80442FFEFA5351A0C323C0494C
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Q.@Q.................. .. &..x..W..........@.............................00.......&...`... .............................................../......./.8....`%.lu............0..............................W%.(...................x./..............................text..... ....... .................`..`.data......... ....... .............@....rdata........!.......!.............@..@.pdata..lu...`%..v...F%.............@..@.xdata..0W....%..X....%.............@..@.bss.....w...@&..........................idata......../.......&.............@....CRT....0...../.......&.............@....tls........../.......&.............@....rsrc...8...../.......&.............@..@.reloc........0...... &.............@..Bepj...... ....0......$&.............@...................................................................................................................................

                                                                    C:\Users\user\AppData\Local\Temp\ipeytalci

                                                                    Download File
                                                                    Process:C:\Windows\SysWOW64\cmd.exe
                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Jan 9 12:54:43 2025, mtime=Thu Jan 9 12:54:43 2025, atime=Sat Dec 28 18:23:52 2024, length=7579704, window=hide
                                                                    Category:dropped
                                                                    Size (bytes):935
                                                                    Entropy (8bit):5.03496881894121
                                                                    Encrypted:false
                                                                    SSDEEP:12:88BR5l1s4oIrStChPtedY//agwkLAyniWjAyxwNHU5JIuFMCXmV:88BRLXJiAZVvAyxwEbFRm
                                                                    MD5:C5440C4F84777A888527FA11150ED824
                                                                    SHA1:88FC34A6E2A3767BB3386B0FAF999A75A8F611FB
                                                                    SHA-256:893006B606E2D6C3817E81816680E36DC7CB50A2C077853B521752E637913528
                                                                    SHA-512:29C3368CF8F3405F7B4F3429B3AF564604CF86B3C0526625C4544BE4E68F34E50FAB9933F6B40764199C191FD374E7442F392D22736F29B4415B2ED21AAC3051
                                                                    Malicious:false
                                                                    Preview:L..................F.... ..._.&..b....d..b....0.^Y..8.s.......................:..DG..Yr?.D..U..k0.&...&.......bBDj....v...b..L.r..b......t...CFSF..1.....EWsG..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EWsG)Z.n..........................=...A.p.p.D.a.t.a...B.V.1.....)Z.n..Roaming.@......EWsG)Z.n............................N.R.o.a.m.i.n.g.....l.1.....)Z.n..CHROME~1..T......)Z.n)Z.n...........................x-.C.h.r.o.m.e.Q.u.i.c.k._.D.V.B.v.5.....h.2.8.s..Y.. .WEBCOP~1.EXE..L......)Z.n)Z.n..............................W.e.b.C.o.p.i.e.r...e.x.e.......l...............-.......k............_.s.....C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe..-.....\.....\.R.o.a.m.i.n.g.\.C.h.r.o.m.e.Q.u.i.c.k._.D.V.B.v.5.\.W.e.b.C.o.p.i.e.r...e.x.e.`.......X.......494126...........hT..CrF.f4... ...E._c...,...E...hT..CrF.f4... ...E._c...,...E..E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                    C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WCUtil.dll

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):184320
                                                                    Entropy (8bit):6.351681914669155
                                                                    Encrypted:false
                                                                    SSDEEP:3072:oO4+0LodFt+wsxMl1NqAc5iSttkClFelrl+AMVaKoXA1OaYe:oO4xMdFowsxizqyStZlFel5npA1OaF
                                                                    MD5:FA05AB4DD4914384F5FB35D33BC73A0F
                                                                    SHA1:0309F593ADCD0673919269D8DC40F95081D103D4
                                                                    SHA-256:3F8CE1047167F498734B88C959CF4FF89622C8229C89B6A3333D3BC3823F85B3
                                                                    SHA-512:CCCE1623AC2EA29E66778C2C1B76DB2320F488548F353B04F65E03BA5AEFC3BA150E61C729ED112747BA969BE6DDA601EA3292DDB43F378C7C708E3C45E0A5FD
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 43%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C.R.-.R.-.R.-.).!.T.-..#.K.-.'..-.'.Y.-.0.>.W.-.R.,.:.-.&.q.-.).S.-.RichR.-.........................PE..L.....GL...........!................ZR...............................................................................P.......F..<....................................................................................................................text............................... ..`.rdata...S.......`..................@..@.data...|J...p...0...p..............@....reloc...-.......0..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):7579704
                                                                    Entropy (8bit):6.84709467393535
                                                                    Encrypted:false
                                                                    SSDEEP:196608:ykxa78pklLylqrJ6CkamuqW5A1eMoxFLOyomFHKnPH:+gW5oSF+
                                                                    MD5:E2A27870BA4DA90DF6276C4DA9E3CF82
                                                                    SHA1:CD0A17F6DDC7B4994D98F26848C3A2D7DAE74E68
                                                                    SHA-256:9F1BB79EF7D76E5DDDC628D0455C1F6A6AA068CC210F1D238A231F77AC9CBBA2
                                                                    SHA-512:66C4D8D1C6CB45A6C10CBB16D4388858980E7BC4F57FB88DC2A3B7B8FC6DA82DBA3E9B1BFD33EA4C25A7AFD5612C2823915E5F0759728CCCFE81BD4F99AFC235
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......D...............e.."...e........-.....e....e......e..&.....i........"...............................................t......t.Q.......9.....t......Rich....................PE..L...O..^..................8...;.......,.......8...@.......................... t.......t.....................................l#F.......G.(F,...........s.8.............?.T.....................?.......>.@.............8.X.....F.@....................text.....8.......8................. ..`.rdata..p.....8.......8.............@..@.data....@....F......bF.............@....rsrc...(F,...G..H,..BG.............@..@........................................................................................................................................................................................................................................................................................

                                                                    C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\cathedra.wmv

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):4469405
                                                                    Entropy (8bit):7.95660152908976
                                                                    Encrypted:false
                                                                    SSDEEP:98304:IVvV7XPZLI6LoL6XWx44ibjVD4CBDLAJ32NSCU3pjug7iw:IVQ6kL6G23VD4CBDw3LCUZjuIiw
                                                                    MD5:772D57BC0AB0B82F3C35990EA58AABC2
                                                                    SHA1:DDA21EA8FF8468122E09271FB915F0BAB9ACF544
                                                                    SHA-256:60E662EF1ED6AC0FC757D9402AB859A7ED45F91A7183355B4464A60759A440C1
                                                                    SHA-512:5A50D936CB2CF9809F0F88A3A166EBA6C645B54B0C2A28BB1B64B1EA058EC30FA55FA7EE9D41B3832B23994A35C3C9F60DAC669AF1E898219C53DDC4C47E72CD
                                                                    Malicious:false
                                                                    Preview:.pM.e........Hl.......ic`D....s.V..F..pG....vQ......j..[e...Pa...L...H..rXnP.....Sm...ndn....j..nWTvu.f..k.Q..Gt.OK..QT.tIV.JN...j..nZ.SBq.\L.a..C..l..r....W.D.MG.p..`mjrxsXxoT.Fq.g.xp...]..fj..F.K...^.MGj.prl..P....d...H..\YtJ.c.......c.li..e....k...EGw...N...Fu...at].p.....xj.R.K.ENc.q^._.HPQY[D.a..L..Rq.DaW.W.o..wW.YV..BO..PI.._..fv....rV.E.w.H.cWSN.SL.Wm..a.Gw.i.B.v..p_p.hK..BPR..ff.xOE..D_..l.m..Gd.J...V..X....v_.Sy.aj`DY..._....b\Ic.Zm.aalks..ILvZ]...._Y.x..Ttn.Pd..nYDW.jp...nH_\`.id.roy......d...PRN^re..._...gWFq_..P....LKe.]C.e..bGpk.u..wH...s.ed^..]._b.\._Y...bcZKZ.E....R..Ql.HryH.W..M.Qa....PWS..LQNFBX.m..U..x.Cb.w.V...Y.s.`.N..UE.GHnj._OSi.Q.r]ummdc.`.S.j^.w..jC..W.......Ncc..lHU.......F.oQI.E.....h...[.NuC[G....._.ZxZ..D...C..d.Ybh.l].JL...VK..E...vy.cXOl.c...Pk..d.[..Dq....bw..BSR_c.Xw.m.H._X^.Y.b...Ba..Q..chjwNR`a..\S.....bj[MX[.x.A.......C.`b^_..XIo.\..oDl....hp_tqqV..C....w.ee...^nD.].Fn.W.d..R...PMWQi.ci..p..b..g..P.Y.g..w_cYy.F.c....xy...w.l..j.XI]....X.W.k...[HcMw...

                                                                    C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\necropsy.eml

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):43077
                                                                    Entropy (8bit):4.745006147010959
                                                                    Encrypted:false
                                                                    SSDEEP:768:AjAlxcFjdt7p5LtbCiDFf9Am4ysG4z+w5KKMX9PLDjn:Pxg7fLtbh8IcE9PLDjn
                                                                    MD5:33D9C73A5F1B9C5B16E9FF892F24A05A
                                                                    SHA1:7DC1DF26FF605549E50F2DBD8BB69C179E7A6B3C
                                                                    SHA-256:030D40902ED53B64F03B4FD91D1ED4B931140F155DFF02E058D93F019F43D2DB
                                                                    SHA-512:19F857CBF4010172EC5E83F0B0AFE50798CE61663ABE0CE19C8098F6B9CA930026FB3BC8161A812265A64F38CC2BB144CAEFD154701FFFB8F808BB4649F2B0FA
                                                                    Malicious:false
                                                                    Preview:D...V^..j..a.E..QE...qAa.UTBT.Ef.e....\.q.SlK..rZ[ywW^...]AI.G.`.JRoZaKQ.....n..LT.SNugG...\.I.na.AGaY.d.E.H.l.y.....j`..o.VqtY......n..Y.eQT..vY......m.E.Ax.q.._v..UuT..yVT.K...rf.hlO...q...t..nH...b.lZv..Qm.Hyj...L...[.[a.a.j.s.J.q.xo...t.....O.dNN....S.j.lwE..A..n[....y..V...U.J.H.HfP..W_B.o..jUwB.d......C].OO....tZ...fSaQi...Ensbi..XW.......M...I..\q.Z.........FY...GE.J[._kXGb[..f...ID.Ha..qc.G...i...D..].PHbH..K.V.DboPR.ny_kF.R\R.gl`.f.k.Wr.WR.WP..U.N.p..Ss.]D..s.k....ZA......i.Y.NKQk.Kc..L..Y.P.ej......].......Ht..nC..U.XN.m.I.....C...F.ZXSQ..D.bGB_.w.o.\BaKD.j...Vwy....`...p...]OV.Yt..HX.D`.vA..NM..F.D.U...X.p..KYku.\.K.sGbK...i.s...a...Yl.......C[...H.cr.H.Ygc..Zl.t..d_.y......SrMvC..XtW.hJ..jD....f...T......xRsT......g.n...X..C..Q.m.oqe.a..kZ.qDBAD...i.`C.o[.C..^e.V.NM..N.nvc.yb....Gq..._Y....g.ZN...q..jvY.ysV....Cf_B.....e.H.L.n[A.L.`.Lr.WBgaAW.\\H.Khy.VE.Ku..[...dCU...Z....TD...o..c.E..`.b..L.B..Xp....s..Y.U..ZpO..Bm.sVk.Vt.g...oM.SkuL.rX.l.LU....\..d....xR.yw..N.....F.td...

                                                                    C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\BootstrapperApplicationData.xml

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe
                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (578), with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):2654
                                                                    Entropy (8bit):3.743876977740129
                                                                    Encrypted:false
                                                                    SSDEEP:48:y+03N6hOfgFLvkwcne1+ercuCuqatMJD0wfycJeGgDrG9i1yr9Xi1s5rIl:72wcn6+ercuLqka0wfyci29Wyr9XWs5C
                                                                    MD5:B0938047D6FB88200838F89D36146D54
                                                                    SHA1:2D0ADCAE671D73DC03E23683BA070E62C8093511
                                                                    SHA-256:DECFE73B2CB6176156EA0C67F39DE7919E68EFE9B8AF00E658F32CDBBC11BA57
                                                                    SHA-512:0CFAEE19111763764585EC82EAA4C5722730F56B231FDE0F3467BDA1288DE13B607A9715E1A6EA9B3833CABFFAC98794BB0EB6126A3F1E524802D45882829DBD
                                                                    Malicious:false
                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.w.i.x.t.o.o.l.s.e.t...o.r.g./.s.c.h.e.m.a.s./.v.4./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".A.c.u.p.r.e.s.s.u.r.e.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".n.o.". .I.d.=.".{.8.2.E.A.A.5.A.E.-.9.3.D.4.-.4.0.C.8.-.9.E.8.5.-.B.6.3.9.0.9.B.1.3.F.1.2.}.". .U.p.g.r.a.d.e.C.o.d.e.=.".{.A.1.0.4.0.0.3.A.-.1.4.2.B.-.4.D.0.9.-.8.5.8.E.-.F.3.4.2.F.2.0.5.8.3.A.2.}.". .P.e.r.M.a.c.h.i.n.e.=.".y.e.s.". ./.>..... . .<.W.i.x.R.o.l.l.b.a.c.k.B.o.u.n.d.a.r.y. .I.d.=.".W.i.x.D.e.f.a.u.l.t.B.o.u.n.d.a.r.y.". .V.i.t.a.l.=.".y.e.s.". .T.r.a.n.s.a.c.t.i.o.n.=.".n.o.". ./.>..... . .<.W.i.x.P.a.c.k.a.g.e.P.r.o.p.e.r.t.i.e.s. .P.a.c.k.a.g.e.=.".U.r.o.s.c.o.p.y.". .V.i.t.a.l.=.".y.e.s.". .D.i.s.p.l.a.y.N.a.

                                                                    C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\BundleExtensionData.xml

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe
                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):252
                                                                    Entropy (8bit):3.50802487441866
                                                                    Encrypted:false
                                                                    SSDEEP:6:QFulcLk0YR5Ie8GcUlLulFwENeWlYmH1fMWGVUlLulFwEnk:QF/LXYRWe8OLqF3Ye1kWGaLqFhk
                                                                    MD5:A35990570AFAA7D023FD2EBBE229AFB8
                                                                    SHA1:86688B13D3364ADB90BBA552F544D4D546AFD63D
                                                                    SHA-256:9B696AD0EC3B37BAC11DA76BCD51AD907D31EE9638DAD7BB8FDD5AEF919EF621
                                                                    SHA-512:1845B25697FED6D694428F53B2D1B2ABF1ACF8A09E8E49A536759822AD5B1A75D51BC7AE4D73E435B7BBC23AC34C9AED76F17414D218B54DA546C908F9A5182C
                                                                    Malicious:false
                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.u.n.d.l.e.E.x.t.e.n.s.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.w.i.x.t.o.o.l.s.e.t...o.r.g./.s.c.h.e.m.a.s./.v.4./.B.u.n.d.l.e.E.x.t.e.n.s.i.o.n.D.a.t.a.". ./.>.

                                                                    C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\Pedlary.dll

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe
                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):39048
                                                                    Entropy (8bit):6.308071188599813
                                                                    Encrypted:false
                                                                    SSDEEP:768:6FtuUXVquBaZxkBfy4jwG9DQ6xnXmzxaRAzGIILnv:6qMckBfld9LnIxXzaLv
                                                                    MD5:4C87D6BAF09AC581EA54394E3F38B9E8
                                                                    SHA1:A24503B11068369A83D0E90CAC02B67B5C99958C
                                                                    SHA-256:2F49C1D5A31D345760EF393D6A2E7AF8987ED31FECE4ABB72B16ED22F3DFDA7F
                                                                    SHA-512:26143AB73DB50755CF62E15D229E8F257ECF54B9A6BF1F89F516A5995961DAA46045ACECEC7D521593198A365F9E21E34E41403FACC43DE7E533BFEC0CEA43A0
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........JY..+7..+7..+7..L..+7..S...+7..S...+7..S...+7..+6.d+7..S...+7..Z..+7..S...+7..S...+7...I..+7..S...+7..S...+7.Rich.+7.................PE..d..../*P.........." .....h...........O.........p..........................................@..........................................w..i....n.......................|..........j... ................................................................................text....g.......h.................. ..`.data...@............l..............@....pdata...............r..............@..@.rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................

                                                                    C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WCUtil.dll

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe
                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):184320
                                                                    Entropy (8bit):6.351681914669155
                                                                    Encrypted:false
                                                                    SSDEEP:3072:oO4+0LodFt+wsxMl1NqAc5iSttkClFelrl+AMVaKoXA1OaYe:oO4xMdFowsxizqyStZlFel5npA1OaF
                                                                    MD5:FA05AB4DD4914384F5FB35D33BC73A0F
                                                                    SHA1:0309F593ADCD0673919269D8DC40F95081D103D4
                                                                    SHA-256:3F8CE1047167F498734B88C959CF4FF89622C8229C89B6A3333D3BC3823F85B3
                                                                    SHA-512:CCCE1623AC2EA29E66778C2C1B76DB2320F488548F353B04F65E03BA5AEFC3BA150E61C729ED112747BA969BE6DDA601EA3292DDB43F378C7C708E3C45E0A5FD
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 43%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........C.R.-.R.-.R.-.).!.T.-..#.K.-.'..-.'.Y.-.0.>.W.-.R.,.:.-.&.q.-.).S.-.RichR.-.........................PE..L.....GL...........!................ZR...............................................................................P.......F..<....................................................................................................................text............................... ..`.rdata...S.......`..................@..@.data...|J...p...0...p..............@....reloc...-.......0..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                    C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):7579704
                                                                    Entropy (8bit):6.84709467393535
                                                                    Encrypted:false
                                                                    SSDEEP:196608:ykxa78pklLylqrJ6CkamuqW5A1eMoxFLOyomFHKnPH:+gW5oSF+
                                                                    MD5:E2A27870BA4DA90DF6276C4DA9E3CF82
                                                                    SHA1:CD0A17F6DDC7B4994D98F26848C3A2D7DAE74E68
                                                                    SHA-256:9F1BB79EF7D76E5DDDC628D0455C1F6A6AA068CC210F1D238A231F77AC9CBBA2
                                                                    SHA-512:66C4D8D1C6CB45A6C10CBB16D4388858980E7BC4F57FB88DC2A3B7B8FC6DA82DBA3E9B1BFD33EA4C25A7AFD5612C2823915E5F0759728CCCFE81BD4F99AFC235
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                    Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......D...............e.."...e........-.....e....e......e..&.....i........"...............................................t......t.Q.......9.....t......Rich....................PE..L...O..^..................8...;.......,.......8...@.......................... t.......t.....................................l#F.......G.(F,...........s.8.............?.T.....................?.......>.@.............8.X.....F.@....................text.....8.......8................. ..`.rdata..p.....8.......8.............@..@.data....@....F......bF.............@....rsrc...(F,...G..H,..BG.............@..@........................................................................................................................................................................................................................................................................................

                                                                    C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\cathedra.wmv

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):4469405
                                                                    Entropy (8bit):7.95660152908976
                                                                    Encrypted:false
                                                                    SSDEEP:98304:IVvV7XPZLI6LoL6XWx44ibjVD4CBDLAJ32NSCU3pjug7iw:IVQ6kL6G23VD4CBDw3LCUZjuIiw
                                                                    MD5:772D57BC0AB0B82F3C35990EA58AABC2
                                                                    SHA1:DDA21EA8FF8468122E09271FB915F0BAB9ACF544
                                                                    SHA-256:60E662EF1ED6AC0FC757D9402AB859A7ED45F91A7183355B4464A60759A440C1
                                                                    SHA-512:5A50D936CB2CF9809F0F88A3A166EBA6C645B54B0C2A28BB1B64B1EA058EC30FA55FA7EE9D41B3832B23994A35C3C9F60DAC669AF1E898219C53DDC4C47E72CD
                                                                    Malicious:false
                                                                    Preview:.pM.e........Hl.......ic`D....s.V..F..pG....vQ......j..[e...Pa...L...H..rXnP.....Sm...ndn....j..nWTvu.f..k.Q..Gt.OK..QT.tIV.JN...j..nZ.SBq.\L.a..C..l..r....W.D.MG.p..`mjrxsXxoT.Fq.g.xp...]..fj..F.K...^.MGj.prl..P....d...H..\YtJ.c.......c.li..e....k...EGw...N...Fu...at].p.....xj.R.K.ENc.q^._.HPQY[D.a..L..Rq.DaW.W.o..wW.YV..BO..PI.._..fv....rV.E.w.H.cWSN.SL.Wm..a.Gw.i.B.v..p_p.hK..BPR..ff.xOE..D_..l.m..Gd.J...V..X....v_.Sy.aj`DY..._....b\Ic.Zm.aalks..ILvZ]...._Y.x..Ttn.Pd..nYDW.jp...nH_\`.id.roy......d...PRN^re..._...gWFq_..P....LKe.]C.e..bGpk.u..wH...s.ed^..]._b.\._Y...bcZKZ.E....R..Ql.HryH.W..M.Qa....PWS..LQNFBX.m..U..x.Cb.w.V...Y.s.`.N..UE.GHnj._OSi.Q.r]ummdc.`.S.j^.w..jC..W.......Ncc..lHU.......F.oQI.E.....h...[.NuC[G....._.ZxZ..D...C..d.Ybh.l].JL...VK..E...vy.cXOl.c...Pk..d.[..Dq....bw..BSR_c.Xw.m.H._X^.Y.b...Ba..Q..chjwNR`a..\S.....bj[MX[.x.A.......C.`b^_..XIo.\..oDl....hp_tqqV..C....w.ee...^nD.].Fn.W.d..R...PMWQi.ci..p..b..g..P.Y.g..w_cYy.F.c....xy...w.l..j.XI]....X.W.k...[HcMw...

                                                                    C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\necropsy.eml

                                                                    Download File
                                                                    Process:C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):43077
                                                                    Entropy (8bit):4.745006147010959
                                                                    Encrypted:false
                                                                    SSDEEP:768:AjAlxcFjdt7p5LtbCiDFf9Am4ysG4z+w5KKMX9PLDjn:Pxg7fLtbh8IcE9PLDjn
                                                                    MD5:33D9C73A5F1B9C5B16E9FF892F24A05A
                                                                    SHA1:7DC1DF26FF605549E50F2DBD8BB69C179E7A6B3C
                                                                    SHA-256:030D40902ED53B64F03B4FD91D1ED4B931140F155DFF02E058D93F019F43D2DB
                                                                    SHA-512:19F857CBF4010172EC5E83F0B0AFE50798CE61663ABE0CE19C8098F6B9CA930026FB3BC8161A812265A64F38CC2BB144CAEFD154701FFFB8F808BB4649F2B0FA
                                                                    Malicious:false
                                                                    Preview:D...V^..j..a.E..QE...qAa.UTBT.Ef.e....\.q.SlK..rZ[ywW^...]AI.G.`.JRoZaKQ.....n..LT.SNugG...\.I.na.AGaY.d.E.H.l.y.....j`..o.VqtY......n..Y.eQT..vY......m.E.Ax.q.._v..UuT..yVT.K...rf.hlO...q...t..nH...b.lZv..Qm.Hyj...L...[.[a.a.j.s.J.q.xo...t.....O.dNN....S.j.lwE..A..n[....y..V...U.J.H.HfP..W_B.o..jUwB.d......C].OO....tZ...fSaQi...Ensbi..XW.......M...I..\q.Z.........FY...GE.J[._kXGb[..f...ID.Ha..qc.G...i...D..].PHbH..K.V.DboPR.ny_kF.R\R.gl`.f.k.Wr.WR.WP..U.N.p..Ss.]D..s.k....ZA......i.Y.NKQk.Kc..L..Y.P.ej......].......Ht..nC..U.XN.m.I.....C...F.ZXSQ..D.bGB_.w.o.\BaKD.j...Vwy....`...p...]OV.Yt..HX.D`.vA..NM..F.D.U...X.p..KYku.\.K.sGbK...i.s...a...Yl.......C[...H.cr.H.Ygc..Zl.t..d_.y......SrMvC..XtW.hJ..jD....f...T......xRsT......g.n...X..C..Q.m.oqe.a..kZ.qDBAD...i.`C.o[.C..^e.V.NM..N.nvc.yb....Gq..._Y....g.ZN...q..jvY.ysV....Cf_B.....e.H.L.n[A.L.`.Lr.WBgaAW.\\H.Khy.VE.Ku..[...dCU...Z....TD...o..c.E..`.b..L.B..Xp....s..Y.U..ZpO..Bm.sVk.Vt.g...oM.SkuL.rX.l.LU....\..d....xR.yw..N.....F.td...

                                                                    C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe

                                                                    Download File
                                                                    Process:C:\Users\user\Desktop\VmjvNTbD5J.exe
                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                    Category:dropped
                                                                    Size (bytes):7814631
                                                                    Entropy (8bit):7.965065406976698
                                                                    Encrypted:false
                                                                    SSDEEP:196608:f/udXsI8lAWZkhDIIUctmEFpnr8Kxdw3+Q:fKX1+A2khsctmEFJrbjQ
                                                                    MD5:B153C388223577EA044ACA3908BE2935
                                                                    SHA1:B7DCD73611D5C85871E6191E32A90E465654D1A2
                                                                    SHA-256:12880838FDFB4C1AF193AC963CE4B6019051545B201F303884BF1711172E275B
                                                                    SHA-512:F53D25B761B7EB7B73B0F0E39F36FAA042DBFDEB0FAAA65E2E17C473B7B1B4E486619735E0193904A1255C4E7C7F5892BDC0D8D934F55D07B8E6A45BCFF8E253
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: ReversingLabs, Detection: 58%
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.>..eP..eP..eP.].S..eP.].U.eP.Y.T..eP.Y.S..eP.Y.U.;eP..U.BeP.].T..eP.].V..eP.].Q..eP..eQ.sdP...U..eP......eP..e...eP...R..eP.Rich.eP.........PE..d....p-d.........."....".............=.........@..........................................`.................................................P6..........(P......HE...........p......p...T.......................(...p...@...............(....0.. ....................text............................... ..`.rdata...b.......d..................@..@.data...."...`.......F..............@....pdata..HE.......F...R..............@..@.didat..............................@....wixburn0...........................@..@_RDATA..\...........................@..@.rsrc...(P.......R..................@..@.reloc.......p......................@..B........................................................................................................

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32+ executable (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                    Entropy (8bit):7.9655777882955725
                                                                    TrID:
                                                                    • Win64 Executable (generic) (12005/4) 74.95%
                                                                    • Generic Win/DOS Executable (2004/3) 12.51%
                                                                    • DOS Executable Generic (2002/1) 12.50%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                                                                    File name:VmjvNTbD5J.exe
                                                                    File size:7'884'295 bytes
                                                                    MD5:ab660c89d26121d4041874614646fd75
                                                                    SHA1:586cb1d772f7f559786f4f5b2420e5ba5806815b
                                                                    SHA256:8ed2ebe94abc2758e4db53c476f8b7a69b5436fe176cba112802990547c5bb24
                                                                    SHA512:bb5a761372d9a7301d8f37545e092d0ee8843472e77ec919adb9084ec2b1142e9faaa2dfa7f563ffa568df4b463dcc1c444f50b1b8413c40a3214474aeebd38b
                                                                    SSDEEP:196608:f/udXsI8lAWZkhDIIUctmEFpnr8Kxdw3+3:fKX1+A2khsctmEFJrbj3
                                                                    TLSH:5A8622763BF424FAC4BA4376C6808272FE75B14D3321647D8AA4962C1F7B96965BF300
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.>..eP..eP..eP.].S..eP.].U..eP.Y.T..eP.Y.S..eP.Y.U.;eP...U.BeP.].T..eP.].V..eP.].Q..eP..eQ.sdP...U..eP......eP..e...eP...R..eP

                                                                    File Icon

                                                                    Icon Hash:2d2e3797b32b2b99

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x140053dd0
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x140000000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP
                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x642D70FD [Wed Apr 5 13:00:45 2023 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:6
                                                                    OS Version Minor:0
                                                                    File Version Major:6
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:6
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:07c4dc6e132c507bcef10998173e3c81

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    dec eax
                                                                    sub esp, 28h
                                                                    call 00007FBE649254C4h
                                                                    dec eax
                                                                    add esp, 28h
                                                                    jmp 00007FBE64924F5Fh
                                                                    int3
                                                                    int3
                                                                    inc eax
                                                                    push ebx
                                                                    dec eax
                                                                    sub esp, 20h
                                                                    dec eax
                                                                    mov ebx, ecx
                                                                    xor ecx, ecx
                                                                    call dword ptr [0002B4D3h]
                                                                    dec eax
                                                                    mov ecx, ebx
                                                                    call dword ptr [0002B4C2h]
                                                                    call dword ptr [0002B63Ch]
                                                                    dec eax
                                                                    mov ecx, eax
                                                                    mov edx, C0000409h
                                                                    dec eax
                                                                    add esp, 20h
                                                                    pop ebx
                                                                    dec eax
                                                                    jmp dword ptr [0002B4B8h]
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    dec eax
                                                                    mov dword ptr [esp+08h], ecx
                                                                    dec eax
                                                                    sub esp, 38h
                                                                    mov ecx, 00000017h
                                                                    call dword ptr [0002B4A4h]
                                                                    test eax, eax
                                                                    je 00007FBE649250E9h
                                                                    mov ecx, 00000002h
                                                                    int 29h
                                                                    dec eax
                                                                    lea ecx, dword ptr [00062E4Ah]
                                                                    call 00007FBE6492518Eh
                                                                    dec eax
                                                                    mov eax, dword ptr [esp+38h]
                                                                    dec eax
                                                                    mov dword ptr [00062F31h], eax
                                                                    dec eax
                                                                    lea eax, dword ptr [esp+38h]
                                                                    dec eax
                                                                    add eax, 08h
                                                                    dec eax
                                                                    mov dword ptr [00062EC1h], eax
                                                                    dec eax
                                                                    mov eax, dword ptr [00062F1Ah]
                                                                    dec eax
                                                                    mov dword ptr [00062D8Bh], eax
                                                                    dec eax
                                                                    mov eax, dword ptr [esp+40h]
                                                                    dec eax
                                                                    mov dword ptr [00062E8Fh], eax
                                                                    mov dword ptr [00062D65h], C0000409h
                                                                    mov dword ptr [00062D5Fh], 00000001h
                                                                    mov dword ptr [00000069h], 00000000h

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xb36500xb4.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc10000x5028.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0xb90000x4548.pdata
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xc70000x788.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xaf2700x54.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xaf3000x28.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xaee700x140.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x7f0000x828.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xb300c0x120.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x7dce00x7de00c704ae162ee75093c868d807de4e6109False0.513908499875869data6.395321923761475IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x7f0000x362060x36400fe6ad98a384b001707cdb378131283ecFalse0.28707337269585254data5.143926566262762IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0xb60000x22d00xc00ba85cbd0519f80f728e08c1ca076f497False0.16731770833333334Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, sparse, rows 0, columns 1074173776, imaginary2.2806420603419033IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .pdata0xb90000x45480x460014f42c90baded23f8dc00df73002a78cFalse0.5132254464285714data5.796600156579775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .didat0xbe0000x1980x2009761ef77b7321d60f960bfa859df4c2dFalse0.294921875data2.6061387799503875IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .wixburn0xbf0000x300x2001a42e805dfc6a3511ca96d60ce037ed0False0.107421875data0.5813091016060967IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    _RDATA0xc00000x15c0x200558d283cbc1650a14570174bb1d3febbFalse0.3984375data3.2625786276652566IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .rsrc0xc10000x50280x5200107ba3edad4d7cdfa9546aced0f1dce3False0.3156916920731707data5.461268105293538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0xc70000x7880x8003fa0b1735b1c909bebcb305a665399aaFalse0.54541015625data5.264719402838329IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0xc11c00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.43185920577617326
                                                                    RT_RCDATA0xc1a680x8dataEnglishUnited States1.75
                                                                    RT_MESSAGETABLE0xc1a700x3d74dataEnglishUnited States0.282418001525553
                                                                    RT_GROUP_ICON0xc57e40x14dataEnglishUnited States1.15
                                                                    RT_VERSION0xc57f80x2d0dataEnglishUnited States0.4736111111111111
                                                                    RT_MANIFEST0xc5ac80x560XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1373), with no line terminatorsEnglishUnited States0.4563953488372093

                                                                    Imports

                                                                    DLLImport
                                                                    KERNEL32.dllGetUserDefaultUILanguage, GetUserDefaultLangID, GetSystemDefaultLangID, GetStringTypeW, ReadFile, SetFilePointerEx, CreateProcessW, DuplicateHandle, FreeLibrary, ProcessIdToSessionId, ConnectNamedPipe, SetNamedPipeHandleState, CreateNamedPipeW, OpenProcess, GetProcessId, SetProcessShutdownParameters, LocalFileTimeToFileTime, SetEndOfFile, SetFileTime, GetExitCodeThread, DosDateTimeToFileTime, CompareStringA, SetThreadExecutionState, ReleaseSemaphore, CreateMutexW, GetExitCodeProcess, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwindEx, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetStdHandle, ExitProcess, VerifyVersionInfoW, GetFileType, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetFileSizeEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, WriteConsoleW, GetComputerNameW, GetSystemTime, VerSetConditionMask, CompareStringW, GetNativeSystemInfo, CreateThread, GetCurrentProcess, CreateSemaphoreW, CreateEventW, ReleaseMutex, ResetEvent, SetEvent, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, MoveFileExW, SetFileAttributesW, RemoveDirectoryW, GetFileAttributesW, FindNextFileW, FindFirstFileW, FindClose, DeleteFileW, GetCurrentDirectoryW, ExpandEnvironmentStringsW, GetProcessHeap, HeapSize, HeapFree, GetDateFormatW, HeapReAlloc, HeapAlloc, GetModuleFileNameW, GetSystemWow64DirectoryW, GetSystemDirectoryW, GetLocalTime, Sleep, SetLastError, GetTempPathW, GetVolumePathNameW, GetTempFileNameW, GetFullPathNameW, CreateDirectoryW, LCMapStringW, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, FormatMessageW, LocalFree, LoadLibraryExW, GetProcAddress, GetModuleHandleW, WaitForMultipleObjects, WaitForSingleObject, HeapSetInformation, GetLastError, lstrlenA, GetCurrentProcessId, GetModuleHandleA, MulDiv, CompareStringOrdinal, GetSystemWindowsDirectoryW, GlobalAlloc, GlobalFree, CopyFileW, LoadResource, LockResource, SizeofResource, FindResourceExA, VirtualAlloc, VirtualFree, SystemTimeToTzSpecificLocalTime, SystemTimeToFileTime, GetTimeZoneInformation, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, WriteFile, SetFilePointer, CreateFileA, CloseHandle, GetModuleHandleExW, CreateFileW
                                                                    USER32.dllGetDC, ReleaseDC, MonitorFromPoint, ShowWindow, IsDialogMessageW, LoadBitmapW, SetWindowLongPtrW, GetWindowLongPtrW, GetCursorPos, MessageBoxW, SetWindowPos, CreateWindowExW, UnregisterClassW, RegisterClassW, PostQuitMessage, DefWindowProcW, DispatchMessageW, TranslateMessage, GetMessageW, WaitForInputIdle, IsWindow, PostMessageW, GetMonitorInfoW, LoadCursorW, MonitorFromWindow
                                                                    GDI32.dllDeleteObject, SelectObject, StretchBlt, GetObjectW, DeleteDC, CreateDCW, CreateCompatibleDC, GetDeviceCaps
                                                                    ADVAPI32.dllGetUserNameW, CryptAcquireContextW, QueryServiceConfigW, CryptReleaseContext, CryptGetHashParam, CryptCreateHash, CryptHashData, CryptDestroyHash, OpenProcessToken, AllocateAndInitializeSid, CheckTokenMembership, GetTokenInformation, AdjustTokenPrivileges, IsWellKnownSid, LookupPrivilegeValueW, RegCreateKeyExW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, ControlService, CloseServiceHandle, ChangeServiceConfigW, SetEntriesInAclW, DecryptFileW, InitializeAcl, CreateWellKnownSid, ConvertStringSecurityDescriptorToSecurityDescriptorW, ReportEventW, OpenEventLogW, CloseEventLog, RegQueryInfoKeyW, RegDeleteValueW, RegQueryValueExW, InitiateSystemShutdownExW, RegOpenKeyExW, RegCloseKey, SetNamedSecurityInfoW, RegDeleteKeyW, RegEnumKeyExW, RegEnumValueW, RegSetValueExW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetEntriesInAclA
                                                                    ole32.dllCoInitializeEx, CoInitialize, CoInitializeSecurity, CoUninitialize, CLSIDFromProgID, CoTaskMemFree, StringFromGUID2, CoCreateInstance
                                                                    OLEAUT32.dllVariantClear, SysFreeString, VariantInit, SysAllocString
                                                                    RPCRT4.dllUuidCreate
                                                                    SHELL32.dllCommandLineToArgvW, ShellExecuteExW, SHGetFolderPathW

                                                                    Possible Origin

                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishUnited States

                                                                    Network Behavior

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jan 9, 2025 14:54:58.575220108 CET5115653192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:54:58.580023050 CET53511561.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:54:58.580106020 CET5115653192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:54:58.584884882 CET53511561.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:54:59.025386095 CET5115653192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:54:59.030424118 CET53511561.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:54:59.030508041 CET5115653192.168.2.91.1.1.1

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jan 9, 2025 14:54:58.574665070 CET53518771.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:55:53.354652882 CET6174453192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:55:53.363348007 CET53617441.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:56:01.330148935 CET6182353192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:56:01.339886904 CET53618231.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:56:09.327610970 CET5093753192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:56:09.336709976 CET53509371.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:56:17.332643986 CET5821653192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:56:17.340328932 CET53582161.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:56:23.884907007 CET6019053192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:56:23.893760920 CET53601901.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:56:31.922091007 CET5231453192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:56:31.932085991 CET53523141.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:56:39.925748110 CET6195953192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:56:39.935288906 CET53619591.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:56:47.933773041 CET5577353192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:56:47.943280935 CET53557731.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:56:55.945168972 CET6372753192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:56:55.955013037 CET53637271.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:57:03.964315891 CET6393853192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:57:03.972959995 CET53639381.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:57:11.963438988 CET6365053192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:57:11.973146915 CET53636501.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:57:19.967819929 CET5105953192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:57:19.974916935 CET53510591.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:57:27.981184006 CET6126353192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:57:27.988590002 CET53612631.1.1.1192.168.2.9
                                                                    Jan 9, 2025 14:57:36.002482891 CET6345953192.168.2.91.1.1.1
                                                                    Jan 9, 2025 14:57:36.011080980 CET53634591.1.1.1192.168.2.9

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Jan 9, 2025 14:55:53.354652882 CET192.168.2.91.1.1.10xd880Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:01.330148935 CET192.168.2.91.1.1.10x8e81Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:09.327610970 CET192.168.2.91.1.1.10x8e90Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:17.332643986 CET192.168.2.91.1.1.10xf809Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:23.884907007 CET192.168.2.91.1.1.10xc159Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:31.922091007 CET192.168.2.91.1.1.10x8cf3Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:39.925748110 CET192.168.2.91.1.1.10x8ff1Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:47.933773041 CET192.168.2.91.1.1.10xa850Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:55.945168972 CET192.168.2.91.1.1.10xea6eStandard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:03.964315891 CET192.168.2.91.1.1.10xc4aaStandard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:11.963438988 CET192.168.2.91.1.1.10x64ecStandard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:19.967819929 CET192.168.2.91.1.1.10x9072Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:27.981184006 CET192.168.2.91.1.1.10xfa3Standard query (0)plerukilo0.siteA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:36.002482891 CET192.168.2.91.1.1.10x26eStandard query (0)plerukilo0.siteA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Jan 9, 2025 14:54:35.019133091 CET1.1.1.1192.168.2.90x5078No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                    Jan 9, 2025 14:54:35.019133091 CET1.1.1.1192.168.2.90x5078No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:55:53.363348007 CET1.1.1.1192.168.2.90xd880Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:01.339886904 CET1.1.1.1192.168.2.90x8e81Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:09.336709976 CET1.1.1.1192.168.2.90x8e90Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:17.340328932 CET1.1.1.1192.168.2.90xf809Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:23.893760920 CET1.1.1.1192.168.2.90xc159Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:31.932085991 CET1.1.1.1192.168.2.90x8cf3Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:39.935288906 CET1.1.1.1192.168.2.90x8ff1Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:47.943280935 CET1.1.1.1192.168.2.90xa850Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:56:55.955013037 CET1.1.1.1192.168.2.90xea6eName error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:03.972959995 CET1.1.1.1192.168.2.90xc4aaName error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:11.973146915 CET1.1.1.1192.168.2.90x64ecName error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:19.974916935 CET1.1.1.1192.168.2.90x9072Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:27.988590002 CET1.1.1.1192.168.2.90xfa3Name error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false
                                                                    Jan 9, 2025 14:57:36.011080980 CET1.1.1.1192.168.2.90x26eName error (3)plerukilo0.sitenonenoneA (IP address)IN (0x0001)false

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:08:54:41
                                                                    Start date:09/01/2025
                                                                    Path:C:\Users\user\Desktop\VmjvNTbD5J.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Users\user\Desktop\VmjvNTbD5J.exe"
                                                                    Imagebase:0x7ff7d0db0000
                                                                    File size:7'884'295 bytes
                                                                    MD5 hash:AB660C89D26121D4041874614646FD75
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:2
                                                                    Start time:08:54:41
                                                                    Start date:09/01/2025
                                                                    Path:C:\Windows\Temp\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\TEMP\{ACD538AD-7037-4503-851A-EA01AFE8B877}\.cr\VmjvNTbD5J.exe" -burn.clean.room="C:\Users\user\Desktop\VmjvNTbD5J.exe" -burn.filehandle.attached=568 -burn.filehandle.self=548
                                                                    Imagebase:0x7ff6b4d40000
                                                                    File size:7'814'631 bytes
                                                                    MD5 hash:B153C388223577EA044ACA3908BE2935
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 58%, ReversingLabs
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:3
                                                                    Start time:08:54:42
                                                                    Start date:09/01/2025
                                                                    Path:C:\Windows\Temp\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\TEMP\{52BA3BE0-94C0-4BC1-B50D-900735DDC101}\.ba\WebCopier.exe
                                                                    Imagebase:0x400000
                                                                    File size:7'579'704 bytes
                                                                    MD5 hash:E2A27870BA4DA90DF6276C4DA9E3CF82
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 0%, ReversingLabs
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:4
                                                                    Start time:08:54:43
                                                                    Start date:09/01/2025
                                                                    Path:C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe
                                                                    Imagebase:0x400000
                                                                    File size:7'579'704 bytes
                                                                    MD5 hash:E2A27870BA4DA90DF6276C4DA9E3CF82
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 0%, ReversingLabs
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:5
                                                                    Start time:08:54:44
                                                                    Start date:09/01/2025
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                    Imagebase:0xc50000
                                                                    File size:236'544 bytes
                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:6
                                                                    Start time:08:54:44
                                                                    Start date:09/01/2025
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff70f010000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:9
                                                                    Start time:08:55:10
                                                                    Start date:09/01/2025
                                                                    Path:C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe
                                                                    Imagebase:0x140000000
                                                                    File size:2'364'728 bytes
                                                                    MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Antivirus matches:
                                                                    • Detection: 0%, ReversingLabs
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:10
                                                                    Start time:08:55:20
                                                                    Start date:09/01/2025
                                                                    Path:C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\AppData\Roaming\ChromeQuick_DVBv5\WebCopier.exe"
                                                                    Imagebase:0x400000
                                                                    File size:7'579'704 bytes
                                                                    MD5 hash:E2A27870BA4DA90DF6276C4DA9E3CF82
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:moderate
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:11
                                                                    Start time:08:55:21
                                                                    Start date:09/01/2025
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                    Imagebase:0xc50000
                                                                    File size:236'544 bytes
                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:12
                                                                    Start time:08:55:21
                                                                    Start date:09/01/2025
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff70f010000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:true

                                                                    General

                                                                    Target ID:17
                                                                    Start time:08:55:40
                                                                    Start date:09/01/2025
                                                                    Path:C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\EKU_Make_debug_v4.exe
                                                                    Imagebase:0x140000000
                                                                    File size:2'364'728 bytes
                                                                    MD5 hash:967F4470627F823F4D7981E511C9824F
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Has exited:false

                                                                    Disassembly

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:5.3%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:26.9%
                                                                      Total number of Nodes:1450
                                                                      Total number of Limit Nodes:45
                                                                      execution_graph 43412 7ff7d0e05600 10 API calls 2 library calls 43413 7ff7d0de8e00 96 API calls _cwprintf_s_l 43414 7ff7d0e0dc10 17 API calls 2 library calls 43415 7ff7d0e0fc10 7 API calls 43417 7ff7d0e073fa 57 API calls 2 library calls 43469 7ff7d0e0e914 54 API calls 4 library calls 43419 7ff7d0dbaa10 15 API calls 3 library calls 43470 7ff7d0db7d10 78 API calls _cwprintf_s_l 43318 7ff7d0de6610 43319 7ff7d0de663c 43318->43319 43320 7ff7d0de6671 43319->43320 43321 7ff7d0de666b CloseHandle 43319->43321 43321->43320 43420 7ff7d0de6c10 49 API calls 4 library calls 43471 7ff7d0de5910 11 API calls 2 library calls 43472 7ff7d0de7d10 108 API calls 43422 7ff7d0e10e00 GetProcessHeap 43474 7ff7d0dbb6e0 11 API calls _cwprintf_s_l 43475 7ff7d0dbb8e0 77 API calls 3 library calls 43423 7ff7d0db7fe0 77 API calls 41674 7ff7d0de68e0 41675 7ff7d0de6929 41674->41675 41676 7ff7d0de694c SetFilePointerEx 41675->41676 41677 7ff7d0de69c9 ReadFile 41675->41677 41678 7ff7d0de6992 _cwprintf_s_l 41676->41678 41679 7ff7d0de6960 GetLastError 41676->41679 41680 7ff7d0de69e6 GetLastError 41677->41680 41681 7ff7d0de6a16 _cwprintf_s_l 41677->41681 41678->41677 41679->41678 41680->41681 43476 7ff7d0e044e0 56 API calls 43477 7ff7d0dbb4f0 13 API calls _cwprintf_s_l 43478 7ff7d0dbaaf0 77 API calls _cwprintf_s_l 43322 7ff7d0de66f0 CompareStringA 43323 7ff7d0de6753 GetCurrentProcess GetCurrentProcess DuplicateHandle 43322->43323 43324 7ff7d0de6819 CreateFileA 43322->43324 43326 7ff7d0de67ef 43323->43326 43327 7ff7d0de678c GetLastError 43323->43327 43325 7ff7d0de684d GetLastError 43324->43325 43330 7ff7d0de67c0 _cwprintf_s_l 43324->43330 43328 7ff7d0de687f _cwprintf_s_l 43325->43328 43331 7ff7d0de64c4 6 API calls _cwprintf_s_l 43326->43331 43327->43330 43328->43330 43331->43330 43481 7ff7d0e0e6e0 12 API calls 43427 7ff7d0e06fc4 61 API calls 5 library calls 41682 7ff7d0de72c0 CoInitializeEx 41683 7ff7d0de72fc _cwprintf_s_l 41682->41683 41684 7ff7d0de732c 41682->41684 41700 7ff7d0e03b50 41683->41700 41687 7ff7d0de754c SetEvent 41684->41687 41695 7ff7d0de73a4 _cwprintf_s_l 41684->41695 41688 7ff7d0de75bf 41687->41688 41689 7ff7d0de755a GetLastError 41687->41689 41696 7ff7d0db18f4 WaitForSingleObject 41688->41696 41689->41695 41691 7ff7d0de7674 CoUninitialize 41691->41683 41692 7ff7d0de75cb 41693 7ff7d0de75df ResetEvent 41692->41693 41692->41695 41694 7ff7d0de75ed GetLastError 41693->41694 41693->41695 41694->41695 41695->41691 41697 7ff7d0db1913 41696->41697 41698 7ff7d0db1909 _cwprintf_s_l 41696->41698 41697->41698 41699 7ff7d0db1945 GetLastError 41697->41699 41698->41692 41699->41698 41701 7ff7d0e03b59 41700->41701 41702 7ff7d0de7689 41701->41702 41703 7ff7d0e03e20 IsProcessorFeaturePresent 41701->41703 41704 7ff7d0e03e38 41703->41704 41709 7ff7d0e03ef4 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 41704->41709 41706 7ff7d0e03e4b 41710 7ff7d0e03de4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 41706->41710 41709->41706 43429 7ff7d0de17c0 362 API calls _cwprintf_s_l 43431 7ff7d0de89c0 CompareStringW CompareStringOrdinal GetLastError 43432 7ff7d0e0f9d0 GetCommandLineA GetCommandLineW 43433 7ff7d0e2ebcf LeaveCriticalSection Concurrency::details::SchedulerProxy::DeleteThis 43435 7ff7d0dbb3d0 17 API calls _cwprintf_s_l 43436 7ff7d0dba7d0 6 API calls _cwprintf_s_l 43437 7ff7d0e03dd0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter __security_init_cookie 43440 7ff7d0e057c8 47 API calls 43441 7ff7d0dbb5a0 GetNativeSystemInfo _cwprintf_s_l __scrt_get_show_window_mode 43442 7ff7d0dbaba0 18 API calls 2 library calls 41712 7ff7d0e2d8b1 41713 7ff7d0e2d7d0 41712->41713 41716 7ff7d0e2e140 41713->41716 41742 7ff7d0e2dd94 41716->41742 41719 7ff7d0e2e1cb 41720 7ff7d0e2e0a4 DloadReleaseSectionWriteAccess 6 API calls 41719->41720 41721 7ff7d0e2e1d8 RaiseException 41720->41721 41722 7ff7d0e2d80f 41721->41722 41723 7ff7d0e2e2fd 41725 7ff7d0e2e3c5 41723->41725 41732 7ff7d0e2e35b GetProcAddress 41723->41732 41724 7ff7d0e2e27d LoadLibraryExA 41726 7ff7d0e2e2e9 41724->41726 41727 7ff7d0e2e294 GetLastError 41724->41727 41750 7ff7d0e2e0a4 41725->41750 41726->41723 41730 7ff7d0e2e2f4 FreeLibrary 41726->41730 41728 7ff7d0e2e2a9 41727->41728 41729 7ff7d0e2e2be 41727->41729 41728->41726 41728->41729 41734 7ff7d0e2e0a4 DloadReleaseSectionWriteAccess 6 API calls 41729->41734 41730->41723 41731 7ff7d0e2e1f4 41731->41723 41731->41724 41731->41725 41731->41726 41732->41725 41735 7ff7d0e2e370 GetLastError 41732->41735 41736 7ff7d0e2e2cb RaiseException 41734->41736 41737 7ff7d0e2e385 41735->41737 41736->41722 41737->41725 41738 7ff7d0e2e0a4 DloadReleaseSectionWriteAccess 6 API calls 41737->41738 41739 7ff7d0e2e3a7 RaiseException 41738->41739 41740 7ff7d0e2dd94 DloadAcquireSectionWriteAccess 6 API calls 41739->41740 41741 7ff7d0e2e3c1 41740->41741 41741->41725 41743 7ff7d0e2ddaa 41742->41743 41749 7ff7d0e2de0f 41742->41749 41758 7ff7d0e2de40 41743->41758 41746 7ff7d0e2de0a 41748 7ff7d0e2de40 DloadReleaseSectionWriteAccess 3 API calls 41746->41748 41748->41749 41749->41719 41749->41731 41751 7ff7d0e2e10d 41750->41751 41752 7ff7d0e2e0b4 41750->41752 41751->41722 41753 7ff7d0e2de40 DloadReleaseSectionWriteAccess 3 API calls 41752->41753 41754 7ff7d0e2e0b9 41753->41754 41755 7ff7d0e2e108 41754->41755 41757 7ff7d0e2e014 DloadProtectSection 3 API calls 41754->41757 41756 7ff7d0e2de40 DloadReleaseSectionWriteAccess 3 API calls 41755->41756 41756->41751 41757->41755 41759 7ff7d0e2de5b 41758->41759 41760 7ff7d0e2ddaf 41758->41760 41759->41760 41761 7ff7d0e2de60 GetModuleHandleW 41759->41761 41760->41746 41765 7ff7d0e2e014 41760->41765 41762 7ff7d0e2de7a GetProcAddress 41761->41762 41763 7ff7d0e2de75 41761->41763 41762->41763 41764 7ff7d0e2de8f GetProcAddress 41762->41764 41763->41760 41764->41763 41766 7ff7d0e2e036 DloadProtectSection 41765->41766 41767 7ff7d0e2e076 VirtualProtect 41766->41767 41768 7ff7d0e2e03e 41766->41768 41770 7ff7d0e2dee0 VirtualQuery GetSystemInfo 41766->41770 41767->41768 41768->41746 41770->41767 41771 7ff7d0e2dab1 41772 7ff7d0e2dabd 41771->41772 41773 7ff7d0e2e140 14 API calls 41772->41773 41774 7ff7d0e2dafc 41773->41774 43443 7ff7d0dd7fb0 319 API calls _cwprintf_s_l 43491 7ff7d0e0e6a0 57 API calls Concurrency::details::SchedulerProxy::DeleteThis 43444 7ff7d0dbb780 67 API calls 2 library calls 43445 7ff7d0e03d84 GetModuleHandleW __FrameHandler3::FrameUnwindToEmptyState 43493 7ff7d0dbba80 83 API calls _cwprintf_s_l 43446 7ff7d0ddd380 66 API calls _cwprintf_s_l 43494 7ff7d0dfb480 91 API calls _cwprintf_s_l 43447 7ff7d0de8180 132 API calls 43495 7ff7d0e13a90 67 API calls 43497 7ff7d0dba890 17 API calls _cwprintf_s_l 43332 7ff7d0de6690 43333 7ff7d0de66ba 43332->43333 43334 7ff7d0de66d6 43332->43334 43335 7ff7d0de66bf 43333->43335 43336 7ff7d0de66ce 43333->43336 43335->43334 43337 7ff7d0de66c4 43335->43337 43341 7ff7d0de6e7c SetEvent 43336->43341 43372 7ff7d0de6d80 DosDateTimeToFileTime LocalFileTimeToFileTime SetFileTime CloseHandle _cwprintf_s_l 43337->43372 43340 7ff7d0de66cc 43340->43334 43342 7ff7d0de6ef2 43341->43342 43343 7ff7d0de6eb2 GetLastError 43341->43343 43344 7ff7d0db18f4 2 API calls 43342->43344 43350 7ff7d0de6ee6 _cwprintf_s_l 43343->43350 43345 7ff7d0de6efe 43344->43345 43346 7ff7d0de6f15 ResetEvent 43345->43346 43345->43350 43347 7ff7d0de6f63 43346->43347 43348 7ff7d0de6f23 GetLastError 43346->43348 43349 7ff7d0db37b4 _cwprintf_s_l 10 API calls 43347->43349 43347->43350 43348->43350 43351 7ff7d0de6fc4 43349->43351 43350->43334 43351->43350 43352 7ff7d0de7005 SetEvent 43351->43352 43353 7ff7d0de7023 43352->43353 43354 7ff7d0de7013 GetLastError 43352->43354 43355 7ff7d0db18f4 2 API calls 43353->43355 43354->43353 43356 7ff7d0de702f 43355->43356 43356->43350 43357 7ff7d0de7046 ResetEvent 43356->43357 43358 7ff7d0de7064 43357->43358 43359 7ff7d0de7054 GetLastError 43357->43359 43360 7ff7d0de7104 CreateFileW 43358->43360 43361 7ff7d0de7070 43358->43361 43359->43358 43362 7ff7d0de7183 SetFilePointerEx 43360->43362 43363 7ff7d0de7138 GetLastError 43360->43363 43361->43350 43373 7ff7d0db6828 GetProcessHeap HeapAlloc 43361->43373 43364 7ff7d0de71d9 SetEndOfFile 43362->43364 43365 7ff7d0de7199 GetLastError 43362->43365 43367 7ff7d0de716c _cwprintf_s_l 43363->43367 43369 7ff7d0de7224 SetFilePointerEx 43364->43369 43370 7ff7d0de71e7 GetLastError 43364->43370 43368 7ff7d0de71cd _cwprintf_s_l 43365->43368 43367->43362 43368->43350 43369->43350 43371 7ff7d0de723a GetLastError 43369->43371 43370->43368 43371->43368 43372->43340 43499 7ff7d0de1690 180 API calls _cwprintf_s_l 43380 7ff7d0e2d67e 14 API calls 43449 7ff7d0de9f90 88 API calls _cwprintf_s_l 43501 7ff7d0e1c880 13 API calls _cwprintf_s_l 43450 7ff7d0db7d60 72 API calls 2 library calls 43451 7ff7d0de5b60 103 API calls __swprintf_l 43502 7ff7d0dd9060 64 API calls _cwprintf_s_l 43505 7ff7d0dc845c 8 API calls 2 library calls 41776 7ff7d0e03c5c 41797 7ff7d0e03fa4 41776->41797 41779 7ff7d0e03da8 41831 7ff7d0e042ec 7 API calls 2 library calls 41779->41831 41780 7ff7d0e03c78 __scrt_acquire_startup_lock 41782 7ff7d0e03db2 41780->41782 41787 7ff7d0e03c96 __scrt_release_startup_lock 41780->41787 41832 7ff7d0e042ec 7 API calls 2 library calls 41782->41832 41784 7ff7d0e03cbb 41785 7ff7d0e03dbd __FrameHandler3::FrameUnwindToEmptyState 41786 7ff7d0e03d41 41805 7ff7d0e04438 41786->41805 41787->41784 41787->41786 41828 7ff7d0e0b828 47 API calls 41787->41828 41789 7ff7d0e03d46 41808 7ff7d0db10b0 41789->41808 41794 7ff7d0e03d69 41794->41785 41830 7ff7d0e04138 7 API calls __scrt_initialize_crt 41794->41830 41796 7ff7d0e03d80 41796->41784 41833 7ff7d0e045c0 41797->41833 41800 7ff7d0e03fd3 41835 7ff7d0e0bf6c 41800->41835 41801 7ff7d0e03c70 41801->41779 41801->41780 41873 7ff7d0e047d0 41805->41873 41875 7ff7d0db543c SetLastError GetModuleFileNameW 41808->41875 41810 7ff7d0db1155 41811 7ff7d0db1159 CreateFileW 41810->41811 41812 7ff7d0db1188 41810->41812 41811->41812 41890 7ff7d0db93cc 41812->41890 41815 7ff7d0db1194 42009 7ff7d0db17c8 HeapSetInformation 41815->42009 41816 7ff7d0db119b 42010 7ff7d0db1728 76 API calls 41816->42010 41819 7ff7d0db1199 41895 7ff7d0db9464 41819->41895 41821 7ff7d0db11c3 _cwprintf_s_l 41822 7ff7d0db1203 41821->41822 41823 7ff7d0db11fa CloseHandle 41821->41823 41824 7ff7d0db1211 41822->41824 42011 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 41822->42011 41823->41822 41826 7ff7d0e03b50 _log10_special 8 API calls 41824->41826 41827 7ff7d0db1225 41826->41827 41829 7ff7d0e0447c GetModuleHandleW 41827->41829 41828->41786 41829->41794 41830->41796 41831->41782 41832->41785 41834 7ff7d0e03fc6 __scrt_dllmain_crt_thread_attach 41833->41834 41834->41800 41834->41801 41836 7ff7d0e10e2c 41835->41836 41837 7ff7d0e03fd8 41836->41837 41840 7ff7d0e0e440 41836->41840 41837->41801 41839 7ff7d0e05628 7 API calls 2 library calls 41837->41839 41839->41801 41841 7ff7d0e0e450 41840->41841 41843 7ff7d0e0e45b __vcrt_uninitialize_ptd 41841->41843 41844 7ff7d0e0e2b8 GetLastError 41841->41844 41843->41836 41845 7ff7d0e0e2f9 FlsSetValue 41844->41845 41850 7ff7d0e0e2dc 41844->41850 41846 7ff7d0e0e30b 41845->41846 41847 7ff7d0e0e2e9 41845->41847 41861 7ff7d0e0e884 41846->41861 41848 7ff7d0e0e365 SetLastError 41847->41848 41848->41843 41850->41845 41850->41847 41852 7ff7d0e0e338 FlsSetValue 41855 7ff7d0e0e344 FlsSetValue 41852->41855 41856 7ff7d0e0e356 41852->41856 41853 7ff7d0e0e328 FlsSetValue 41854 7ff7d0e0e331 41853->41854 41868 7ff7d0e0c91c 11 API calls 2 library calls 41854->41868 41855->41854 41869 7ff7d0e0dee4 11 API calls memcpy_s 41856->41869 41859 7ff7d0e0e35e 41870 7ff7d0e0c91c 11 API calls 2 library calls 41859->41870 41866 7ff7d0e0e895 memcpy_s 41861->41866 41862 7ff7d0e0e8e6 41872 7ff7d0e0a7ec 11 API calls memcpy_s 41862->41872 41863 7ff7d0e0e8ca HeapAlloc 41864 7ff7d0e0e31a 41863->41864 41863->41866 41864->41852 41864->41853 41866->41862 41866->41863 41871 7ff7d0e10f10 EnterCriticalSection LeaveCriticalSection memcpy_s 41866->41871 41868->41847 41869->41859 41870->41848 41871->41866 41872->41864 41874 7ff7d0e0444f GetStartupInfoW 41873->41874 41874->41789 41876 7ff7d0db54be 41875->41876 41877 7ff7d0db547e GetLastError 41875->41877 41878 7ff7d0db54c7 GetLastError 41876->41878 41882 7ff7d0db54e3 41876->41882 41887 7ff7d0db54b2 _cwprintf_s_l 41877->41887 41879 7ff7d0db54d6 41878->41879 41878->41882 42012 7ff7d0db44c4 41879->42012 41881 7ff7d0db550a SetLastError 41884 7ff7d0db5515 GetModuleFileNameW 41881->41884 41882->41881 41883 7ff7d0db54fa 41882->41883 41882->41887 41883->41881 41885 7ff7d0db55c3 GetLastError 41884->41885 41886 7ff7d0db552c GetLastError 41884->41886 41889 7ff7d0db555c _cwprintf_s_l 41885->41889 41886->41887 41888 7ff7d0db553b 41886->41888 41887->41810 41888->41884 41888->41889 41889->41887 41891 7ff7d0db9410 41890->41891 41892 7ff7d0db93f4 lstrlenW 41890->41892 41893 7ff7d0db1190 41891->41893 41894 7ff7d0db942d CompareStringW 41891->41894 41892->41891 41893->41815 41893->41816 41894->41893 41896 7ff7d0db94c8 __scrt_get_show_window_mode 41895->41896 41897 7ff7d0db9502 GetModuleHandleW 41896->41897 42017 7ff7d0e1847c InitializeCriticalSection 41897->42017 41899 7ff7d0db9519 42018 7ff7d0e187d0 41899->42018 41905 7ff7d0db9589 41906 7ff7d0db954b _cwprintf_s_l 41905->41906 41907 7ff7d0db95be 41905->41907 41909 7ff7d0db95b0 41905->41909 41908 7ff7d0db9915 41906->41908 42216 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 41906->42216 41913 7ff7d0db95c3 CoInitializeEx 41907->41913 41911 7ff7d0db9927 41908->41911 42217 7ff7d0dcf0c8 136 API calls _cwprintf_s_l 41908->42217 42209 7ff7d0de5628 15 API calls 2 library calls 41909->42209 42185 7ff7d0dc9270 41911->42185 41913->41906 41915 7ff7d0db95e4 41913->41915 42040 7ff7d0e176e8 41915->42040 41919 7ff7d0db95ee 41919->41906 42055 7ff7d0e1fa80 41919->42055 41925 7ff7d0db9977 41931 7ff7d0db99b5 41925->41931 41934 7ff7d0db9990 41925->41934 41927 7ff7d0db9613 41927->41906 42069 7ff7d0e1dab4 41927->42069 41928 7ff7d0db994b 41928->41925 41936 7ff7d0db9b38 77 API calls 41928->41936 41929 7ff7d0db99b3 41933 7ff7d0e18178 EnterCriticalSection FlushFileBuffers GetLastError LeaveCriticalSection 41929->41933 41931->41929 41937 7ff7d0db9b38 77 API calls 41931->41937 41938 7ff7d0db99f2 41933->41938 41935 7ff7d0db9b38 77 API calls 41934->41935 41935->41929 41936->41925 41937->41929 41940 7ff7d0db9a19 41938->41940 41941 7ff7d0db9a04 41938->41941 41942 7ff7d0db9a1f 41940->41942 41947 7ff7d0db9a17 41940->41947 41944 7ff7d0dd0c78 60 API calls 41941->41944 41945 7ff7d0db9b38 77 API calls 41942->41945 41943 7ff7d0db9653 42087 7ff7d0e18c84 41943->42087 41944->41947 41949 7ff7d0db9a2e 41945->41949 41946 7ff7d0de5dc0 IsWindow PostMessageW 41950 7ff7d0db9a60 41946->41950 41947->41946 41952 7ff7d0db82a8 94 API calls 41949->41952 41953 7ff7d0db9a72 41950->41953 41954 7ff7d0db9a64 41950->41954 41957 7ff7d0db9a37 41952->41957 41955 7ff7d0dd9c68 WaitForSingleObject GetLastError SetEvent GetLastError 41953->41955 41958 7ff7d0ddd1c4 WaitForSingleObject GetLastError 41954->41958 41960 7ff7d0db9a7b 41955->41960 41957->41947 41962 7ff7d0e17f80 77 API calls 41957->41962 41959 7ff7d0db9a70 41958->41959 41963 7ff7d0db9124 19 API calls 41959->41963 41961 7ff7d0e1878c EnterCriticalSection LeaveCriticalSection 41960->41961 41965 7ff7d0db9a84 41961->41965 41962->41947 41966 7ff7d0db9ac8 41963->41966 41964 7ff7d0db543c 10 API calls 41967 7ff7d0db96f0 41964->41967 41968 7ff7d0db9aa6 41965->41968 41972 7ff7d0e1887c __swprintf_l 10 API calls 41965->41972 41970 7ff7d0db9ad4 41966->41970 41973 7ff7d0e1f7d0 CoUninitialize 41966->41973 42097 7ff7d0db9b38 41967->42097 41977 7ff7d0db9b38 77 API calls 41968->41977 41969 7ff7d0db96b8 41969->41964 41975 7ff7d0db9ae0 41970->41975 41979 7ff7d0e1e250 FreeLibrary 41970->41979 41976 7ff7d0db9a95 41972->41976 41973->41970 41980 7ff7d0db9aec 41975->41980 41983 7ff7d0e1b31c FreeLibrary 41975->41983 41976->41968 41984 7ff7d0db4278 _cwprintf_s_l GetProcessHeap RtlFreeHeap GetLastError 41976->41984 41977->41959 41978 7ff7d0db9756 42100 7ff7d0ddaafc 41978->42100 41979->41975 41985 7ff7d0db9afd 41980->41985 41988 7ff7d0e1fb74 FreeLibrary FreeLibrary 41980->41988 41983->41980 41984->41968 41986 7ff7d0db9b01 CoUninitialize 41985->41986 41987 7ff7d0db9b07 41985->41987 41986->41987 41993 7ff7d0e18a34 83 API calls 41987->41993 41989 7ff7d0db9af8 41988->41989 41991 7ff7d0e17890 FreeLibrary FreeLibrary 41989->41991 41990 7ff7d0db98d3 42151 7ff7d0db8e70 41990->42151 41991->41985 41996 7ff7d0db9b13 41993->41996 41995 7ff7d0db988f 41995->41906 42215 7ff7d0db89d0 627 API calls _cwprintf_s_l 41995->42215 41999 7ff7d0e03b50 _log10_special 8 API calls 41996->41999 41998 7ff7d0db97ce 41998->41906 42212 7ff7d0dcfed4 76 API calls 2 library calls 41998->42212 42003 7ff7d0db9b24 41999->42003 42001 7ff7d0db98b9 42001->41906 42001->41990 42002 7ff7d0db97a5 42211 7ff7d0db8d08 168 API calls _cwprintf_s_l 42002->42211 42003->41821 42006 7ff7d0db97fe 42008 7ff7d0db9804 _cwprintf_s_l 42006->42008 42213 7ff7d0db89d0 627 API calls _cwprintf_s_l 42006->42213 42008->41906 42214 7ff7d0db86c8 228 API calls _cwprintf_s_l 42008->42214 42010->41819 42011->41824 42013 7ff7d0db44d8 42012->42013 42015 7ff7d0db44dd _cwprintf_s_l 42012->42015 42016 7ff7d0db6f2c GetProcessHeap HeapSize _cwprintf_s_l 42013->42016 42015->41882 42016->42015 42017->41899 42019 7ff7d0db952f 42018->42019 42021 7ff7d0e187e0 42018->42021 42022 7ff7d0e167b0 42019->42022 42021->42019 42218 7ff7d0dbc0c0 42021->42218 42023 7ff7d0e167ea 42022->42023 42024 7ff7d0e16844 CommandLineToArgvW 42023->42024 42026 7ff7d0e167f0 _cwprintf_s_l 42023->42026 42025 7ff7d0e16859 GetLastError 42024->42025 42024->42026 42025->42026 42027 7ff7d0db9545 42026->42027 42323 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42026->42323 42027->41906 42029 7ff7d0db8018 InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 42027->42029 42030 7ff7d0db808f 42029->42030 42031 7ff7d0db809e GetCurrentProcess 42030->42031 42324 7ff7d0e18e18 OpenProcessToken 42031->42324 42035 7ff7d0db80e0 42038 7ff7d0db80e6 _cwprintf_s_l 42035->42038 42397 7ff7d0dc0238 42035->42397 42038->41905 42041 7ff7d0db1a28 73 API calls 42040->42041 42042 7ff7d0e17701 42041->42042 42043 7ff7d0e17707 GetProcAddressForCaller GetProcAddress 42042->42043 42044 7ff7d0e1773f 42042->42044 42043->42044 42045 7ff7d0e17772 _cwprintf_s_l 42044->42045 42046 7ff7d0db1a28 73 API calls 42044->42046 42045->41919 42047 7ff7d0e1776c 42046->42047 42047->42045 42048 7ff7d0e177a2 GetProcAddress 42047->42048 42049 7ff7d0e177c7 42048->42049 42050 7ff7d0e1780f GetProcAddress 42048->42050 42049->42050 42051 7ff7d0e177cc GetLastError 42049->42051 42050->42045 42052 7ff7d0e17834 42050->42052 42053 7ff7d0e177fe _cwprintf_s_l 42051->42053 42052->42045 42054 7ff7d0e17839 GetLastError 42052->42054 42053->42045 42054->42053 42056 7ff7d0db1a28 73 API calls 42055->42056 42057 7ff7d0e1fa97 42056->42057 42058 7ff7d0e1fa9b GetProcAddress GetProcAddress 42057->42058 42059 7ff7d0e1fad1 42057->42059 42058->42059 42060 7ff7d0db1a28 73 API calls 42059->42060 42061 7ff7d0e1fae4 42060->42061 42062 7ff7d0e1fae8 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 42061->42062 42063 7ff7d0db960e 42061->42063 42062->42063 42064 7ff7d0e1a270 42063->42064 42065 7ff7d0db1a28 73 API calls 42064->42065 42066 7ff7d0e1a289 42065->42066 42067 7ff7d0e1a2ba GetProcAddress GetProcAddress 42066->42067 42068 7ff7d0e1a28f _cwprintf_s_l 42066->42068 42067->42068 42068->41927 42070 7ff7d0db1ae4 67 API calls 42069->42070 42071 7ff7d0e1dad8 42070->42071 42073 7ff7d0e1dade _cwprintf_s_l 42071->42073 42775 7ff7d0e23128 42071->42775 42079 7ff7d0db9633 42073->42079 42786 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42073->42786 42074 7ff7d0e1db24 7 API calls 42075 7ff7d0e1dc99 42074->42075 42076 7ff7d0e1dc7e GetProcAddress 42074->42076 42077 7ff7d0e1dcbe 42075->42077 42078 7ff7d0e1dca3 GetProcAddress 42075->42078 42076->42075 42077->42073 42078->42077 42079->41906 42081 7ff7d0e1ee04 42079->42081 42082 7ff7d0e1ee13 CoInitialize 42081->42082 42083 7ff7d0e1ee24 42081->42083 42082->42083 42084 7ff7d0e1ee73 CLSIDFromProgID 42083->42084 42086 7ff7d0e1ee28 _cwprintf_s_l 42083->42086 42085 7ff7d0e1ee8b CLSIDFromProgID 42084->42085 42084->42086 42085->42086 42086->41943 42088 7ff7d0e18cd3 _cwprintf_s_l 42087->42088 42089 7ff7d0e18cb0 42087->42089 42092 7ff7d0e18e00 FreeLibrary 42088->42092 42093 7ff7d0db967a GetNativeSystemInfo 42088->42093 42090 7ff7d0db1a28 73 API calls 42089->42090 42091 7ff7d0e18cca 42090->42091 42091->42088 42094 7ff7d0e18d2b GetProcAddress 42091->42094 42092->42093 42093->41969 42095 7ff7d0e18d42 GetLastError 42094->42095 42096 7ff7d0e18d74 _cwprintf_s_l 42094->42096 42095->42096 42096->42088 42787 7ff7d0e1843c 42097->42787 42101 7ff7d0ddab3c __scrt_get_show_window_mode 42100->42101 42798 7ff7d0dbc924 InitializeCriticalSection 42101->42798 42106 7ff7d0ddaf99 42829 7ff7d0dc1410 42106->42829 42111 7ff7d0ddafb0 42115 7ff7d0ddafbe 42111->42115 42849 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42111->42849 42112 7ff7d0ddafa2 42112->42111 42848 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42112->42848 42117 7ff7d0db9765 42115->42117 42119 7ff7d0db6a48 _cwprintf_s_l 3 API calls 42115->42119 42117->41990 42117->41995 42117->41998 42117->42002 42117->42008 42119->42117 42121 7ff7d0ddabe5 42150 7ff7d0ddab55 _cwprintf_s_l 42121->42150 42836 7ff7d0dd8728 64 API calls 2 library calls 42121->42836 42123 7ff7d0ddac3d 42124 7ff7d0db9b38 77 API calls 42123->42124 42123->42150 42125 7ff7d0ddac75 42124->42125 42126 7ff7d0ddacc3 42125->42126 42127 7ff7d0ddac7e 42125->42127 42838 7ff7d0ddafe4 67 API calls 2 library calls 42126->42838 42837 7ff7d0e17f80 77 API calls 3 library calls 42127->42837 42130 7ff7d0ddaccb 42130->42150 42839 7ff7d0dbdb48 87 API calls 42130->42839 42132 7ff7d0ddad04 42132->42150 42840 7ff7d0dbdb48 87 API calls 42132->42840 42134 7ff7d0ddad90 42136 7ff7d0ddae27 42134->42136 42139 7ff7d0dbdb80 87 API calls 42134->42139 42134->42150 42135 7ff7d0ddad5a 42135->42134 42135->42150 42841 7ff7d0dbdb80 42135->42841 42138 7ff7d0ddae61 42136->42138 42140 7ff7d0dbdb80 87 API calls 42136->42140 42136->42150 42141 7ff7d0ddaea6 42138->42141 42138->42150 42844 7ff7d0dd5074 116 API calls _cwprintf_s_l 42138->42844 42145 7ff7d0ddadce 42139->42145 42140->42138 42141->42150 42845 7ff7d0dc5d48 99 API calls 2 library calls 42141->42845 42144 7ff7d0ddaee7 42144->42150 42846 7ff7d0dc1f94 91 API calls _cwprintf_s_l 42144->42846 42146 7ff7d0dbdb80 87 API calls 42145->42146 42145->42150 42146->42136 42148 7ff7d0ddaf0e 42149 7ff7d0db4be0 2 API calls 42148->42149 42148->42150 42149->42150 42150->42106 42847 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42150->42847 42935 7ff7d0dceb98 42151->42935 42154 7ff7d0db543c 10 API calls 42158 7ff7d0db8f1b 42154->42158 42155 7ff7d0db907a IsWindow 42156 7ff7d0db9088 PostMessageW 42155->42156 42157 7ff7d0db909c 42155->42157 42156->42157 42159 7ff7d0db90b0 42157->42159 42160 7ff7d0db90a5 CloseHandle 42157->42160 42166 7ff7d0db8f42 42158->42166 42184 7ff7d0db8ede _cwprintf_s_l 42158->42184 42974 7ff7d0dd39b8 42158->42974 42161 7ff7d0db90c7 42159->42161 42162 7ff7d0db90bd CloseHandle 42159->42162 42160->42159 42164 7ff7d0db90d0 CloseHandle 42161->42164 42165 7ff7d0db90da 42161->42165 42162->42161 42164->42165 42169 7ff7d0db90df CloseHandle 42165->42169 42170 7ff7d0db90e8 42165->42170 42166->42184 42981 7ff7d0dd9d28 42166->42981 42168 7ff7d0db8f9b 42168->42184 43004 7ff7d0db3224 42168->43004 42169->42170 43018 7ff7d0db4578 42170->43018 42175 7ff7d0db4578 5 API calls 42176 7ff7d0db90fa 42175->42176 42178 7ff7d0db9108 42176->42178 43023 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42176->43023 42180 7ff7d0db9116 42178->42180 43024 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42178->43024 42180->41906 42181 7ff7d0db900a 42181->42184 43012 7ff7d0e19750 42181->43012 42184->42155 42186 7ff7d0dc927f 42185->42186 42187 7ff7d0db9933 42185->42187 43260 7ff7d0db72ac 42186->43260 42189 7ff7d0dd56ac 42187->42189 42190 7ff7d0db993f 42189->42190 42191 7ff7d0dd56ba 42189->42191 42193 7ff7d0dd59ac 42190->42193 42192 7ff7d0db72ac 99 API calls 42191->42192 42192->42190 42194 7ff7d0dd59c1 42193->42194 42196 7ff7d0dd59cc 42193->42196 43311 7ff7d0db41a8 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42194->43311 42197 7ff7d0dd59da 42196->42197 43312 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42196->43312 42199 7ff7d0dd59e8 42197->42199 43313 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42197->43313 42201 7ff7d0dd59f6 42199->42201 43314 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42199->43314 42203 7ff7d0dd5a07 42201->42203 43315 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42201->43315 42205 7ff7d0dd5a18 42203->42205 43316 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42203->43316 42207 7ff7d0dd5a29 42205->42207 43317 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42205->43317 42209->41907 42210 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42210->41978 42211->41998 42212->42006 42213->42008 42214->41995 42215->42001 42216->41908 42217->41911 42221 7ff7d0e18850 42218->42221 42220 7ff7d0dbc0dc 42220->42019 42222 7ff7d0e18859 42221->42222 42223 7ff7d0e18861 42222->42223 42226 7ff7d0e17cd0 42222->42226 42223->42220 42235 7ff7d0db37b4 42226->42235 42228 7ff7d0e17d05 _cwprintf_s_l 42229 7ff7d0e17d0b _cwprintf_s_l 42228->42229 42250 7ff7d0e17a38 42228->42250 42232 7ff7d0e17dc3 42229->42232 42270 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42229->42270 42233 7ff7d0e17dd2 42232->42233 42271 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42232->42271 42233->42220 42236 7ff7d0db37f1 42235->42236 42237 7ff7d0db37fa 42235->42237 42239 7ff7d0db44c4 _cwprintf_s_l 2 API calls 42236->42239 42238 7ff7d0db383d MultiByteToWideChar 42237->42238 42242 7ff7d0db3800 _cwprintf_s_l 42237->42242 42244 7ff7d0db38c5 42237->42244 42240 7ff7d0db385f GetLastError 42238->42240 42238->42244 42239->42237 42240->42242 42241 7ff7d0db3982 MultiByteToWideChar 42241->42242 42243 7ff7d0db39ae GetLastError 42241->42243 42242->42228 42243->42242 42244->42241 42244->42242 42245 7ff7d0db392f 42244->42245 42246 7ff7d0db391f 42244->42246 42273 7ff7d0db6828 GetProcessHeap HeapAlloc 42245->42273 42272 7ff7d0db6ba0 GetProcessHeap HeapReAlloc 42246->42272 42251 7ff7d0e17a82 EnterCriticalSection 42250->42251 42252 7ff7d0e17ca4 42250->42252 42254 7ff7d0e17a98 GetCurrentProcessId GetCurrentThreadId GetLocalTime 42251->42254 42255 7ff7d0e17bdb 42251->42255 42253 7ff7d0e03b50 _log10_special 8 API calls 42252->42253 42256 7ff7d0e17cb2 42253->42256 42259 7ff7d0e17ad6 42254->42259 42274 7ff7d0db3cd8 42255->42274 42256->42229 42258 7ff7d0e17bfb 42264 7ff7d0e17bb7 _cwprintf_s_l 42258->42264 42289 7ff7d0e1887c EnterCriticalSection 42258->42289 42298 7ff7d0db31dc 42259->42298 42263 7ff7d0e17bab 42263->42264 42265 7ff7d0e17c7b LeaveCriticalSection 42264->42265 42266 7ff7d0e17c91 42265->42266 42267 7ff7d0e17c96 42265->42267 42301 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42266->42301 42267->42252 42302 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42267->42302 42270->42232 42271->42233 42275 7ff7d0db3d15 42274->42275 42276 7ff7d0db3d1e 42274->42276 42303 7ff7d0db4528 GetProcessHeap HeapSize _cwprintf_s_l 42275->42303 42278 7ff7d0db3d61 WideCharToMultiByte 42276->42278 42281 7ff7d0db3df3 42276->42281 42282 7ff7d0db3d24 _cwprintf_s_l 42276->42282 42279 7ff7d0db3d8d GetLastError 42278->42279 42278->42281 42279->42282 42280 7ff7d0db3eac WideCharToMultiByte 42280->42282 42283 7ff7d0db3ee2 GetLastError 42280->42283 42281->42280 42281->42282 42284 7ff7d0db3e49 42281->42284 42285 7ff7d0db3e5c 42281->42285 42282->42258 42283->42282 42304 7ff7d0db6ba0 GetProcessHeap HeapReAlloc 42284->42304 42305 7ff7d0db6828 GetProcessHeap HeapAlloc 42285->42305 42290 7ff7d0e188b1 42289->42290 42291 7ff7d0e18973 42290->42291 42292 7ff7d0e18945 42290->42292 42297 7ff7d0e188f5 _cwprintf_s_l 42290->42297 42294 7ff7d0e1897b WriteFile 42291->42294 42295 7ff7d0e18a12 LeaveCriticalSection 42291->42295 42306 7ff7d0db3aec 6 API calls 2 library calls 42292->42306 42294->42291 42296 7ff7d0e1899a GetLastError 42294->42296 42295->42264 42296->42291 42296->42297 42297->42295 42307 7ff7d0db1e3c 42298->42307 42300 7ff7d0db31fd 42300->42255 42300->42263 42301->42267 42302->42252 42303->42276 42306->42297 42308 7ff7d0db1e79 42307->42308 42312 7ff7d0db1e82 42307->42312 42318 7ff7d0db6f2c GetProcessHeap HeapSize _cwprintf_s_l 42308->42318 42313 7ff7d0db1f49 42312->42313 42314 7ff7d0db1e8a _cwprintf_s_l 42312->42314 42319 7ff7d0db2088 58 API calls 2 library calls 42312->42319 42313->42314 42316 7ff7d0db1fd4 _cwprintf_s_l 42313->42316 42320 7ff7d0db2e58 50 API calls 2 library calls 42313->42320 42321 7ff7d0db2088 58 API calls 2 library calls 42313->42321 42314->42300 42316->42314 42322 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42316->42322 42318->42312 42319->42313 42320->42313 42321->42313 42322->42314 42323->42027 42325 7ff7d0e18e81 GetTokenInformation 42324->42325 42326 7ff7d0e18e44 GetLastError 42324->42326 42327 7ff7d0e18eb6 GetLastError 42325->42327 42328 7ff7d0e18e78 _cwprintf_s_l 42325->42328 42326->42328 42327->42328 42329 7ff7d0db80b3 42328->42329 42330 7ff7d0e18f25 CloseHandle 42328->42330 42331 7ff7d0ddb24c 42329->42331 42330->42329 42353 7ff7d0ddb504 _cwprintf_s_l 42331->42353 42380 7ff7d0ddb29b _cwprintf_s_l 42331->42380 42332 7ff7d0ddb2b8 CompareStringW 42334 7ff7d0ddc69b CompareStringW 42332->42334 42335 7ff7d0ddb2e7 CompareStringW 42332->42335 42333 7ff7d0ddc73a 42473 7ff7d0db69ec 6 API calls _cwprintf_s_l 42333->42473 42334->42380 42335->42334 42337 7ff7d0ddb31a CompareStringW 42335->42337 42337->42334 42338 7ff7d0ddb34e CompareStringW 42337->42338 42339 7ff7d0ddb382 CompareStringW 42338->42339 42338->42380 42340 7ff7d0ddb3b6 CompareStringW 42339->42340 42339->42380 42341 7ff7d0ddb3ea CompareStringW 42340->42341 42340->42380 42342 7ff7d0ddb41e CompareStringW 42341->42342 42341->42380 42343 7ff7d0ddb452 CompareStringW 42342->42343 42342->42380 42344 7ff7d0ddb486 CompareStringW 42343->42344 42343->42380 42345 7ff7d0ddb4ba CompareStringW 42344->42345 42344->42380 42346 7ff7d0ddb556 CompareStringW 42345->42346 42345->42380 42347 7ff7d0ddb612 CompareStringW 42346->42347 42346->42380 42348 7ff7d0ddb659 CompareStringW 42347->42348 42347->42380 42349 7ff7d0ddb6a0 CompareStringW 42348->42349 42348->42380 42350 7ff7d0ddb6e7 CompareStringW 42349->42350 42349->42380 42351 7ff7d0ddb72e CompareStringW 42350->42351 42350->42380 42352 7ff7d0ddb762 CompareStringW 42351->42352 42351->42380 42354 7ff7d0ddb796 CompareStringW 42352->42354 42352->42380 42353->42035 42355 7ff7d0ddb7d1 CompareStringW 42354->42355 42354->42380 42356 7ff7d0ddb816 CompareStringW 42355->42356 42355->42380 42357 7ff7d0ddb84f CompareStringW 42356->42357 42356->42380 42358 7ff7d0ddb8c0 CompareStringW 42357->42358 42357->42380 42359 7ff7d0ddb931 CompareStringW 42358->42359 42358->42380 42360 7ff7d0ddb991 CompareStringW 42359->42360 42359->42380 42362 7ff7d0ddb9fd lstrlenW CompareStringW 42360->42362 42360->42380 42361 7ff7d0db50b4 66 API calls 42361->42380 42363 7ff7d0ddba3c lstrlenW 42362->42363 42364 7ff7d0ddbafe CompareStringW 42362->42364 42363->42380 42365 7ff7d0ddbc39 lstrlenW lstrlenW CompareStringW 42364->42365 42364->42380 42366 7ff7d0ddbd81 lstrlenW lstrlenW CompareStringW 42365->42366 42365->42380 42367 7ff7d0ddbe54 CompareStringW 42366->42367 42368 7ff7d0ddbdd1 lstrlenW 42366->42368 42370 7ff7d0ddbee5 CompareStringW 42367->42370 42367->42380 42368->42380 42373 7ff7d0ddbf36 CompareStringW 42370->42373 42370->42380 42371 7ff7d0ddbd05 lstrlenW 42371->42380 42372 7ff7d0db9b38 77 API calls 42372->42380 42374 7ff7d0ddbf6d CompareStringW 42373->42374 42373->42380 42375 7ff7d0ddbfac CompareStringW 42374->42375 42374->42380 42376 7ff7d0ddbfe3 CompareStringW 42375->42376 42375->42380 42377 7ff7d0ddc022 CompareStringW 42376->42377 42376->42380 42378 7ff7d0ddc05c CompareStringW 42377->42378 42377->42380 42379 7ff7d0ddc096 CompareStringW 42378->42379 42378->42380 42379->42380 42381 7ff7d0ddc0d0 CompareStringW 42379->42381 42380->42332 42380->42333 42380->42334 42380->42353 42380->42357 42380->42361 42380->42367 42380->42370 42380->42371 42380->42372 42380->42373 42380->42381 42382 7ff7d0ddc108 CompareStringW 42380->42382 42385 7ff7d0ddc23c lstrlenW lstrlenW CompareStringW 42380->42385 42387 7ff7d0ddc30e lstrlenW lstrlenW CompareStringW 42380->42387 42395 7ff7d0ddc60e lstrlenW lstrlenW CompareStringW 42380->42395 42472 7ff7d0db69ec 6 API calls _cwprintf_s_l 42380->42472 42381->42380 42381->42382 42382->42380 42383 7ff7d0ddc18a lstrlenW lstrlenW CompareStringW 42382->42383 42384 7ff7d0ddc1d6 lstrlenW 42383->42384 42383->42385 42384->42380 42386 7ff7d0ddc28c lstrlenW 42385->42386 42385->42387 42386->42380 42388 7ff7d0ddc3bb lstrlenW lstrlenW CompareStringW 42387->42388 42389 7ff7d0ddc35a lstrlenW 42387->42389 42390 7ff7d0ddc4a6 lstrlenW lstrlenW CompareStringW 42388->42390 42391 7ff7d0ddc409 lstrlenW 42388->42391 42389->42380 42392 7ff7d0ddc556 lstrlenW lstrlenW CompareStringW 42390->42392 42393 7ff7d0ddc4f0 lstrlenW 42390->42393 42396 7ff7d0ddc42d _cwprintf_s_l 42391->42396 42394 7ff7d0ddc5a0 lstrlenW 42392->42394 42392->42395 42393->42396 42394->42380 42395->42333 42395->42380 42396->42390 42396->42392 42398 7ff7d0dc0295 __scrt_get_show_window_mode 42397->42398 42399 7ff7d0dc0312 SetFilePointerEx 42398->42399 42400 7ff7d0dc02ca GetLastError 42398->42400 42401 7ff7d0dc0371 ReadFile 42399->42401 42402 7ff7d0dc0334 GetLastError 42399->42402 42427 7ff7d0dc02fd _cwprintf_s_l 42400->42427 42403 7ff7d0dc03cf 42401->42403 42404 7ff7d0dc038f GetLastError 42401->42404 42402->42427 42405 7ff7d0dc03e9 SetFilePointerEx 42403->42405 42403->42427 42404->42427 42406 7ff7d0dc0440 ReadFile 42405->42406 42407 7ff7d0dc0400 GetLastError 42405->42407 42409 7ff7d0dc0495 _cwprintf_s_l 42406->42409 42410 7ff7d0dc0461 GetLastError 42406->42410 42408 7ff7d0dc0434 _cwprintf_s_l 42407->42408 42408->42406 42413 7ff7d0dc04b9 SetFilePointerEx 42409->42413 42409->42427 42410->42409 42411 7ff7d0e03b50 _log10_special 8 API calls 42412 7ff7d0db8107 42411->42412 42412->42038 42446 7ff7d0dd4ddc 42412->42446 42414 7ff7d0dc051d ReadFile 42413->42414 42415 7ff7d0dc04dd GetLastError 42413->42415 42417 7ff7d0dc0581 ReadFile 42414->42417 42418 7ff7d0dc0541 GetLastError 42414->42418 42416 7ff7d0dc0511 _cwprintf_s_l 42415->42416 42416->42414 42420 7ff7d0dc05e0 SetFilePointerEx 42417->42420 42421 7ff7d0dc05a0 GetLastError 42417->42421 42419 7ff7d0dc0575 _cwprintf_s_l 42418->42419 42419->42417 42423 7ff7d0dc0642 ReadFile 42420->42423 42424 7ff7d0dc0602 GetLastError 42420->42424 42422 7ff7d0dc05d4 _cwprintf_s_l 42421->42422 42422->42420 42426 7ff7d0dc06bc GetLastError 42423->42426 42429 7ff7d0dc0667 42423->42429 42425 7ff7d0dc0636 _cwprintf_s_l 42424->42425 42425->42423 42426->42427 42427->42411 42428 7ff7d0dc0749 42428->42427 42474 7ff7d0db6828 GetProcessHeap HeapAlloc 42428->42474 42429->42427 42429->42428 42430 7ff7d0dc0695 ReadFile 42429->42430 42439 7ff7d0dc0722 _cwprintf_s_l 42429->42439 42430->42426 42430->42429 42432 7ff7d0dc078d 42432->42427 42433 7ff7d0dc07be SetFilePointerEx 42432->42433 42434 7ff7d0dc0815 ReadFile 42433->42434 42435 7ff7d0dc07d5 GetLastError 42433->42435 42436 7ff7d0dc083d GetLastError 42434->42436 42438 7ff7d0dc087d 42434->42438 42435->42439 42445 7ff7d0dc0871 _cwprintf_s_l 42436->42445 42440 7ff7d0e23090 GetFileSizeEx GetLastError 42438->42440 42438->42445 42439->42427 42475 7ff7d0db6a48 GetProcessHeap RtlFreeHeap 42439->42475 42441 7ff7d0dc0971 42440->42441 42442 7ff7d0db6828 _cwprintf_s_l GetProcessHeap HeapAlloc 42441->42442 42441->42445 42443 7ff7d0dc09fc memcpy_s 42442->42443 42444 7ff7d0dbfecc GetModuleHandleW GetLastError 42443->42444 42443->42445 42444->42445 42445->42439 42478 7ff7d0e21788 42446->42478 42452 7ff7d0dd505f 42452->42038 42453 7ff7d0dd4e90 42456 7ff7d0dd4e12 _cwprintf_s_l 42453->42456 42494 7ff7d0e269b4 42453->42494 42456->42452 42530 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42456->42530 42457 7ff7d0dd4f35 42462 7ff7d0dd4f21 42457->42462 42529 7ff7d0e17f80 77 API calls 3 library calls 42457->42529 42458 7ff7d0dd4ed0 42458->42456 42458->42457 42460 7ff7d0dd4f19 42458->42460 42461 7ff7d0db4ab4 2 API calls 42460->42461 42461->42462 42462->42456 42503 7ff7d0e20d4c 42462->42503 42465 7ff7d0e21788 77 API calls 42466 7ff7d0dd4fc2 42465->42466 42467 7ff7d0db4be0 2 API calls 42466->42467 42468 7ff7d0dd4fee 42467->42468 42469 7ff7d0db4ab4 2 API calls 42468->42469 42470 7ff7d0dd501a 42469->42470 42516 7ff7d0dd191c 42470->42516 42472->42380 42473->42353 42476 7ff7d0db6a7f 42475->42476 42477 7ff7d0db6a6b GetLastError 42475->42477 42476->42427 42477->42476 42479 7ff7d0e217c8 42478->42479 42482 7ff7d0e21ae0 _cwprintf_s_l 42479->42482 42531 7ff7d0e21c08 42479->42531 42484 7ff7d0e21be7 42482->42484 42543 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42482->42543 42486 7ff7d0e03b50 _log10_special 8 API calls 42484->42486 42487 7ff7d0dd4e0c 42486->42487 42487->42456 42488 7ff7d0db4be0 42487->42488 42581 7ff7d0db4bfc 42488->42581 42490 7ff7d0db4bf6 42490->42456 42491 7ff7d0db4ab4 42490->42491 42492 7ff7d0db44c4 _cwprintf_s_l 2 API calls 42491->42492 42493 7ff7d0db4adf _cwprintf_s_l 42492->42493 42493->42453 42585 7ff7d0e267d0 42494->42585 42498 7ff7d0e26a26 42501 7ff7d0e26aba 42498->42501 42595 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42498->42595 42499 7ff7d0e26a98 RegCloseKey 42499->42498 42501->42458 42502 7ff7d0e269ee _cwprintf_s_l 42502->42498 42502->42499 42504 7ff7d0e20d76 42503->42504 42508 7ff7d0e20d93 _cwprintf_s_l 42503->42508 42504->42508 42604 7ff7d0e20a94 42504->42604 42507 7ff7d0e20a94 77 API calls 42509 7ff7d0e20db6 42507->42509 42510 7ff7d0e20e93 42508->42510 42623 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42508->42623 42509->42508 42511 7ff7d0e20dcd CompareStringW 42509->42511 42513 7ff7d0dd4f90 42510->42513 42624 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42510->42624 42511->42508 42514 7ff7d0e20df7 GetLastError 42511->42514 42513->42456 42513->42465 42514->42508 42631 7ff7d0db608c 42516->42631 42518 7ff7d0dd1947 42519 7ff7d0dd194d _cwprintf_s_l 42518->42519 42520 7ff7d0db4ab4 2 API calls 42518->42520 42522 7ff7d0dd1a1b 42519->42522 42666 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42519->42666 42521 7ff7d0dd1968 42520->42521 42521->42519 42642 7ff7d0dd16e8 42521->42642 42522->42456 42529->42462 42530->42452 42544 7ff7d0db1a28 42531->42544 42533 7ff7d0e21c38 42534 7ff7d0e21c7f GetProcAddress 42533->42534 42537 7ff7d0e21c41 _cwprintf_s_l 42533->42537 42534->42537 42540 7ff7d0e21cbc 42534->42540 42535 7ff7d0e21d68 42538 7ff7d0e21b69 42535->42538 42539 7ff7d0e21d72 FreeLibrary 42535->42539 42536 7ff7d0e21d62 CoTaskMemFree 42536->42535 42537->42535 42537->42536 42538->42482 42542 7ff7d0e21538 11 API calls 2 library calls 42538->42542 42539->42538 42540->42537 42541 7ff7d0db4ab4 2 API calls 42540->42541 42541->42537 42542->42482 42543->42484 42552 7ff7d0db14ac 42544->42552 42547 7ff7d0db1a50 LoadLibraryExW 42549 7ff7d0db1a66 GetLastError 42547->42549 42551 7ff7d0db1a9c _cwprintf_s_l 42547->42551 42548 7ff7d0db1ac4 42558 7ff7d0db1ae4 42548->42558 42549->42551 42551->42533 42553 7ff7d0db14bf GetModuleHandleW 42552->42553 42554 7ff7d0db1569 42552->42554 42555 7ff7d0db1531 GetProcAddress GetProcAddress 42553->42555 42556 7ff7d0db14d4 GetLastError 42553->42556 42554->42547 42554->42548 42555->42554 42557 7ff7d0db1506 _cwprintf_s_l 42556->42557 42557->42554 42568 7ff7d0db59f0 42558->42568 42560 7ff7d0db1b15 42561 7ff7d0db31dc __swprintf_l 61 API calls 42560->42561 42566 7ff7d0db1b1b _cwprintf_s_l 42560->42566 42562 7ff7d0db1b62 42561->42562 42563 7ff7d0db1b9a LoadLibraryExW 42562->42563 42562->42566 42564 7ff7d0db1bb3 GetLastError 42563->42564 42563->42566 42564->42566 42565 7ff7d0db1c21 42565->42551 42566->42565 42580 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42566->42580 42569 7ff7d0db5a18 42568->42569 42570 7ff7d0db5a21 42568->42570 42571 7ff7d0db44c4 _cwprintf_s_l 2 API calls 42569->42571 42572 7ff7d0db5a48 GetSystemDirectoryW 42570->42572 42575 7ff7d0db5a27 _cwprintf_s_l 42570->42575 42571->42570 42573 7ff7d0db5a59 GetLastError 42572->42573 42577 7ff7d0db5ac1 42572->42577 42573->42575 42574 7ff7d0db5b33 42574->42575 42576 7ff7d0db4ab4 2 API calls 42574->42576 42575->42560 42576->42575 42577->42574 42577->42575 42578 7ff7d0db5ae4 GetSystemDirectoryW 42577->42578 42578->42574 42579 7ff7d0db5af3 GetLastError 42578->42579 42579->42575 42580->42565 42582 7ff7d0db4c2d 42581->42582 42584 7ff7d0db4c74 _cwprintf_s_l 42581->42584 42583 7ff7d0db4ab4 2 API calls 42582->42583 42582->42584 42583->42584 42584->42490 42586 7ff7d0db4be0 2 API calls 42585->42586 42587 7ff7d0e267f7 42586->42587 42589 7ff7d0e267fd _cwprintf_s_l 42587->42589 42596 7ff7d0e1a65c 42587->42596 42591 7ff7d0e26894 42589->42591 42599 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42589->42599 42591->42498 42591->42502 42594 7ff7d0e1a904 15 API calls _cwprintf_s_l 42591->42594 42593 7ff7d0e2687b RegCloseKey 42593->42589 42594->42502 42595->42501 42600 7ff7d0e1a674 42596->42600 42598 7ff7d0e1a66d 42598->42589 42598->42593 42599->42591 42601 7ff7d0e1a691 RegOpenKeyExW 42600->42601 42603 7ff7d0e1a6d1 _cwprintf_s_l 42601->42603 42603->42598 42609 7ff7d0e20ad0 42604->42609 42605 7ff7d0e20bb7 42613 7ff7d0e20b7c 42605->42613 42627 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42605->42627 42606 7ff7d0e20b47 42610 7ff7d0e20b50 42606->42610 42615 7ff7d0e20b64 42606->42615 42607 7ff7d0e20ad6 _cwprintf_s_l 42608 7ff7d0e20c9f 42607->42608 42630 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42607->42630 42608->42507 42608->42508 42609->42605 42609->42606 42609->42607 42625 7ff7d0e208a8 76 API calls _cwprintf_s_l 42610->42625 42613->42607 42616 7ff7d0e20be6 42613->42616 42628 7ff7d0db35ac 58 API calls 3 library calls 42613->42628 42615->42613 42626 7ff7d0e20cbc GetLastError _cwprintf_s_l 42615->42626 42620 7ff7d0e20c0b 42616->42620 42621 7ff7d0db4ab4 2 API calls 42616->42621 42617 7ff7d0e20b60 42617->42615 42620->42607 42629 7ff7d0db6424 58 API calls 3 library calls 42620->42629 42621->42620 42623->42510 42624->42513 42625->42617 42626->42613 42627->42613 42628->42616 42629->42607 42630->42608 42632 7ff7d0db60bb 42631->42632 42634 7ff7d0db60c4 42631->42634 42633 7ff7d0db44c4 _cwprintf_s_l 2 API calls 42632->42633 42633->42634 42635 7ff7d0db1a28 73 API calls 42634->42635 42637 7ff7d0db60ca _cwprintf_s_l 42634->42637 42636 7ff7d0db60ff 42635->42636 42636->42637 42638 7ff7d0db613c GetProcAddress 42636->42638 42637->42518 42640 7ff7d0db615f 42638->42640 42639 7ff7d0db61d7 GetLastError 42641 7ff7d0db6195 _cwprintf_s_l 42639->42641 42640->42639 42640->42641 42641->42637 42667 7ff7d0db686c 42642->42667 42644 7ff7d0dd172d 42645 7ff7d0dd1733 _cwprintf_s_l 42644->42645 42646 7ff7d0dd177d 42644->42646 42714 7ff7d0db50b4 66 API calls _cwprintf_s_l 42644->42714 42652 7ff7d0dd18f5 42645->42652 42721 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42645->42721 42646->42645 42676 7ff7d0e26aec 42646->42676 42649 7ff7d0dd1807 42649->42645 42653 7ff7d0dd183b 42649->42653 42715 7ff7d0e25f8c 42649->42715 42651 7ff7d0dd1903 42651->42519 42657 7ff7d0e25bf0 UuidCreate 42651->42657 42652->42651 42722 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42652->42722 42653->42645 42685 7ff7d0e264c8 42653->42685 42658 7ff7d0e25c37 StringFromGUID2 42657->42658 42659 7ff7d0e25c29 _cwprintf_s_l 42657->42659 42658->42659 42660 7ff7d0e03b50 _log10_special 8 API calls 42659->42660 42661 7ff7d0dd19a9 42660->42661 42661->42519 42662 7ff7d0e21050 42661->42662 42663 7ff7d0e2106d 42662->42663 42665 7ff7d0e21071 _cwprintf_s_l 42663->42665 42774 7ff7d0e20eb8 77 API calls _cwprintf_s_l 42663->42774 42665->42519 42666->42522 42668 7ff7d0db6899 42667->42668 42674 7ff7d0db68cf _cwprintf_s_l 42667->42674 42669 7ff7d0db694a GetProcessHeap HeapAlloc 42668->42669 42670 7ff7d0db68bc 42668->42670 42668->42674 42671 7ff7d0db6966 _cwprintf_s_l 42669->42671 42669->42674 42723 7ff7d0db6f2c GetProcessHeap HeapSize _cwprintf_s_l 42670->42723 42671->42674 42673 7ff7d0db68c9 42673->42674 42724 7ff7d0db6ba0 GetProcessHeap HeapReAlloc 42673->42724 42674->42644 42677 7ff7d0e267d0 7 API calls 42676->42677 42678 7ff7d0e26b25 42677->42678 42681 7ff7d0e26b6b 42678->42681 42684 7ff7d0e26b33 _cwprintf_s_l 42678->42684 42725 7ff7d0e1ac2c 42678->42725 42680 7ff7d0e26be3 RegCloseKey 42680->42681 42683 7ff7d0e26c05 42681->42683 42731 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42681->42731 42683->42649 42684->42680 42684->42681 42686 7ff7d0db1a28 73 API calls 42685->42686 42687 7ff7d0e26504 42686->42687 42688 7ff7d0e2653a GetProcAddress 42687->42688 42693 7ff7d0e2650a _cwprintf_s_l 42687->42693 42689 7ff7d0e2655f GetCurrentProcess 42688->42689 42690 7ff7d0e265ca 42688->42690 42765 7ff7d0e196bc 13 API calls _cwprintf_s_l 42689->42765 42691 7ff7d0e1a65c RegOpenKeyExW 42690->42691 42690->42693 42698 7ff7d0e26613 42691->42698 42695 7ff7d0e267ae 42693->42695 42696 7ff7d0e267a3 RegCloseKey 42693->42696 42694 7ff7d0e26571 42694->42690 42694->42693 42766 7ff7d0e21370 81 API calls _cwprintf_s_l 42694->42766 42697 7ff7d0e267bc 42695->42697 42772 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42695->42772 42696->42695 42697->42645 42713 7ff7d0e26705 42698->42713 42756 7ff7d0e263b0 42698->42756 42701 7ff7d0e2659b 42701->42693 42767 7ff7d0db69ec 6 API calls _cwprintf_s_l 42701->42767 42705 7ff7d0e26742 42771 7ff7d0db69ec 6 API calls _cwprintf_s_l 42705->42771 42709 7ff7d0e263b0 16 API calls 42711 7ff7d0e266d1 42709->42711 42710 7ff7d0e26691 42710->42709 42711->42713 42769 7ff7d0db69ec 6 API calls _cwprintf_s_l 42711->42769 42770 7ff7d0e21370 81 API calls _cwprintf_s_l 42713->42770 42714->42646 42716 7ff7d0e25fc7 42715->42716 42717 7ff7d0e25fd0 42715->42717 42718 7ff7d0db44c4 _cwprintf_s_l 2 API calls 42716->42718 42719 7ff7d0e26031 GetLastError 42717->42719 42720 7ff7d0e25fd6 _cwprintf_s_l 42717->42720 42718->42717 42719->42717 42719->42720 42720->42653 42721->42652 42722->42651 42723->42673 42726 7ff7d0e1ac5e 42725->42726 42727 7ff7d0e1ac6f 42725->42727 42726->42727 42747 7ff7d0db6f2c GetProcessHeap HeapSize _cwprintf_s_l 42726->42747 42730 7ff7d0e1ac75 _cwprintf_s_l 42727->42730 42732 7ff7d0e1ad6c 42727->42732 42730->42684 42731->42683 42748 7ff7d0e19a7c 42732->42748 42734 7ff7d0e1af49 42734->42730 42738 7ff7d0e1ae72 42741 7ff7d0e1add3 _cwprintf_s_l 42738->42741 42754 7ff7d0db6f9c 6 API calls _cwprintf_s_l 42738->42754 42739 7ff7d0e1adb9 42739->42738 42739->42741 42742 7ff7d0e19a7c RegQueryValueExW 42739->42742 42752 7ff7d0db6ba0 GetProcessHeap HeapReAlloc 42739->42752 42753 7ff7d0db6828 GetProcessHeap HeapAlloc 42739->42753 42741->42734 42755 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42741->42755 42742->42739 42743 7ff7d0e1aed6 42743->42741 42744 7ff7d0e1af0e lstrlenW 42743->42744 42744->42734 42745 7ff7d0e1af32 42744->42745 42746 7ff7d0db6a48 _cwprintf_s_l 3 API calls 42745->42746 42746->42741 42747->42727 42749 7ff7d0e19aa5 42748->42749 42750 7ff7d0e19b01 RegQueryValueExW 42749->42750 42751 7ff7d0e19aba 42749->42751 42750->42751 42751->42739 42754->42743 42755->42734 42757 7ff7d0e1ac2c 15 API calls 42756->42757 42758 7ff7d0e263dc 42757->42758 42759 7ff7d0e263f8 _cwprintf_s_l 42758->42759 42761 7ff7d0e25f8c 3 API calls 42758->42761 42763 7ff7d0e2642b 42758->42763 42760 7ff7d0e264b5 42759->42760 42773 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42759->42773 42760->42710 42768 7ff7d0db69ec 6 API calls _cwprintf_s_l 42760->42768 42761->42763 42763->42759 42764 7ff7d0db4ab4 2 API calls 42763->42764 42764->42759 42765->42694 42766->42701 42767->42690 42768->42710 42769->42713 42770->42705 42771->42693 42772->42697 42773->42760 42774->42665 42776 7ff7d0e2315e 42775->42776 42777 7ff7d0e231c4 GlobalAlloc 42776->42777 42778 7ff7d0e23164 GetLastError 42776->42778 42779 7ff7d0e231fb 42777->42779 42782 7ff7d0e2317c _cwprintf_s_l 42777->42782 42778->42777 42778->42782 42780 7ff7d0e23271 42779->42780 42781 7ff7d0e23214 GetLastError 42779->42781 42783 7ff7d0e2328e GetLastError 42780->42783 42785 7ff7d0e2322c _cwprintf_s_l 42780->42785 42781->42780 42781->42785 42782->42074 42783->42785 42784 7ff7d0e232d6 GlobalFree 42784->42782 42785->42784 42786->42079 42788 7ff7d0e18448 42787->42788 42789 7ff7d0db9747 42788->42789 42791 7ff7d0e17928 FormatMessageW 42788->42791 42789->41978 42789->42210 42792 7ff7d0e179cf 42791->42792 42793 7ff7d0e17975 GetLastError 42791->42793 42795 7ff7d0e17a38 __swprintf_l 74 API calls 42792->42795 42793->42792 42794 7ff7d0e1798d _cwprintf_s_l 42793->42794 42796 7ff7d0e17a1b LocalFree 42794->42796 42797 7ff7d0e17a21 42794->42797 42795->42794 42796->42797 42797->42789 42800 7ff7d0dbd4d9 _cwprintf_s_l 42798->42800 42806 7ff7d0dbd6e0 _cwprintf_s_l 42800->42806 42807 7ff7d0dbd5db _cwprintf_s_l 42800->42807 42850 7ff7d0db9b6c 42800->42850 42855 7ff7d0dbbbfc 42800->42855 42802 7ff7d0db9b6c 2 API calls 42802->42807 42803 7ff7d0e03b50 _log10_special 8 API calls 42804 7ff7d0dbd77e 42803->42804 42804->42150 42808 7ff7d0dc1758 42804->42808 42805 7ff7d0dbbbfc 4 API calls 42805->42807 42806->42803 42807->42802 42807->42805 42807->42806 42809 7ff7d0dc178a __scrt_get_show_window_mode 42808->42809 42810 7ff7d0db543c 10 API calls 42809->42810 42812 7ff7d0dc17c7 _cwprintf_s_l 42809->42812 42811 7ff7d0dc17e0 42810->42811 42811->42812 42864 7ff7d0dc1534 42811->42864 42813 7ff7d0dc1848 42812->42813 42876 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42812->42876 42813->42150 42816 7ff7d0dc1514 42813->42816 42817 7ff7d0dc1521 42816->42817 42819 7ff7d0dc1526 42816->42819 42889 7ff7d0de7904 8 API calls _cwprintf_s_l 42817->42889 42819->42150 42820 7ff7d0dc1884 42819->42820 42821 7ff7d0dc1891 42820->42821 42822 7ff7d0dc1899 42820->42822 42821->42150 42824 7ff7d0e00600 42821->42824 42890 7ff7d0de7b4c 8 API calls _cwprintf_s_l 42822->42890 42891 7ff7d0e1eec0 42824->42891 42828 7ff7d0e00623 _cwprintf_s_l 42828->42121 42830 7ff7d0dc1425 42829->42830 42831 7ff7d0dc145b 42829->42831 42911 7ff7d0de77f0 10 API calls _cwprintf_s_l 42830->42911 42833 7ff7d0dc1461 CloseHandle 42831->42833 42835 7ff7d0dc146e __scrt_get_show_window_mode 42831->42835 42833->42835 42834 7ff7d0dc142a _cwprintf_s_l 42834->42831 42835->42112 42836->42123 42837->42150 42838->42130 42839->42132 42840->42135 42912 7ff7d0dbbe2c EnterCriticalSection 42841->42912 42844->42141 42845->42144 42846->42148 42847->42106 42848->42111 42849->42115 42851 7ff7d0db9b97 42850->42851 42852 7ff7d0db9b9f CompareStringW 42851->42852 42853 7ff7d0db9c27 _cwprintf_s_l 42851->42853 42854 7ff7d0db9bf3 GetLastError 42851->42854 42852->42851 42853->42800 42854->42853 42856 7ff7d0dbbc2f 42855->42856 42861 7ff7d0dbbc4a _cwprintf_s_l memcpy_s __scrt_get_show_window_mode 42855->42861 42857 7ff7d0dbbde6 42856->42857 42859 7ff7d0dbbc7d 42856->42859 42856->42861 42863 7ff7d0db6828 GetProcessHeap HeapAlloc 42857->42863 42859->42861 42862 7ff7d0db6ba0 GetProcessHeap HeapReAlloc 42859->42862 42861->42800 42865 7ff7d0dc1581 CreateFileW 42864->42865 42866 7ff7d0dc161f GetCurrentProcess GetCurrentProcess DuplicateHandle 42864->42866 42867 7ff7d0dc1694 SetFilePointerEx 42865->42867 42869 7ff7d0dc15b7 GetLastError 42865->42869 42866->42867 42868 7ff7d0dc1654 GetLastError 42866->42868 42872 7ff7d0dc16f2 42867->42872 42873 7ff7d0dc16b3 GetLastError 42867->42873 42875 7ff7d0dc15f2 _cwprintf_s_l 42868->42875 42871 7ff7d0dc15eb _cwprintf_s_l 42869->42871 42871->42875 42872->42875 42877 7ff7d0de7964 42872->42877 42873->42875 42875->42812 42876->42813 42878 7ff7d0de7982 42877->42878 42879 7ff7d0de7999 CreateEventW 42878->42879 42887 7ff7d0de7988 _cwprintf_s_l 42878->42887 42880 7ff7d0de79b6 GetLastError 42879->42880 42881 7ff7d0de79f8 CreateEventW 42879->42881 42880->42887 42882 7ff7d0de7a11 GetLastError 42881->42882 42883 7ff7d0de7a4e CreateThread 42881->42883 42882->42887 42884 7ff7d0de7ab6 42883->42884 42885 7ff7d0de7a76 GetLastError 42883->42885 42888 7ff7d0de769c 6 API calls _cwprintf_s_l 42884->42888 42885->42887 42887->42875 42888->42887 42889->42819 42890->42821 42892 7ff7d0e047d0 __scrt_get_show_window_mode 42891->42892 42893 7ff7d0e1ef0a VariantInit 42892->42893 42899 7ff7d0e1e4b8 GetModuleHandleA 42893->42899 42895 7ff7d0e1ef27 _cwprintf_s_l 42896 7ff7d0e03b50 _log10_special 8 API calls 42895->42896 42897 7ff7d0e0061d 42896->42897 42897->42828 42898 7ff7d0e00288 205 API calls _cwprintf_s_l 42897->42898 42898->42828 42900 7ff7d0e1e509 GetLastError 42899->42900 42901 7ff7d0e1e5af GetProcAddress 42899->42901 42907 7ff7d0e1e53d _cwprintf_s_l 42900->42907 42902 7ff7d0e1e62b CoCreateInstance 42901->42902 42903 7ff7d0e1e5c4 GetProcAddress GetProcAddress GetProcAddress 42901->42903 42905 7ff7d0e1e684 42902->42905 42909 7ff7d0e1e654 _cwprintf_s_l 42902->42909 42904 7ff7d0e1e602 42903->42904 42904->42902 42905->42909 42910 7ff7d0e1e764 SysAllocString SysFreeString _cwprintf_s_l 42905->42910 42907->42895 42908 7ff7d0e1e759 ExitProcess 42909->42907 42909->42908 42910->42909 42911->42834 42913 7ff7d0db9b6c 2 API calls 42912->42913 42914 7ff7d0dbbe6a 42913->42914 42915 7ff7d0dbbbfc 4 API calls 42914->42915 42921 7ff7d0dbbe76 _cwprintf_s_l 42914->42921 42925 7ff7d0dbbe9f 42914->42925 42915->42925 42916 7ff7d0dbc022 42934 7ff7d0de6394 11 API calls _cwprintf_s_l 42916->42934 42917 7ff7d0dbc074 LeaveCriticalSection 42919 7ff7d0dbc0a2 42917->42919 42920 7ff7d0dbc081 42917->42920 42919->42134 42920->42919 42922 7ff7d0dbc0c0 _cwprintf_s_l 78 API calls 42920->42922 42921->42917 42922->42919 42923 7ff7d0dbbf42 42926 7ff7d0dbc0c0 _cwprintf_s_l 78 API calls 42923->42926 42931 7ff7d0dbbfa9 42923->42931 42924 7ff7d0dbbfab 42924->42923 42927 7ff7d0dbbfb3 42924->42927 42925->42916 42925->42921 42925->42923 42925->42924 42929 7ff7d0dbbf68 42925->42929 42932 7ff7d0dbbf88 42925->42932 42926->42931 42928 7ff7d0dbc0c0 _cwprintf_s_l 78 API calls 42927->42928 42928->42931 42929->42923 42929->42931 42929->42932 42930 7ff7d0dbc0c0 _cwprintf_s_l 78 API calls 42930->42931 42931->42916 42933 7ff7d0db9b38 77 API calls 42931->42933 42932->42930 42933->42916 42934->42921 42936 7ff7d0dcebd7 42935->42936 42937 7ff7d0e1a65c RegOpenKeyExW 42936->42937 42938 7ff7d0dcec22 42937->42938 42944 7ff7d0dcec3a 42938->42944 43058 7ff7d0e1a904 15 API calls _cwprintf_s_l 42938->43058 42940 7ff7d0dcec8f 42942 7ff7d0dcec98 RegCloseKey 42940->42942 42945 7ff7d0dceca2 _cwprintf_s_l 42940->42945 42942->42945 42943 7ff7d0dcef19 42956 7ff7d0dcef3a 42943->42956 43025 7ff7d0dbc5ac 42943->43025 42944->42940 43059 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42944->43059 42946 7ff7d0e187d0 78 API calls 42945->42946 42953 7ff7d0dced58 42945->42953 42964 7ff7d0dcecfd _cwprintf_s_l 42945->42964 42946->42953 42947 7ff7d0dcedfc Sleep 42957 7ff7d0dcedf2 42947->42957 42950 7ff7d0dcf0a4 42955 7ff7d0db4578 5 API calls 42950->42955 42952 7ff7d0e184ac 132 API calls 42952->42957 42953->42943 42953->42957 42953->42964 42958 7ff7d0db8ed8 42955->42958 42963 7ff7d0dcefe2 42956->42963 42965 7ff7d0dcef70 42956->42965 43063 7ff7d0dce610 78 API calls 2 library calls 42956->43063 42957->42947 42957->42952 42959 7ff7d0dcee45 42957->42959 42958->42154 42958->42184 42961 7ff7d0dcee4d 42959->42961 42973 7ff7d0dcee5e 42959->42973 43060 7ff7d0e17f04 6 API calls _cwprintf_s_l 42961->43060 43064 7ff7d0e17f04 6 API calls _cwprintf_s_l 42963->43064 42964->42950 43065 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42964->43065 42965->42963 42965->42964 43028 7ff7d0e184ac EnterCriticalSection 42965->43028 42969 7ff7d0dcf027 42969->42964 42970 7ff7d0dbdb80 87 API calls 42969->42970 42970->42964 42973->42964 42973->42969 43061 7ff7d0de586c 62 API calls _cwprintf_s_l 42973->43061 42975 7ff7d0db543c 10 API calls 42974->42975 42976 7ff7d0dd39e5 42975->42976 42979 7ff7d0dd39eb _cwprintf_s_l 42976->42979 43151 7ff7d0dd1a34 42976->43151 42978 7ff7d0dd3a66 42978->42166 42979->42978 43168 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42979->43168 42982 7ff7d0db31dc __swprintf_l 61 API calls 42981->42982 42983 7ff7d0dd9d6b 42982->42983 42986 7ff7d0dd9d71 _cwprintf_s_l 42983->42986 43228 7ff7d0dd91e0 GetCurrentProcess GetCurrentProcess DuplicateHandle 42983->43228 42986->42168 42990 7ff7d0dd9e1c 42990->42986 42992 7ff7d0dd9e86 42990->42992 43244 7ff7d0db30a4 61 API calls 2 library calls 42990->43244 43000 7ff7d0dd9ecf _cwprintf_s_l 42992->43000 43246 7ff7d0db1570 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42992->43246 42993 7ff7d0dd9e60 42993->42986 43245 7ff7d0db1570 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 42993->43245 42996 7ff7d0dd9ffb 42996->42986 42997 7ff7d0dda04f 42996->42997 43248 7ff7d0db30a4 61 API calls 2 library calls 42996->43248 42997->42986 42999 7ff7d0dda082 42997->42999 43249 7ff7d0db30a4 61 API calls 2 library calls 42997->43249 42999->42986 43250 7ff7d0dd807c 61 API calls 2 library calls 42999->43250 43000->42986 43000->42996 43247 7ff7d0db1570 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43000->43247 43005 7ff7d0db1e3c __swprintf_l 61 API calls 43004->43005 43006 7ff7d0db3248 43005->43006 43006->42184 43007 7ff7d0dda168 43006->43007 43010 7ff7d0dda1a1 __scrt_get_show_window_mode 43007->43010 43008 7ff7d0dda1ce CreateProcessW 43009 7ff7d0dda22c GetLastError 43008->43009 43011 7ff7d0dda263 _cwprintf_s_l 43008->43011 43009->43011 43010->43008 43011->42181 43013 7ff7d0db18f4 2 API calls 43012->43013 43014 7ff7d0e1976a 43013->43014 43015 7ff7d0e1977d _cwprintf_s_l 43014->43015 43016 7ff7d0e197af GetExitCodeProcess 43014->43016 43015->42184 43016->43015 43017 7ff7d0e197bf GetLastError 43016->43017 43017->43015 43254 7ff7d0db45a8 43018->43254 43020 7ff7d0db458a 43021 7ff7d0db4599 43020->43021 43258 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43020->43258 43021->42175 43023->42178 43024->42180 43066 7ff7d0db9c84 EnterCriticalSection 43025->43066 43029 7ff7d0e18539 43028->43029 43030 7ff7d0e184f0 43028->43030 43031 7ff7d0db4be0 2 API calls 43029->43031 43030->43029 43032 7ff7d0e184f6 43030->43032 43037 7ff7d0e18548 43031->43037 43098 7ff7d0db4d48 43032->43098 43034 7ff7d0e1851f 43035 7ff7d0e186d0 43034->43035 43036 7ff7d0e186d5 43034->43036 43057 7ff7d0e18529 _cwprintf_s_l 43034->43057 43142 7ff7d0e1826c 95 API calls 3 library calls 43035->43142 43041 7ff7d0e1887c __swprintf_l 10 API calls 43036->43041 43036->43057 43047 7ff7d0e18584 43037->43047 43037->43057 43128 7ff7d0db50b4 66 API calls _cwprintf_s_l 43037->43128 43038 7ff7d0e18747 LeaveCriticalSection 43040 7ff7d0e1875d 43038->43040 43044 7ff7d0e18762 43038->43044 43144 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43040->43144 43046 7ff7d0e186e6 43041->43046 43045 7ff7d0dcefd4 43044->43045 43145 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43044->43145 43045->42963 43062 7ff7d0e17f04 6 API calls _cwprintf_s_l 43045->43062 43046->43057 43143 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43046->43143 43047->43057 43129 7ff7d0db79e8 CreateDirectoryW 43047->43129 43051 7ff7d0e185dc 43052 7ff7d0e1861b CreateFileW 43051->43052 43051->43057 43053 7ff7d0e186a7 43052->43053 43054 7ff7d0e1865f GetLastError 43052->43054 43053->43034 43055 7ff7d0e186b2 SetFilePointer 43053->43055 43054->43053 43056 7ff7d0e18677 _cwprintf_s_l 43054->43056 43055->43034 43056->43057 43057->43038 43058->42944 43059->42940 43061->42973 43063->42965 43065->42950 43090 7ff7d0db9cd8 43066->43090 43067 7ff7d0dba43d LeaveCriticalSection 43068 7ff7d0dba482 43067->43068 43078 7ff7d0dba44e 43067->43078 43071 7ff7d0dba4b2 43068->43071 43072 7ff7d0dba494 43068->43072 43069 7ff7d0dba47a 43070 7ff7d0db6a48 _cwprintf_s_l 3 API calls 43069->43070 43070->43068 43073 7ff7d0db4578 5 API calls 43071->43073 43074 7ff7d0dba4a2 43072->43074 43096 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43072->43096 43076 7ff7d0dba4b9 43073->43076 43079 7ff7d0dba4b0 43074->43079 43097 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43074->43097 43075 7ff7d0db4578 5 API calls 43075->43078 43080 7ff7d0db4578 5 API calls 43076->43080 43078->43069 43078->43075 43095 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43078->43095 43079->42956 43083 7ff7d0dba4c2 43080->43083 43084 7ff7d0db4578 5 API calls 43083->43084 43084->43079 43088 7ff7d0db9d22 _cwprintf_s_l 43088->43067 43090->43088 43091 7ff7d0db6ba0 GetProcessHeap HeapReAlloc 43090->43091 43092 7ff7d0db6828 GetProcessHeap HeapAlloc 43090->43092 43093 7ff7d0dbd7a0 CompareStringW GetLastError EnterCriticalSection LeaveCriticalSection _cwprintf_s_l 43090->43093 43094 7ff7d0dba4e0 69 API calls _cwprintf_s_l 43090->43094 43093->43090 43094->43090 43095->43078 43096->43074 43097->43079 43099 7ff7d0db4dfd 43098->43099 43100 7ff7d0db4dab 43098->43100 43102 7ff7d0db608c 75 API calls 43099->43102 43100->43099 43101 7ff7d0db4db1 43100->43101 43103 7ff7d0db4bfc 2 API calls 43101->43103 43104 7ff7d0db4e08 43102->43104 43106 7ff7d0db4dc7 43103->43106 43105 7ff7d0db4bfc 2 API calls 43104->43105 43107 7ff7d0db4dcd _cwprintf_s_l 43104->43107 43105->43106 43106->43107 43108 7ff7d0db4e66 43106->43108 43109 7ff7d0db79e8 5 API calls 43106->43109 43110 7ff7d0db5067 43107->43110 43146 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43107->43146 43108->43107 43111 7ff7d0db4ebb GetLocalTime 43108->43111 43117 7ff7d0db4f41 CreateFileW 43108->43117 43118 7ff7d0db4fc8 _cwprintf_s_l 43108->43118 43125 7ff7d0db4f87 Sleep 43108->43125 43109->43108 43113 7ff7d0db5075 43110->43113 43147 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43110->43147 43114 7ff7d0db31dc __swprintf_l 61 API calls 43111->43114 43120 7ff7d0db5083 43113->43120 43148 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43113->43148 43114->43108 43117->43118 43122 7ff7d0db4f75 GetLastError 43117->43122 43118->43107 43127 7ff7d0db5050 CloseHandle 43118->43127 43119 7ff7d0db5091 43121 7ff7d0e03b50 _log10_special 8 API calls 43119->43121 43120->43119 43149 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43120->43149 43124 7ff7d0db509f 43121->43124 43122->43108 43122->43125 43124->43034 43125->43108 43126 7ff7d0db4f9a 43125->43126 43126->43108 43127->43107 43128->43047 43130 7ff7d0db7a1a GetLastError 43129->43130 43135 7ff7d0db7a96 _cwprintf_s_l 43129->43135 43131 7ff7d0db7a2b 43130->43131 43130->43135 43132 7ff7d0db7a30 43131->43132 43136 7ff7d0db7a42 43131->43136 43150 7ff7d0db7b5c GetFileAttributesW 43132->43150 43134 7ff7d0db7a3a 43134->43135 43134->43136 43135->43051 43136->43135 43137 7ff7d0db79e8 GetFileAttributesW 43136->43137 43138 7ff7d0db7a8c 43137->43138 43138->43135 43139 7ff7d0db7ac6 CreateDirectoryW 43138->43139 43140 7ff7d0db7ad6 GetLastError 43139->43140 43141 7ff7d0db7ae3 43139->43141 43140->43141 43141->43135 43142->43036 43143->43057 43144->43044 43145->43045 43146->43110 43147->43113 43148->43120 43149->43119 43150->43134 43169 7ff7d0dd44cc 43151->43169 43154 7ff7d0e21050 77 API calls 43155 7ff7d0dd1a97 43154->43155 43157 7ff7d0db79e8 5 API calls 43155->43157 43167 7ff7d0dd1a76 _cwprintf_s_l 43155->43167 43156 7ff7d0dd1ba6 43160 7ff7d0dd1bb4 43156->43160 43208 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43156->43208 43158 7ff7d0dd1ab9 43157->43158 43163 7ff7d0e21050 77 API calls 43158->43163 43158->43167 43162 7ff7d0dd1bc2 43160->43162 43209 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43160->43209 43162->42979 43165 7ff7d0dd1ae0 43163->43165 43165->43167 43179 7ff7d0dd1be0 CreateFileW 43165->43179 43167->43156 43207 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43167->43207 43168->42978 43170 7ff7d0dd45aa DecryptFileW 43169->43170 43175 7ff7d0dd44f7 43169->43175 43171 7ff7d0dd457a _cwprintf_s_l 43170->43171 43172 7ff7d0dd1a70 43171->43172 43211 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43171->43211 43172->43154 43172->43167 43173 7ff7d0e21050 77 API calls 43173->43175 43175->43173 43177 7ff7d0db79e8 5 API calls 43175->43177 43178 7ff7d0dd455e 43175->43178 43210 7ff7d0e17f80 77 API calls 3 library calls 43175->43210 43177->43175 43178->43170 43178->43171 43180 7ff7d0dd1cb0 43179->43180 43181 7ff7d0dd1c4b GetLastError 43179->43181 43212 7ff7d0e22e84 SetFilePointerEx 43180->43212 43184 7ff7d0dd1c7f _cwprintf_s_l 43181->43184 43183 7ff7d0dd1cc0 43199 7ff7d0dd1cc6 _cwprintf_s_l 43183->43199 43215 7ff7d0e21d8c 43183->43215 43187 7ff7d0e03b50 _log10_special 8 API calls 43184->43187 43190 7ff7d0dd1f2a 43187->43190 43188 7ff7d0dd1f12 CloseHandle 43188->43184 43189 7ff7d0dd1d55 SetFilePointerEx 43191 7ff7d0dd1d6b GetLastError 43189->43191 43192 7ff7d0dd1dad 43189->43192 43190->43167 43191->43199 43223 7ff7d0e235ec 43192->43223 43194 7ff7d0dd1dc2 43195 7ff7d0dd1dd9 SetFilePointerEx 43194->43195 43194->43199 43196 7ff7d0dd1e2f 43195->43196 43197 7ff7d0dd1def GetLastError 43195->43197 43198 7ff7d0e235ec 2 API calls 43196->43198 43197->43199 43200 7ff7d0dd1e3e 43198->43200 43199->43188 43200->43199 43201 7ff7d0e235ec 2 API calls 43200->43201 43202 7ff7d0dd1e64 43201->43202 43202->43199 43203 7ff7d0dd1e78 SetFilePointerEx 43202->43203 43204 7ff7d0dd1ec3 _cwprintf_s_l 43203->43204 43205 7ff7d0dd1e8f GetLastError 43203->43205 43206 7ff7d0e235ec 2 API calls 43204->43206 43205->43204 43206->43199 43207->43156 43208->43160 43209->43162 43210->43175 43211->43172 43213 7ff7d0e22ed8 _cwprintf_s_l 43212->43213 43214 7ff7d0e22ea2 GetLastError 43212->43214 43213->43183 43214->43213 43218 7ff7d0e21da1 43215->43218 43216 7ff7d0e21dcc ReadFile 43217 7ff7d0e21e50 GetLastError 43216->43217 43216->43218 43219 7ff7d0e21e38 _cwprintf_s_l 43217->43219 43218->43216 43218->43219 43220 7ff7d0e235ec 2 API calls 43218->43220 43221 7ff7d0e03b50 _log10_special 8 API calls 43219->43221 43220->43218 43222 7ff7d0dd1d0c 43221->43222 43222->43188 43222->43189 43222->43199 43224 7ff7d0e2366f _cwprintf_s_l 43223->43224 43227 7ff7d0e2361d 43223->43227 43224->43194 43225 7ff7d0e23623 WriteFile 43226 7ff7d0e23649 GetLastError 43225->43226 43225->43227 43226->43224 43226->43227 43227->43224 43227->43225 43229 7ff7d0dd9243 GetLastError 43228->43229 43230 7ff7d0dd92a8 43228->43230 43232 7ff7d0dd9277 _cwprintf_s_l 43229->43232 43251 7ff7d0db3138 61 API calls 2 library calls 43230->43251 43233 7ff7d0dd92f2 43232->43233 43234 7ff7d0dd92ec CloseHandle 43232->43234 43233->42986 43235 7ff7d0dd9308 CreateFileW 43233->43235 43234->43233 43236 7ff7d0dd9410 43235->43236 43237 7ff7d0dd937a 43235->43237 43236->42986 43243 7ff7d0dd9430 61 API calls _cwprintf_s_l 43236->43243 43252 7ff7d0db3138 61 API calls 2 library calls 43237->43252 43239 7ff7d0dd9393 43241 7ff7d0dd9399 _cwprintf_s_l 43239->43241 43253 7ff7d0db30a4 61 API calls 2 library calls 43239->43253 43241->43236 43242 7ff7d0dd9407 CloseHandle 43241->43242 43242->43236 43243->42990 43244->42993 43245->42992 43246->43000 43247->42996 43248->42997 43249->42999 43250->42986 43251->43232 43252->43239 43253->43241 43255 7ff7d0db45c1 43254->43255 43257 7ff7d0db45cb _cwprintf_s_l 43254->43257 43259 7ff7d0db6f2c GetProcessHeap HeapSize _cwprintf_s_l 43255->43259 43257->43020 43258->43021 43259->43257 43261 7ff7d0db7301 __scrt_get_show_window_mode 43260->43261 43262 7ff7d0db731f GetFileAttributesW 43261->43262 43263 7ff7d0db73be 43262->43263 43264 7ff7d0db733b GetLastError 43262->43264 43265 7ff7d0db7432 43263->43265 43266 7ff7d0db73ca SetFileAttributesW 43263->43266 43301 7ff7d0db779d _cwprintf_s_l 43263->43301 43286 7ff7d0db7353 _cwprintf_s_l 43264->43286 43268 7ff7d0db7754 RemoveDirectoryW 43265->43268 43269 7ff7d0db746a 43265->43269 43274 7ff7d0db608c 75 API calls 43265->43274 43266->43265 43267 7ff7d0db73dc GetLastError 43266->43267 43282 7ff7d0db73f4 _cwprintf_s_l 43267->43282 43273 7ff7d0db7767 GetLastError 43268->43273 43268->43301 43275 7ff7d0db4be0 2 API calls 43269->43275 43269->43286 43270 7ff7d0db799b 43272 7ff7d0db79aa 43270->43272 43309 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43270->43309 43279 7ff7d0db79b9 43272->43279 43310 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43272->43310 43278 7ff7d0db7783 43273->43278 43273->43301 43274->43269 43276 7ff7d0db74b0 FindFirstFileW 43275->43276 43287 7ff7d0db74ef GetLastError 43276->43287 43306 7ff7d0db7527 _cwprintf_s_l 43276->43306 43283 7ff7d0db7789 MoveFileExW 43278->43283 43278->43301 43285 7ff7d0e03b50 _log10_special 8 API calls 43279->43285 43280 7ff7d0db7983 FindClose 43280->43286 43282->43286 43283->43301 43288 7ff7d0db79ca 43285->43288 43286->43270 43308 7ff7d0db4278 GetProcessHeap RtlFreeHeap GetLastError _cwprintf_s_l 43286->43308 43287->43306 43288->42187 43289 7ff7d0db7729 FindNextFileW 43290 7ff7d0db7743 GetLastError 43289->43290 43289->43306 43291 7ff7d0db7752 43290->43291 43292 7ff7d0db7896 GetLastError 43290->43292 43291->43268 43292->43301 43293 7ff7d0db4be0 2 API calls 43293->43306 43294 7ff7d0db7644 SetFileAttributesW 43295 7ff7d0db768c DeleteFileW 43294->43295 43297 7ff7d0db7658 GetLastError 43294->43297 43295->43289 43295->43306 43296 7ff7d0db4ab4 2 API calls 43296->43306 43302 7ff7d0db7817 _cwprintf_s_l 43297->43302 43305 7ff7d0db7673 43297->43305 43298 7ff7d0db76fa GetLastError 43298->43301 43298->43306 43300 7ff7d0db72ac 80 API calls 43300->43306 43301->43280 43301->43286 43302->43301 43303 7ff7d0db76c8 MoveFileExW 43304 7ff7d0db76f2 MoveFileExW 43303->43304 43303->43305 43304->43289 43305->43289 43305->43302 43305->43303 43305->43304 43307 7ff7d0db5d3c 66 API calls 2 library calls 43305->43307 43306->43289 43306->43293 43306->43294 43306->43295 43306->43296 43306->43298 43306->43300 43306->43301 43306->43305 43307->43305 43308->43270 43309->43272 43310->43279 43311->42196 43312->42197 43313->42199 43314->42201 43315->42203 43316->42205 43317->42207 43453 7ff7d0dba770 6 API calls _cwprintf_s_l 43454 7ff7d0dbaf70 15 API calls 2 library calls 43374 7ff7d0de6a70 43375 7ff7d0de6abb 43374->43375 43376 7ff7d0de6b5a SetFilePointerEx 43375->43376 43378 7ff7d0de6ac7 _cwprintf_s_l 43375->43378 43377 7ff7d0de6b78 GetLastError 43376->43377 43376->43378 43377->43378 43384 7ff7d0e0b65d 43396 7ff7d0e0bfb8 43384->43396 43386 7ff7d0e0b662 43387 7ff7d0e0b689 GetModuleHandleW 43386->43387 43388 7ff7d0e0b6d3 43386->43388 43387->43388 43394 7ff7d0e0b696 43387->43394 43389 7ff7d0e0b560 11 API calls 43388->43389 43390 7ff7d0e0b70f 43389->43390 43391 7ff7d0e0b716 43390->43391 43392 7ff7d0e0b72c 11 API calls 43390->43392 43393 7ff7d0e0b728 43392->43393 43394->43388 43395 7ff7d0e0b784 GetModuleHandleExW GetProcAddress FreeLibrary 43394->43395 43395->43388 43401 7ff7d0e0e140 47 API calls 3 library calls 43396->43401 43400 7ff7d0e0bfc1 43402 7ff7d0e0c060 47 API calls __FrameHandler3::FrameUnwindToEmptyState 43400->43402 43401->43400 43455 7ff7d0e03b70 59 API calls 3 library calls 43456 7ff7d0dbb140 81 API calls 3 library calls 43507 7ff7d0dbb640 75 API calls _cwprintf_s_l 43508 7ff7d0de5240 30 API calls 2 library calls 43509 7ff7d0df9440 61 API calls _cwprintf_s_l 43510 7ff7d0e03c40 48 API calls 2 library calls 43457 7ff7d0dbb350 17 API calls _cwprintf_s_l 43458 7ff7d0dbad50 13 API calls _cwprintf_s_l 43512 7ff7d0db8250 10 API calls __swprintf_l 43513 7ff7d0dbb050 9 API calls _cwprintf_s_l 43516 7ff7d0e0b22c 50 API calls __free_lconv_num 43460 7ff7d0e0b930 11 API calls 43461 7ff7d0e0dd30 80 API calls __free_lconv_num 43519 7ff7d0e16230 CloseHandle 43462 7ff7d0e2d734 14 API calls 43522 7ff7d0dba830 6 API calls _cwprintf_s_l 43523 7ff7d0dbae30 5 API calls _cwprintf_s_l 43524 7ff7d0e2e618 57 API calls ExFilterRethrow 43463 7ff7d0de1d30 5 API calls _cwprintf_s_l 43525 7ff7d0de5430 19 API calls 43381 7ff7d0e2d71b 43382 7ff7d0e2d690 43381->43382 43383 7ff7d0e2e140 14 API calls 43382->43383 43383->43382 43464 7ff7d0e10d20 FreeLibrary 43527 7ff7d0e2be20 CompareStringOrdinal GetLastError 43465 7ff7d0db232c 60 API calls _cwprintf_s_l

                                                                      Executed Functions

                                                                      Function 00007FF7D0DC0238 Relevance: 88.1, APIs: 24, Strings: 26, Instructions: 582fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 55 7ff7d0dc0238-7ff7d0dc02c8 call 7ff7d0e047d0 * 3 62 7ff7d0dc0312-7ff7d0dc0332 SetFilePointerEx 55->62 63 7ff7d0dc02ca-7ff7d0dc02fd GetLastError call 7ff7d0db12b0 55->63 65 7ff7d0dc0371-7ff7d0dc038d ReadFile 62->65 66 7ff7d0dc0334-7ff7d0dc036f GetLastError call 7ff7d0db12b0 62->66 73 7ff7d0dc0304-7ff7d0dc030d 63->73 69 7ff7d0dc03cf-7ff7d0dc03d4 65->69 70 7ff7d0dc038f-7ff7d0dc03ca GetLastError call 7ff7d0db12b0 65->70 66->73 71 7ff7d0dc0b26-7ff7d0dc0b43 call 7ff7d0db12b0 69->71 72 7ff7d0dc03da-7ff7d0dc03e3 69->72 70->73 84 7ff7d0dc0b4a-7ff7d0dc0b4f 71->84 72->71 77 7ff7d0dc03e9-7ff7d0dc03fe SetFilePointerEx 72->77 78 7ff7d0dc0b53-7ff7d0dc0b68 call 7ff7d0db12b4 73->78 81 7ff7d0dc0440-7ff7d0dc045f ReadFile 77->81 82 7ff7d0dc0400-7ff7d0dc0434 GetLastError call 7ff7d0db12b0 77->82 85 7ff7d0dc0b6d-7ff7d0dc0b9e call 7ff7d0e03b50 78->85 87 7ff7d0dc04a1-7ff7d0dc04a6 81->87 88 7ff7d0dc0461-7ff7d0dc0495 GetLastError call 7ff7d0db12b0 81->88 82->81 84->78 92 7ff7d0dc0b00-7ff7d0dc0b24 call 7ff7d0db12b0 87->92 93 7ff7d0dc04ac-7ff7d0dc04b3 87->93 88->87 92->84 93->92 97 7ff7d0dc04b9-7ff7d0dc04db SetFilePointerEx 93->97 98 7ff7d0dc051d-7ff7d0dc053f ReadFile 97->98 99 7ff7d0dc04dd-7ff7d0dc0511 GetLastError call 7ff7d0db12b0 97->99 102 7ff7d0dc0581-7ff7d0dc059e ReadFile 98->102 103 7ff7d0dc0541-7ff7d0dc0575 GetLastError call 7ff7d0db12b0 98->103 99->98 106 7ff7d0dc05e0-7ff7d0dc0600 SetFilePointerEx 102->106 107 7ff7d0dc05a0-7ff7d0dc05d4 GetLastError call 7ff7d0db12b0 102->107 103->102 110 7ff7d0dc0642-7ff7d0dc0665 ReadFile 106->110 111 7ff7d0dc0602-7ff7d0dc0636 GetLastError call 7ff7d0db12b0 106->111 107->106 113 7ff7d0dc0667 110->113 114 7ff7d0dc06bc-7ff7d0dc071d GetLastError call 7ff7d0db12b0 call 7ff7d0db12b4 110->114 111->110 117 7ff7d0dc066c-7ff7d0dc0671 113->117 114->85 119 7ff7d0dc0ab2-7ff7d0dc0ad4 call 7ff7d0db12b0 117->119 120 7ff7d0dc0677-7ff7d0dc0683 117->120 134 7ff7d0dc0ad9-7ff7d0dc0afe call 7ff7d0db12b4 119->134 123 7ff7d0dc0749-7ff7d0dc074e 120->123 124 7ff7d0dc0689-7ff7d0dc068f 120->124 126 7ff7d0dc0750-7ff7d0dc077a call 7ff7d0db12b0 123->126 127 7ff7d0dc077f-7ff7d0dc0793 call 7ff7d0db6828 123->127 129 7ff7d0dc0722-7ff7d0dc0744 call 7ff7d0db12b0 124->129 130 7ff7d0dc0695-7ff7d0dc06ba ReadFile 124->130 126->134 141 7ff7d0dc0795-7ff7d0dc07b9 call 7ff7d0db12b0 127->141 142 7ff7d0dc07be-7ff7d0dc07d3 SetFilePointerEx 127->142 140 7ff7d0dc08a9-7ff7d0dc08c7 call 7ff7d0db12b4 129->140 130->114 130->117 134->85 150 7ff7d0dc08cc-7ff7d0dc08ce 140->150 141->84 146 7ff7d0dc0815-7ff7d0dc083b ReadFile 142->146 147 7ff7d0dc07d5-7ff7d0dc0810 GetLastError call 7ff7d0db12b0 142->147 148 7ff7d0dc087d-7ff7d0dc0885 146->148 149 7ff7d0dc083d-7ff7d0dc0878 GetLastError call 7ff7d0db12b0 146->149 163 7ff7d0dc0a79 147->163 154 7ff7d0dc08d3-7ff7d0dc08d8 148->154 155 7ff7d0dc0887-7ff7d0dc08a2 call 7ff7d0db12b0 148->155 149->163 156 7ff7d0dc0a9c-7ff7d0dc0a9f 150->156 161 7ff7d0dc08da-7ff7d0dc08fd call 7ff7d0db12b0 154->161 162 7ff7d0dc0929-7ff7d0dc0935 154->162 155->140 156->85 158 7ff7d0dc0aa5-7ff7d0dc0aad call 7ff7d0db6a48 156->158 158->85 177 7ff7d0dc0904-7ff7d0dc0927 call 7ff7d0db12b4 161->177 165 7ff7d0dc0963-7ff7d0dc0975 call 7ff7d0e23090 162->165 166 7ff7d0dc0937-7ff7d0dc0961 call 7ff7d0db12b0 162->166 169 7ff7d0dc0a7b-7ff7d0dc0a80 163->169 179 7ff7d0dc0988-7ff7d0dc0995 165->179 180 7ff7d0dc0977-7ff7d0dc0983 165->180 166->177 174 7ff7d0dc0a84-7ff7d0dc0a97 call 7ff7d0db12b4 169->174 174->156 177->150 183 7ff7d0dc0997-7ff7d0dc099b 179->183 184 7ff7d0dc099d-7ff7d0dc09a3 179->184 180->169 185 7ff7d0dc09b1-7ff7d0dc0a03 call 7ff7d0db6828 183->185 186 7ff7d0dc09a5-7ff7d0dc09a9 184->186 187 7ff7d0dc09ab-7ff7d0dc09af 184->187 190 7ff7d0dc0a05-7ff7d0dc0a37 call 7ff7d0db12b0 185->190 191 7ff7d0dc0a39-7ff7d0dc0a5a call 7ff7d0e04b90 call 7ff7d0dbfecc 185->191 186->185 187->185 190->174 191->156 198 7ff7d0dc0a5c-7ff7d0dc0a72 call 7ff7d0db12b0 191->198 198->163
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$File$Pointer$Read
                                                                      • String ID: ($4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data too short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$Invalid section info, cContainers too large: %u$PE Header from file didn't match PE Header in memory.$d:\a\wix4\wix4\src\burn\engine\section.cpp
                                                                      • API String ID: 2600052162-807141041
                                                                      • Opcode ID: d88e13f582e143ad85da803e65f928623628dee30627a78611f5db80cc6f2063
                                                                      • Instruction ID: b6435a40cdcdf94d01b5631607516923bf8279352da374d6a484c5716500c8ca
                                                                      • Opcode Fuzzy Hash: d88e13f582e143ad85da803e65f928623628dee30627a78611f5db80cc6f2063
                                                                      • Instruction Fuzzy Hash: 8E42C476B1860286E720EF25E44076DAAB5BB88780FC1613BD94D83799DF3DF901C7A4
                                                                      Function 00007FF7D0DB72AC Relevance: 65.2, APIs: 19, Strings: 18, Instructions: 454fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 201 7ff7d0db72ac-7ff7d0db7335 call 7ff7d0e047d0 * 2 GetFileAttributesW 206 7ff7d0db73be-7ff7d0db73c0 201->206 207 7ff7d0db733b-7ff7d0db7351 GetLastError 201->207 210 7ff7d0db73c6-7ff7d0db73c8 206->210 211 7ff7d0db792e-7ff7d0db795b call 7ff7d0db12b0 206->211 208 7ff7d0db7353-7ff7d0db7358 207->208 209 7ff7d0db735a-7ff7d0db7368 207->209 212 7ff7d0db736a-7ff7d0db7385 call 7ff7d0db12b0 208->212 209->212 213 7ff7d0db73b4-7ff7d0db73b9 209->213 215 7ff7d0db7432-7ff7d0db744c 210->215 216 7ff7d0db73ca-7ff7d0db73da SetFileAttributesW 210->216 229 7ff7d0db795f-7ff7d0db7964 211->229 238 7ff7d0db738c-7ff7d0db73af call 7ff7d0db12b4 212->238 221 7ff7d0db798c-7ff7d0db7994 213->221 218 7ff7d0db7458-7ff7d0db745c 215->218 219 7ff7d0db744e-7ff7d0db7452 215->219 216->215 222 7ff7d0db73dc-7ff7d0db73f2 GetLastError 216->222 227 7ff7d0db745e-7ff7d0db746e call 7ff7d0db608c 218->227 228 7ff7d0db749c-7ff7d0db74b4 call 7ff7d0db4be0 218->228 219->218 226 7ff7d0db7754-7ff7d0db7761 RemoveDirectoryW 219->226 230 7ff7d0db7996 call 7ff7d0db4278 221->230 231 7ff7d0db799b-7ff7d0db79a3 221->231 223 7ff7d0db73f4-7ff7d0db73f9 222->223 224 7ff7d0db73fb-7ff7d0db7409 222->224 233 7ff7d0db740b-7ff7d0db742d call 7ff7d0db12b0 223->233 224->213 224->233 236 7ff7d0db7767-7ff7d0db7781 GetLastError 226->236 237 7ff7d0db7978-7ff7d0db7981 226->237 227->228 263 7ff7d0db7470-7ff7d0db7497 call 7ff7d0db12b4 227->263 253 7ff7d0db74b6-7ff7d0db74cc 228->253 254 7ff7d0db74d4-7ff7d0db74ed FindFirstFileW 228->254 240 7ff7d0db7967-7ff7d0db7973 call 7ff7d0db12b4 229->240 230->231 234 7ff7d0db79a5 call 7ff7d0db4278 231->234 235 7ff7d0db79aa-7ff7d0db79b2 231->235 233->238 234->235 247 7ff7d0db79b4 call 7ff7d0db4278 235->247 248 7ff7d0db79b9-7ff7d0db79e4 call 7ff7d0e03b50 235->248 245 7ff7d0db77a0-7ff7d0db77a9 236->245 246 7ff7d0db7783-7ff7d0db7787 236->246 237->221 252 7ff7d0db7983-7ff7d0db7986 FindClose 237->252 238->221 240->237 259 7ff7d0db77af-7ff7d0db77b5 245->259 260 7ff7d0db788c-7ff7d0db7891 245->260 256 7ff7d0db77d0-7ff7d0db77e4 call 7ff7d0db12b0 246->256 257 7ff7d0db7789-7ff7d0db779b MoveFileExW 246->257 247->248 252->221 253->254 264 7ff7d0db74ef-7ff7d0db7531 GetLastError call 7ff7d0db12b0 254->264 265 7ff7d0db7539 254->265 280 7ff7d0db77eb-7ff7d0db77f1 256->280 257->256 266 7ff7d0db779d 257->266 267 7ff7d0db77b7-7ff7d0db77bc 259->267 268 7ff7d0db77c8-7ff7d0db77ca 259->268 260->237 263->221 264->265 273 7ff7d0db753b-7ff7d0db7544 265->273 266->245 267->256 274 7ff7d0db77be-7ff7d0db77c2 267->274 268->237 268->256 278 7ff7d0db7562-7ff7d0db7592 call 7ff7d0db2bb4 273->278 279 7ff7d0db7546-7ff7d0db754d 273->279 274->237 274->268 287 7ff7d0db7909-7ff7d0db7910 278->287 288 7ff7d0db7598-7ff7d0db75b0 call 7ff7d0db4be0 278->288 281 7ff7d0db7553-7ff7d0db7556 279->281 282 7ff7d0db7729-7ff7d0db773d FindNextFileW 279->282 280->229 281->278 285 7ff7d0db7558-7ff7d0db755c 281->285 282->273 284 7ff7d0db7743-7ff7d0db774c GetLastError 282->284 289 7ff7d0db7752 284->289 290 7ff7d0db7896-7ff7d0db78ce GetLastError call 7ff7d0db12b0 284->290 285->278 285->282 292 7ff7d0db7915-7ff7d0db792c call 7ff7d0db12b4 287->292 297 7ff7d0db75b6-7ff7d0db75ba 288->297 298 7ff7d0db78d3-7ff7d0db7907 call 7ff7d0db12b4 288->298 289->226 290->280 292->237 301 7ff7d0db7631-7ff7d0db7637 297->301 302 7ff7d0db75bc-7ff7d0db75c1 297->302 298->237 301->282 303 7ff7d0db763d-7ff7d0db7642 301->303 302->301 305 7ff7d0db75c3-7ff7d0db75d1 call 7ff7d0db4ab4 302->305 306 7ff7d0db7644-7ff7d0db7656 SetFileAttributesW 303->306 307 7ff7d0db768c-7ff7d0db7699 DeleteFileW 303->307 316 7ff7d0db77f6-7ff7d0db7812 305->316 317 7ff7d0db75d7-7ff7d0db75df call 7ff7d0db72ac 305->317 306->307 309 7ff7d0db7658-7ff7d0db766d GetLastError 306->309 307->282 310 7ff7d0db769f-7ff7d0db76a3 307->310 312 7ff7d0db7673-7ff7d0db7681 309->312 313 7ff7d0db7817 309->313 314 7ff7d0db76a5-7ff7d0db76c2 call 7ff7d0db5d3c 310->314 315 7ff7d0db76fa-7ff7d0db770f GetLastError 310->315 318 7ff7d0db781c-7ff7d0db783a call 7ff7d0db12b0 312->318 319 7ff7d0db7687 312->319 313->318 330 7ff7d0db784f-7ff7d0db785b 314->330 331 7ff7d0db76c8-7ff7d0db76eb MoveFileExW 314->331 322 7ff7d0db7860 315->322 323 7ff7d0db7715-7ff7d0db7723 315->323 316->240 327 7ff7d0db75e4-7ff7d0db75ee 317->327 333 7ff7d0db7841-7ff7d0db784a 318->333 319->282 325 7ff7d0db7865-7ff7d0db788a call 7ff7d0db12b0 322->325 323->282 323->325 325->333 327->282 332 7ff7d0db75f4-7ff7d0db75f9 327->332 330->292 335 7ff7d0db76f2-7ff7d0db76f8 MoveFileExW 331->335 336 7ff7d0db76ed 331->336 332->282 337 7ff7d0db75ff-7ff7d0db762c call 7ff7d0db12b4 332->337 333->240 335->282 336->335 337->282
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLast$Attributes$FindFirst
                                                                      • String ID: *.*$DEL$Directory delete cannot delete file: %ls$Failed to concat filename '%ls' to directory: %ls$Failed to concat wild cards to string: %ls$Failed to delete file: %ls$Failed to delete subdirectory; continuing: %ls$Failed to ensure file name was null terminated.$Failed to ensure path is backslash terminated: %ls$Failed to get attributes for path: %ls$Failed to get temp directory.$Failed to get temp file to move to.$Failed to remove attributes from file: %ls$Failed to remove directory: %ls$Failed to remove read-only attribute from path: %ls$Failed while looping through files in directory: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp$failed to get first file in directory: %ls
                                                                      • API String ID: 3680393312-305978383
                                                                      • Opcode ID: c4af503291efe05678dd518eae2f7af1993d96f8a4a434f14cdb73646dc6657f
                                                                      • Instruction ID: 5c61c22a3dc5c34ab718bfa9a52f1730957da711e634ffda24814a87d26b1fce
                                                                      • Opcode Fuzzy Hash: c4af503291efe05678dd518eae2f7af1993d96f8a4a434f14cdb73646dc6657f
                                                                      • Instruction Fuzzy Hash: 78129221B0874296EB14BB26D49067EEAB4BF45B94FD0213BDA4E87798DF7DF4048720
                                                                      Function 00007FF7D0DB9464 Relevance: 49.4, APIs: 4, Strings: 24, Instructions: 441COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 340 7ff7d0db9464-7ff7d0db9549 call 7ff7d0e047d0 * 3 GetModuleHandleW call 7ff7d0e1847c call 7ff7d0db1234 call 7ff7d0e187d0 call 7ff7d0e167b0 355 7ff7d0db957d-7ff7d0db958d call 7ff7d0db8018 340->355 356 7ff7d0db954b-7ff7d0db9552 340->356 362 7ff7d0db958f-7ff7d0db959b 355->362 363 7ff7d0db959d-7ff7d0db95a8 355->363 357 7ff7d0db9557-7ff7d0db9578 call 7ff7d0db12b4 356->357 364 7ff7d0db9903-7ff7d0db990e 357->364 362->357 365 7ff7d0db95aa-7ff7d0db95ae 363->365 366 7ff7d0db95be-7ff7d0db95d1 call 7ff7d0db9b5c CoInitializeEx 363->366 367 7ff7d0db9910 call 7ff7d0db4278 364->367 368 7ff7d0db9915-7ff7d0db9917 364->368 365->366 369 7ff7d0db95b0-7ff7d0db95b9 call 7ff7d0de5628 365->369 378 7ff7d0db95e4-7ff7d0db95f2 call 7ff7d0e176e8 366->378 379 7ff7d0db95d3-7ff7d0db95df 366->379 367->368 372 7ff7d0db9919-7ff7d0db9920 368->372 373 7ff7d0db9927-7ff7d0db9950 call 7ff7d0dc9270 call 7ff7d0dd56ac call 7ff7d0dd59ac 368->373 369->366 372->373 376 7ff7d0db9922 call 7ff7d0dcf0c8 372->376 392 7ff7d0db9952-7ff7d0db9957 373->392 393 7ff7d0db9989-7ff7d0db998e 373->393 376->373 386 7ff7d0db9605-7ff7d0db9617 call 7ff7d0e1fa80 call 7ff7d0e1a270 378->386 387 7ff7d0db95f4-7ff7d0db9600 378->387 379->357 402 7ff7d0db962a-7ff7d0db9637 call 7ff7d0e1dab4 386->402 403 7ff7d0db9619-7ff7d0db9625 386->403 387->357 392->393 395 7ff7d0db9959-7ff7d0db995c 392->395 397 7ff7d0db9990-7ff7d0db9994 393->397 398 7ff7d0db99b5-7ff7d0db99ba 393->398 395->393 401 7ff7d0db995e-7ff7d0db9983 call 7ff7d0dcf584 call 7ff7d0db9b38 395->401 404 7ff7d0db9996 397->404 405 7ff7d0db9999-7ff7d0db99b3 call 7ff7d0dce7f8 call 7ff7d0db9b38 397->405 399 7ff7d0db99cd-7ff7d0db99d2 398->399 400 7ff7d0db99bc-7ff7d0db99c1 398->400 409 7ff7d0db99d4-7ff7d0db99d9 399->409 410 7ff7d0db99ed-7ff7d0db99f8 call 7ff7d0e18178 399->410 406 7ff7d0db99c6-7ff7d0db99cb 400->406 407 7ff7d0db99c3 400->407 401->393 423 7ff7d0db964a-7ff7d0db9657 call 7ff7d0e1ee04 402->423 424 7ff7d0db9639-7ff7d0db9645 402->424 403->357 404->405 405->410 413 7ff7d0db99e3-7ff7d0db99e8 call 7ff7d0db9b38 406->413 407->406 415 7ff7d0db99de 409->415 416 7ff7d0db99db 409->416 429 7ff7d0db99fa-7ff7d0db9a02 410->429 430 7ff7d0db9a19-7ff7d0db9a1d 410->430 413->410 415->413 416->415 435 7ff7d0db966a-7ff7d0db967e call 7ff7d0e18c84 423->435 436 7ff7d0db9659-7ff7d0db9660 423->436 424->357 429->430 431 7ff7d0db9a04-7ff7d0db9a17 call 7ff7d0dd0c78 429->431 432 7ff7d0db9a1f-7ff7d0db9a39 call 7ff7d0db9b38 call 7ff7d0db82a8 430->432 433 7ff7d0db9a57-7ff7d0db9a62 call 7ff7d0de5dc0 430->433 431->433 432->433 457 7ff7d0db9a3b-7ff7d0db9a52 call 7ff7d0e17f80 432->457 446 7ff7d0db9a72-7ff7d0db9a8e call 7ff7d0dd9c68 call 7ff7d0e1878c 433->446 447 7ff7d0db9a64-7ff7d0db9a70 call 7ff7d0ddd1c4 433->447 449 7ff7d0db9691-7ff7d0db96b6 GetNativeSystemInfo 435->449 450 7ff7d0db9680-7ff7d0db9687 435->450 436->435 471 7ff7d0db9a90-7ff7d0db9a9f call 7ff7d0e1887c 446->471 472 7ff7d0db9aa6-7ff7d0db9aab 446->472 458 7ff7d0db9abf-7ff7d0db9acd call 7ff7d0db9124 447->458 455 7ff7d0db96b8-7ff7d0db96ba 449->455 456 7ff7d0db96dd 449->456 450->449 460 7ff7d0db96d4-7ff7d0db96db 455->460 461 7ff7d0db96bc-7ff7d0db96bf 455->461 463 7ff7d0db96e4-7ff7d0db974f call 7ff7d0db543c call 7ff7d0db9b38 456->463 457->433 474 7ff7d0db9acf call 7ff7d0e1f7d0 458->474 475 7ff7d0db9ad4-7ff7d0db9ad9 458->475 460->463 467 7ff7d0db96c1-7ff7d0db96c4 461->467 468 7ff7d0db96cf-7ff7d0db96d2 461->468 486 7ff7d0db9751-7ff7d0db9756 call 7ff7d0db4278 463->486 487 7ff7d0db975c-7ff7d0db9769 call 7ff7d0ddaafc 463->487 467->463 473 7ff7d0db96c6-7ff7d0db96cd 467->473 468->463 471->472 491 7ff7d0db9aa1 call 7ff7d0db4278 471->491 478 7ff7d0db9ab0-7ff7d0db9aba call 7ff7d0db9b38 472->478 479 7ff7d0db9aad 472->479 473->463 474->475 482 7ff7d0db9ae0-7ff7d0db9ae5 475->482 483 7ff7d0db9adb call 7ff7d0e1e250 475->483 478->458 479->478 489 7ff7d0db9ae7 call 7ff7d0e1b31c 482->489 490 7ff7d0db9aec-7ff7d0db9af1 482->490 483->482 486->487 504 7ff7d0db977f-7ff7d0db9787 487->504 505 7ff7d0db976b-7ff7d0db9775 487->505 489->490 496 7ff7d0db9af3-7ff7d0db9af8 call 7ff7d0e1fb74 call 7ff7d0e17890 490->496 497 7ff7d0db9afd-7ff7d0db9aff 490->497 491->472 496->497 498 7ff7d0db9b01 CoUninitialize 497->498 499 7ff7d0db9b07-7ff7d0db9b0e call 7ff7d0db1274 call 7ff7d0e18a34 497->499 498->499 516 7ff7d0db9b13-7ff7d0db9b37 call 7ff7d0e03b50 499->516 508 7ff7d0db98d3-7ff7d0db98db call 7ff7d0db8e70 504->508 509 7ff7d0db978d-7ff7d0db978f 504->509 505->504 515 7ff7d0db98e0-7ff7d0db98e4 508->515 513 7ff7d0db9795-7ff7d0db9797 509->513 514 7ff7d0db98a9-7ff7d0db98bd call 7ff7d0db89d0 509->514 518 7ff7d0db979d-7ff7d0db979f 513->518 519 7ff7d0db987c-7ff7d0db9893 call 7ff7d0db86c8 513->519 523 7ff7d0db98fa-7ff7d0db9900 514->523 532 7ff7d0db98bf-7ff7d0db98c9 514->532 522 7ff7d0db98e6-7ff7d0db98f0 515->522 515->523 520 7ff7d0db97a1-7ff7d0db97a3 518->520 521 7ff7d0db97ec-7ff7d0db9802 call 7ff7d0dcfed4 518->521 519->523 534 7ff7d0db9895-7ff7d0db989f 519->534 527 7ff7d0db97a5-7ff7d0db97b4 520->527 528 7ff7d0db97be-7ff7d0db97d2 call 7ff7d0db8d08 520->528 537 7ff7d0db9812-7ff7d0db9834 call 7ff7d0db89d0 521->537 538 7ff7d0db9804-7ff7d0db9810 521->538 522->523 523->364 527->528 528->523 539 7ff7d0db97d8-7ff7d0db97e2 528->539 532->508 534->514 544 7ff7d0db9860-7ff7d0db9862 537->544 545 7ff7d0db9836-7ff7d0db983d 537->545 540 7ff7d0db9842-7ff7d0db985b call 7ff7d0db12b4 538->540 539->521 540->544 544->523 546 7ff7d0db9868-7ff7d0db9872 544->546 545->540 546->519
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Initialize$CriticalFreeHandleInfoLibraryModuleNativeSectionSystemUninitialize_cwprintf_s_l
                                                                      • String ID: 4.0.0+8c757c0f67f26f21c6bcbbfb81b7ea8b91c35fe4$ARM$ARM64$Failed to connect to parent of embedded process.$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run bootstrapper application embedded.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$d:\a\wix4\wix4\src\burn\engine\engine.cpp$unknown architecture$x64$x86
                                                                      • API String ID: 2158560762-3243415026
                                                                      • Opcode ID: 5a2754e0bd473dfb124a8ef84a7ae7b8c8d4542fb78a477a3e4323f4ea88f111
                                                                      • Instruction ID: 35b1600b9ea7d00d0cb0b620db8214f9cc79e12542d3f6fdacc98bc119c43bfb
                                                                      • Opcode Fuzzy Hash: 5a2754e0bd473dfb124a8ef84a7ae7b8c8d4542fb78a477a3e4323f4ea88f111
                                                                      • Instruction Fuzzy Hash: D2127021B0868296FB20BF65D4402BDEAA5AF85744FD0213BD90D86B9DDFBCF505CB21
                                                                      Function 00007FF7D0DCEB98 Relevance: 35.4, APIs: 2, Strings: 18, Instructions: 360sleepregistryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 900 7ff7d0dceb98-7ff7d0dcebd5 901 7ff7d0dcebf3 900->901 902 7ff7d0dcebd7-7ff7d0dcebda 900->902 905 7ff7d0dcebfa-7ff7d0dcec24 call 7ff7d0e1a65c 901->905 903 7ff7d0dcebdc-7ff7d0dcebdf 902->903 904 7ff7d0dcebea-7ff7d0dcebf1 902->904 903->905 906 7ff7d0dcebe1-7ff7d0dcebe8 903->906 904->905 909 7ff7d0dcec26-7ff7d0dcec3c call 7ff7d0e1a904 905->909 910 7ff7d0dcec7e 905->910 906->905 909->910 916 7ff7d0dcec3e-7ff7d0dcec4b 909->916 911 7ff7d0dcec82-7ff7d0dcec85 910->911 914 7ff7d0dcec8f-7ff7d0dcec96 911->914 915 7ff7d0dcec87-7ff7d0dcec8a call 7ff7d0db4278 911->915 918 7ff7d0dceca2-7ff7d0dcecb2 914->918 919 7ff7d0dcec98-7ff7d0dcec9e RegCloseKey 914->919 915->914 916->911 922 7ff7d0dcec4d 916->922 920 7ff7d0dcecb4-7ff7d0dcecb8 918->920 921 7ff7d0dcecf9-7ff7d0dcecfb 918->921 919->918 920->921 923 7ff7d0dcecba-7ff7d0dcecca call 7ff7d0db37ac 920->923 925 7ff7d0dced2f-7ff7d0dced33 921->925 926 7ff7d0dcecfd-7ff7d0dced04 921->926 924 7ff7d0dcec53-7ff7d0dcec5a 922->924 923->921 944 7ff7d0dceccc-7ff7d0dcecf4 call 7ff7d0db12b4 923->944 928 7ff7d0dcec6c 924->928 929 7ff7d0dcec5c-7ff7d0dcec64 924->929 931 7ff7d0dcedd7-7ff7d0dcede3 925->931 932 7ff7d0dced39-7ff7d0dced3d 925->932 930 7ff7d0dced09-7ff7d0dced2a call 7ff7d0db12b4 926->930 937 7ff7d0dcec70-7ff7d0dcec7a 928->937 936 7ff7d0dcec66-7ff7d0dcec6a 929->936 929->937 958 7ff7d0dcf096-7ff7d0dcf09d 930->958 933 7ff7d0dcef19-7ff7d0dcef24 931->933 934 7ff7d0dcede9-7ff7d0dcedec 931->934 939 7ff7d0dced46-7ff7d0dced4a 932->939 940 7ff7d0dced3f-7ff7d0dced44 932->940 942 7ff7d0dcef26-7ff7d0dcef29 933->942 943 7ff7d0dcef3e-7ff7d0dcef45 933->943 934->933 941 7ff7d0dcedf2-7ff7d0dcedf5 934->941 936->937 937->924 945 7ff7d0dcec7c 937->945 948 7ff7d0dced4c 939->948 949 7ff7d0dced58-7ff7d0dced5f 939->949 947 7ff7d0dced51-7ff7d0dced53 call 7ff7d0e187d0 940->947 951 7ff7d0dcedf8-7ff7d0dcedfa 941->951 942->943 954 7ff7d0dcef2b-7ff7d0dcef35 call 7ff7d0dbc5ac 942->954 956 7ff7d0dcef4b-7ff7d0dcef4e 943->956 957 7ff7d0dcf017-7ff7d0dcf01f call 7ff7d0e17f04 943->957 944->921 945->911 947->949 948->947 952 7ff7d0dced61-7ff7d0dced65 949->952 953 7ff7d0dced67-7ff7d0dced71 949->953 959 7ff7d0dcedfc-7ff7d0dcee01 Sleep 951->959 960 7ff7d0dcee07-7ff7d0dcee31 call 7ff7d0e184ac 951->960 952->931 952->953 962 7ff7d0dced73-7ff7d0dced77 953->962 963 7ff7d0dced79-7ff7d0dced8c call 7ff7d0db37ac 953->963 971 7ff7d0dcef3a-7ff7d0dcef3c 954->971 956->957 967 7ff7d0dcef54-7ff7d0dcef69 call 7ff7d0db6654 956->967 979 7ff7d0dcf027-7ff7d0dcf03b call 7ff7d0db37ac 957->979 965 7ff7d0dcf0a4-7ff7d0dcf0c6 call 7ff7d0db4578 958->965 966 7ff7d0dcf09f call 7ff7d0db4278 958->966 959->960 980 7ff7d0dcee33-7ff7d0dcee38 960->980 981 7ff7d0dcee3c-7ff7d0dcee3e 960->981 962->931 962->963 982 7ff7d0dced9f-7ff7d0dceda9 963->982 983 7ff7d0dced8e-7ff7d0dced9a 963->983 966->965 984 7ff7d0dcef6b-7ff7d0dcef6e 967->984 985 7ff7d0dcefe7-7ff7d0dceff6 call 7ff7d0dce610 967->985 971->943 1002 7ff7d0dcf074-7ff7d0dcf07b 979->1002 1003 7ff7d0dcf03d-7ff7d0dcf044 979->1003 980->981 987 7ff7d0dcee3a 980->987 988 7ff7d0dcee45-7ff7d0dcee47 981->988 989 7ff7d0dcee40-7ff7d0dcee43 981->989 990 7ff7d0dcedb1-7ff7d0dcedc4 call 7ff7d0db37ac 982->990 991 7ff7d0dcedab-7ff7d0dcedaf 982->991 983->930 984->985 993 7ff7d0dcef70-7ff7d0dcef81 call 7ff7d0db5634 984->993 1006 7ff7d0dcefb4-7ff7d0dcefcf call 7ff7d0e184ac 985->1006 1007 7ff7d0dceff8-7ff7d0dcefff 985->1007 987->981 995 7ff7d0dcee4d-7ff7d0dcee59 call 7ff7d0e17f04 988->995 996 7ff7d0dcef0e-7ff7d0dcef14 988->996 989->951 989->988 990->931 1014 7ff7d0dcedc6-7ff7d0dcedd2 990->1014 991->931 991->990 1008 7ff7d0dcef83-7ff7d0dcefa1 993->1008 1009 7ff7d0dcefa6-7ff7d0dcefb2 call 7ff7d0db5288 993->1009 1015 7ff7d0dcee5b 995->1015 1016 7ff7d0dceeb9-7ff7d0dceed2 call 7ff7d0de586c 995->1016 1001 7ff7d0dcee5e-7ff7d0dcee65 996->1001 1001->958 1010 7ff7d0dcee6b-7ff7d0dcee79 call 7ff7d0db5238 1001->1010 1002->958 1011 7ff7d0dcf07d-7ff7d0dcf081 1002->1011 1023 7ff7d0dcf04e-7ff7d0dcf061 call 7ff7d0db37ac 1003->1023 1022 7ff7d0dcefd4-7ff7d0dcefdb 1006->1022 1017 7ff7d0dcf009 1007->1017 1018 7ff7d0dceef1-7ff7d0dcef09 call 7ff7d0db12b4 1008->1018 1009->1006 1010->1023 1033 7ff7d0dcee7f-7ff7d0dcee83 1010->1033 1011->958 1021 7ff7d0dcf083-7ff7d0dcf091 call 7ff7d0dbdb80 1011->1021 1014->930 1015->1001 1016->1001 1039 7ff7d0dceed4-7ff7d0dceeed 1016->1039 1025 7ff7d0dcf00f 1017->1025 1018->958 1021->958 1022->1017 1029 7ff7d0dcefdd-7ff7d0dcefe5 call 7ff7d0e17f04 1022->1029 1023->1002 1040 7ff7d0dcf063-7ff7d0dcf06a 1023->1040 1025->957 1029->1025 1033->1023 1037 7ff7d0dcee89-7ff7d0dceea2 call 7ff7d0db37ac 1033->1037 1037->979 1043 7ff7d0dceea8-7ff7d0dceeaf 1037->1043 1039->1018 1040->1002 1043->1016
                                                                      APIs
                                                                      • RegCloseKey.ADVAPI32(?,?,?,00000000,?,?,?,00000001,?,00007FF7D0DB8ED8), ref: 00007FF7D0DCEC98
                                                                      • Sleep.KERNEL32(?,?,?,00000000,?,?,?,00000001,?,00007FF7D0DB8ED8), ref: 00007FF7D0DCEE01
                                                                        • Part of subcall function 00007FF7D0E17F04: EnterCriticalSection.KERNEL32(?,?,?,?,00007FF7D0DCF01C,?,?,?,00000000,?,?,?,00000001,?,00007FF7D0DB8ED8), ref: 00007FF7D0E17F0F
                                                                        • Part of subcall function 00007FF7D0E17F04: CloseHandle.KERNEL32(?,?,?,?,00007FF7D0DCF01C,?,?,?,00000000,?,?,?,00000001,?,00007FF7D0DB8ED8), ref: 00007FF7D0E17F2C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close$CriticalEnterHandleSectionSleep
                                                                      • String ID: .cleanroom$.elevated$.runonce$Failed to copy default log extension.$Failed to copy default log prefix.$Failed to copy full log path to prefix.$Failed to copy log extension to extension.$Failed to copy log file path from command line.$Failed to copy log path to prefix.$Failed to get non-session specific TEMP folder.$Failed to get parent directory from '%ls'.$Failed to initialize logging.$Failed to open log: %ls$Logging$SOFTWARE\Policies\Microsoft\Windows\Installer$Setup$d:\a\wix4\wix4\src\burn\engine\logging.cpp$log
                                                                      • API String ID: 443246293-1383633517
                                                                      • Opcode ID: d047711df4cd3d1b43989c00659ac9e7a339d6876daab0cc36f8ccfaf5ffc852
                                                                      • Instruction ID: a7d241bc665d38bea0c00ebf4854bd0ea5baf4fdfc8d333b863f47248a0dc792
                                                                      • Opcode Fuzzy Hash: d047711df4cd3d1b43989c00659ac9e7a339d6876daab0cc36f8ccfaf5ffc852
                                                                      • Instruction Fuzzy Hash: 1FE1A562B0875296EB24BB21D4402BDA6A0FF48784FD46037DA0D47B99EF3DF590C3A4
                                                                      Function 00007FF7D0DB9C84 Relevance: 35.1, APIs: 2, Strings: 21, Instructions: 572COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: *****$.cleanroom$Failed to allocate buffer for format string.$Failed to allocate record.$Failed to allocate string.$Failed to allocate variable array.$Failed to append placeholder.$Failed to append string.$Failed to copy string.$Failed to determine variable visibility: '%ls'.$Failed to format placeholder string.$Failed to format record.$Failed to get formatted length.$Failed to get variable name.$Failed to length of format string.$Failed to reallocate variable array.$Failed to set record format string.$Failed to set record string.$Failed to set variable value.$[%d]$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3168844106-2640746530
                                                                      • Opcode ID: 0e8b062e9232d20b26b77f35d1d9708b7e9e7c89f1d33bfce972226b9cf0c200
                                                                      • Instruction ID: 1367bed659d66cc6e37fb2a0aa9a59068c519610c3412c7f6318b96279c01a19
                                                                      • Opcode Fuzzy Hash: 0e8b062e9232d20b26b77f35d1d9708b7e9e7c89f1d33bfce972226b9cf0c200
                                                                      • Instruction Fuzzy Hash: 15328D21F08652A5FB20FB6994806BEAAB5AF44B84FD02137DD0E9779DDE7CF5058320
                                                                      Function 00007FF7D0DD1BE0 Relevance: 33.5, APIs: 9, Strings: 10, Instructions: 221fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1272 7ff7d0dd1be0-7ff7d0dd1c49 CreateFileW 1273 7ff7d0dd1cb0-7ff7d0dd1cc4 call 7ff7d0e22e84 1272->1273 1274 7ff7d0dd1c4b-7ff7d0dd1cab GetLastError call 7ff7d0db12b0 call 7ff7d0db12b4 1272->1274 1280 7ff7d0dd1cc6-7ff7d0dd1cf5 call 7ff7d0db12b4 1273->1280 1281 7ff7d0dd1cfa-7ff7d0dd1d07 call 7ff7d0e21d8c 1273->1281 1285 7ff7d0dd1f1b-7ff7d0dd1f38 call 7ff7d0e03b50 1274->1285 1289 7ff7d0dd1f12-7ff7d0dd1f15 CloseHandle 1280->1289 1287 7ff7d0dd1d0c-7ff7d0dd1d10 1281->1287 1290 7ff7d0dd1d12-7ff7d0dd1d46 call 7ff7d0db12b4 1287->1290 1291 7ff7d0dd1d4b-7ff7d0dd1d4f 1287->1291 1289->1285 1290->1289 1291->1289 1293 7ff7d0dd1d55-7ff7d0dd1d69 SetFilePointerEx 1291->1293 1296 7ff7d0dd1d6b-7ff7d0dd1d9f GetLastError call 7ff7d0db12b0 1293->1296 1297 7ff7d0dd1dad-7ff7d0dd1dc6 call 7ff7d0e235ec 1293->1297 1302 7ff7d0dd1da6-7ff7d0dd1da8 1296->1302 1303 7ff7d0dd1dc8-7ff7d0dd1dd4 1297->1303 1304 7ff7d0dd1dd9-7ff7d0dd1ded SetFilePointerEx 1297->1304 1305 7ff7d0dd1ef4-7ff7d0dd1f0d call 7ff7d0db12b4 1302->1305 1303->1305 1306 7ff7d0dd1e2f-7ff7d0dd1e42 call 7ff7d0e235ec 1304->1306 1307 7ff7d0dd1def-7ff7d0dd1e2a GetLastError call 7ff7d0db12b0 1304->1307 1305->1289 1313 7ff7d0dd1e44-7ff7d0dd1e50 1306->1313 1314 7ff7d0dd1e55-7ff7d0dd1e68 call 7ff7d0e235ec 1306->1314 1307->1302 1313->1305 1317 7ff7d0dd1e78-7ff7d0dd1e8d SetFilePointerEx 1314->1317 1318 7ff7d0dd1e6a-7ff7d0dd1e76 1314->1318 1319 7ff7d0dd1ecf-7ff7d0dd1ee6 call 7ff7d0e235ec 1317->1319 1320 7ff7d0dd1e8f-7ff7d0dd1ec3 GetLastError call 7ff7d0db12b0 1317->1320 1318->1305 1319->1289 1325 7ff7d0dd1ee8-7ff7d0dd1eef 1319->1325 1320->1319 1325->1305
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateErrorFileHandleLast
                                                                      • String ID: .cr$Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 2528220319-4111140883
                                                                      • Opcode ID: 63027c80af3d4ebf1d36603d37c782b36fa3121484d4d79a259a6ad377d275da
                                                                      • Instruction ID: 8cc277090d8a4d7b02667729d06a38d20ee6a06e1c67654992fe9efcde75fe2d
                                                                      • Opcode Fuzzy Hash: 63027c80af3d4ebf1d36603d37c782b36fa3121484d4d79a259a6ad377d275da
                                                                      • Instruction Fuzzy Hash: DD91B125B1874296F720BB36A480B7EA6A0BB58B90FC06137DD4D87B99DF3DF4058760
                                                                      Function 00007FF7D0E1E4B8 Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 171libraryloadercomCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1386 7ff7d0e1e4b8-7ff7d0e1e503 GetModuleHandleA 1387 7ff7d0e1e509-7ff7d0e1e55e GetLastError call 7ff7d0db12b0 call 7ff7d0db12b4 1386->1387 1388 7ff7d0e1e5af-7ff7d0e1e5c2 GetProcAddress 1386->1388 1403 7ff7d0e1e563-7ff7d0e1e56a 1387->1403 1390 7ff7d0e1e62b-7ff7d0e1e652 CoCreateInstance 1388->1390 1391 7ff7d0e1e5c4-7ff7d0e1e600 GetProcAddress * 3 1388->1391 1393 7ff7d0e1e684-7ff7d0e1e699 1390->1393 1394 7ff7d0e1e654-7ff7d0e1e65b 1390->1394 1395 7ff7d0e1e629 1391->1395 1396 7ff7d0e1e602-7ff7d0e1e605 1391->1396 1399 7ff7d0e1e69b-7ff7d0e1e6a2 1393->1399 1400 7ff7d0e1e6a4-7ff7d0e1e6ab 1393->1400 1398 7ff7d0e1e660-7ff7d0e1e67f call 7ff7d0db12b4 1394->1398 1395->1390 1396->1395 1401 7ff7d0e1e607-7ff7d0e1e60a 1396->1401 1417 7ff7d0e1e73c-7ff7d0e1e73e 1398->1417 1399->1400 1405 7ff7d0e1e6b6 1399->1405 1406 7ff7d0e1e6ad-7ff7d0e1e6b4 1400->1406 1407 7ff7d0e1e6c0-7ff7d0e1e6c3 1400->1407 1401->1395 1402 7ff7d0e1e60c-7ff7d0e1e627 1401->1402 1402->1390 1410 7ff7d0e1e579-7ff7d0e1e580 1403->1410 1411 7ff7d0e1e56c-7ff7d0e1e56f 1403->1411 1405->1407 1406->1405 1406->1407 1408 7ff7d0e1e71e-7ff7d0e1e72e 1407->1408 1409 7ff7d0e1e6c5-7ff7d0e1e6d9 call 7ff7d0e1e764 1407->1409 1408->1417 1418 7ff7d0e1e730-7ff7d0e1e739 1408->1418 1422 7ff7d0e1e6ec-7ff7d0e1e70b 1409->1422 1423 7ff7d0e1e6db-7ff7d0e1e6e7 1409->1423 1415 7ff7d0e1e58f-7ff7d0e1e5ae 1410->1415 1416 7ff7d0e1e582-7ff7d0e1e585 1410->1416 1411->1410 1416->1415 1417->1403 1420 7ff7d0e1e744-7ff7d0e1e753 1417->1420 1418->1417 1420->1403 1426 7ff7d0e1e759-7ff7d0e1e75c ExitProcess 1420->1426 1422->1408 1427 7ff7d0e1e70d-7ff7d0e1e719 1422->1427 1423->1398 1427->1398
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
                                                                      • String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed XmlCreateElement$failed appendChild$failed to create XML DOM Document$failed to get handle to kernel32.dll$kernel32.dll
                                                                      • API String ID: 2124981135-1573969316
                                                                      • Opcode ID: 3a3a0705cff9729a3415d1fbb6121d6721b2fbf31080613fedebf341df0e5cb3
                                                                      • Instruction ID: 05c2234fe30219afb2b053c243114582b9b36f586844ae4219cb2bc74337c021
                                                                      • Opcode Fuzzy Hash: 3a3a0705cff9729a3415d1fbb6121d6721b2fbf31080613fedebf341df0e5cb3
                                                                      • Instruction Fuzzy Hash: 28710426A08B0285EB54BB26E8446BDA3A5BF48B84FC46537D90D437A8EF3CF445C361
                                                                      Function 00007FF7D0DB4D48 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 232sleepfiletimeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateErrorFileHandleLastLocalSleepTime
                                                                      • String ID: %ls_%04u%02u%02u%02u%02u%02u%ls%ls%ls$.cleanroom$Failed to combine directory and log prefix.$Failed to concatenate the temp folder and log prefix.$Failed to copy temp path to return.$Failed to create temp file: %ls$Failed to ensure temp file path exists: %ls$Failed to get temp folder.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp$failed to allocate memory for the temp path
                                                                      • API String ID: 1968021109-1311207464
                                                                      • Opcode ID: 3d6119b278ed3f3e3204e1f6beeaa958d1ff3c460d60149ccb4f43910e467fee
                                                                      • Instruction ID: edc7427f8861399eeade1f9229a8def91860f257c91b01a691af02169e3c322b
                                                                      • Opcode Fuzzy Hash: 3d6119b278ed3f3e3204e1f6beeaa958d1ff3c460d60149ccb4f43910e467fee
                                                                      • Instruction Fuzzy Hash: E5A16F22B09A129AF710EBA1E4506BDBBB4AB44758FC01237DE5D53B9CDF3CE5068760
                                                                      Function 00007FF7D0E17A38 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 161threadtimeCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalCurrentSection$EnterLeaveLocalProcessThreadTime
                                                                      • String ID: %ls[%04X:%04X][%04hu-%02hu-%02huT%02hu:%02hu:%02hu]%hs%03d:%ls %ls%ls$Failed to convert log string to UTF-8$Failed to format line prefix.$Failed to write string to log using default function: %ls$Failed to write string to log using redirected function: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp
                                                                      • API String ID: 296830338-1339504754
                                                                      • Opcode ID: dc8a803ff13cb3f60c2b33210c57ced40d102af2dba95a997cb0389f48bc20f1
                                                                      • Instruction ID: 039c3fd719dc9e67ab8c95e15387b2451062ba30fefab7ea84462ed0a17a1c67
                                                                      • Opcode Fuzzy Hash: dc8a803ff13cb3f60c2b33210c57ced40d102af2dba95a997cb0389f48bc20f1
                                                                      • Instruction Fuzzy Hash: 87714B22B086129AEB11BF65E8406ADF6A0BB58B44FC02537D98D43BA8DF3CF555C760
                                                                      Function 00007FF7D0E17928 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73windowCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7D0E18476), ref: 00007FF7D0E17969
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7D0E18476), ref: 00007FF7D0E17975
                                                                      • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7D0E18476), ref: 00007FF7D0E17A1B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFormatFreeLastLocalMessage
                                                                      • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp$failed to log id: %d
                                                                      • API String ID: 1365068426-1219654922
                                                                      • Opcode ID: c0c2b80f07389840ac4d67776cd331aa00e57c0fe6af4b39512d4de5f7b2235c
                                                                      • Instruction ID: a42d747a46ecd9c8c7473e581ba2ddfabbb2753ff8b41099c7eaa3f1dd4ba526
                                                                      • Opcode Fuzzy Hash: c0c2b80f07389840ac4d67776cd331aa00e57c0fe6af4b39512d4de5f7b2235c
                                                                      • Instruction Fuzzy Hash: 0B31AB32B08B9286E710AF25E4845ADB3B5FB98B50FD0113BDA8D43758DE38E945C764
                                                                      Function 00007FF7D0DD44CC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: DecryptFile
                                                                      • String ID: Failed to copy working folder.$No usable base working folder found.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 3257575229-4136860833
                                                                      • Opcode ID: 4f6bc354d40a7075872e6fa77e7be508186d2a666ad1fcd4d1c6555310ffab24
                                                                      • Instruction ID: 922ec4a088acdd82b099c5cad37f8d2fe462b0c49b36f7a234556d6f86a4c471
                                                                      • Opcode Fuzzy Hash: 4f6bc354d40a7075872e6fa77e7be508186d2a666ad1fcd4d1c6555310ffab24
                                                                      • Instruction Fuzzy Hash: 00318022A08B8287E711AF25E4403AEE7A1FB84B88FD85137DA4D4B75DDF7CE4458760
                                                                      Function 00007FF7D0DB6A48 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$ErrorFreeLastProcess
                                                                      • String ID:
                                                                      • API String ID: 406640338-0
                                                                      • Opcode ID: 030a6326adff4fd54b1e732239a6ba3d14283f1bf84e7b59afac754cae3bccc9
                                                                      • Instruction ID: ac493cb1ba86549da4c49a4331e36802df9abfd6fa5f1a3a48d1e89683e7b592
                                                                      • Opcode Fuzzy Hash: 030a6326adff4fd54b1e732239a6ba3d14283f1bf84e7b59afac754cae3bccc9
                                                                      • Instruction Fuzzy Hash: 1EE08C20F4470382EB107BFB288817AD1E06F5CB96FC4503ACD1986354ED1CB8894230
                                                                      Function 00007FF7D0DBC924 Relevance: 128.2, APIs: 1, Strings: 84, Instructions: 665COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareCriticalErrorInitializeLastSectionString
                                                                      • String ID: AdminToolsFolder$AppDataFolder$Attempted to add built-in variable again: %ls$Attempted to add built-in variable as a well-known variable: %ls$Attempted to add well-known variable again: %ls$CommonAppDataFolder$CommonFiles6432Folder$CommonFiles64Folder$CommonFilesFolder$CompatibilityMode$ComputerName$Date$DesktopFolder$Failed to add built-in variable: %ls.$Failed to add well-known variable: %ls.$Failed to find variable value.$Failed to insert variable.$FavoritesFolder$FontsFolder$InstallerInformationalVersion$InstallerName$InstallerVersion$LocalAppDataFolder$LogonUser$MyPicturesFolder$NTProductType$NTSuiteBackOffice$NTSuiteDataCenter$NTSuiteEnterprise$NTSuitePersonal$NTSuiteSmallBusiness$NTSuiteSmallBusinessRestricted$NTSuiteWebServer$NativeMachine$PersonalFolder$Privileged$ProcessorArchitecture$ProgramFiles6432Folder$ProgramFiles64Folder$ProgramFilesFolder$ProgramMenuFolder$RebootPending$SeShutdownPrivilege$SendToFolder$ServicePackLevel$StartMenuFolder$StartupFolder$System64Folder$SystemFolder$SystemLanguageID$TempFolder$TemplateFolder$TerminalServer$UserLanguageID$UserUILanguageID$VersionMsi$VersionNT$VersionNT64$WindowsBuildNumber$WindowsFolder$WindowsVolume$WixBundleAction$WixBundleActiveParent$WixBundleCommandLineAction$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInProgressName$WixBundleInstalled$WixBundleLastUsedSource$WixBundleLayoutDirectory$WixBundleManufacturer$WixBundleName$WixBundleOriginalSource$WixBundleOriginalSourceFolder$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleUILevel$WixBundleVersion$WixCanRestart$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 4291812786-1743442426
                                                                      • Opcode ID: ff25b12800e485d587359f330c611961e772e9d31e999867e8fd1db8584435af
                                                                      • Instruction ID: c4acd687e6246937826f17f111e629b1de7862a1a66b9df0e37aa399871921c7
                                                                      • Opcode Fuzzy Hash: ff25b12800e485d587359f330c611961e772e9d31e999867e8fd1db8584435af
                                                                      • Instruction Fuzzy Hash: 2D828F32605BC199D761DF24EC807DA77E8F748749F90523AC68C8BB28EF39A264C754
                                                                      Function 00007FF7D0DE6E7C Relevance: 47.5, APIs: 16, Strings: 11, Instructions: 267COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 547 7ff7d0de6e7c-7ff7d0de6eb0 SetEvent 548 7ff7d0de6ef2-7ff7d0de6f02 call 7ff7d0db18f4 547->548 549 7ff7d0de6eb2-7ff7d0de6eed GetLastError call 7ff7d0db12b0 547->549 555 7ff7d0de6f04-7ff7d0de6f10 548->555 556 7ff7d0de6f15-7ff7d0de6f21 ResetEvent 548->556 554 7ff7d0de7275 549->554 557 7ff7d0de7277-7ff7d0de727c 554->557 555->557 558 7ff7d0de6f63-7ff7d0de6f68 556->558 559 7ff7d0de6f23-7ff7d0de6f5e GetLastError call 7ff7d0db12b0 556->559 560 7ff7d0de7280-7ff7d0de7293 call 7ff7d0db12b4 557->560 562 7ff7d0de6fae-7ff7d0de6fc8 call 7ff7d0db37b4 558->562 563 7ff7d0de6f6a-7ff7d0de6f6d 558->563 559->554 569 7ff7d0de7298-7ff7d0de72be 560->569 573 7ff7d0de7005-7ff7d0de7011 SetEvent 562->573 574 7ff7d0de6fca-7ff7d0de7000 call 7ff7d0db12b4 562->574 567 7ff7d0de6fa4-7ff7d0de6fa9 563->567 568 7ff7d0de6f6f-7ff7d0de6f9f call 7ff7d0db12b0 563->568 567->569 568->560 576 7ff7d0de7023-7ff7d0de7033 call 7ff7d0db18f4 573->576 577 7ff7d0de7013-7ff7d0de7019 GetLastError 573->577 574->569 581 7ff7d0de7046-7ff7d0de7052 ResetEvent 576->581 582 7ff7d0de7035-7ff7d0de7041 576->582 577->576 583 7ff7d0de7064-7ff7d0de706a 581->583 584 7ff7d0de7054-7ff7d0de705a GetLastError 581->584 582->557 585 7ff7d0de7104-7ff7d0de7136 CreateFileW 583->585 586 7ff7d0de7070-7ff7d0de7072 583->586 584->583 587 7ff7d0de7183-7ff7d0de7197 SetFilePointerEx 585->587 588 7ff7d0de7138-7ff7d0de7177 GetLastError call 7ff7d0db12b0 585->588 589 7ff7d0de7074-7ff7d0de7076 586->589 590 7ff7d0de70bc-7ff7d0de70c1 call 7ff7d0db6828 586->590 594 7ff7d0de71d9-7ff7d0de71e5 SetEndOfFile 587->594 595 7ff7d0de7199-7ff7d0de71d4 GetLastError call 7ff7d0db12b0 587->595 588->587 592 7ff7d0de70b5-7ff7d0de70b7 589->592 593 7ff7d0de7078-7ff7d0de707a 589->593 602 7ff7d0de70c6-7ff7d0de70cd 590->602 592->569 593->567 598 7ff7d0de7080-7ff7d0de70b0 call 7ff7d0db12b0 593->598 600 7ff7d0de7224-7ff7d0de7238 SetFilePointerEx 594->600 601 7ff7d0de71e7-7ff7d0de7222 GetLastError call 7ff7d0db12b0 594->601 595->554 598->560 600->569 608 7ff7d0de723a-7ff7d0de726e GetLastError call 7ff7d0db12b0 600->608 601->554 606 7ff7d0de70f6-7ff7d0de70ff 602->606 607 7ff7d0de70cf-7ff7d0de70f1 call 7ff7d0db12b0 602->607 606->569 607->554 608->554
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorEventLast
                                                                      • String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %hs$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 3848097054-1884393483
                                                                      • Opcode ID: a8b74cfa495588d78009c4780292179a37fd0ced6149dcba000e61800993c851
                                                                      • Instruction ID: 4d08216148aa19656e42a56b2e64e92613b0c7f5f299eac2baef16b575cac8b0
                                                                      • Opcode Fuzzy Hash: a8b74cfa495588d78009c4780292179a37fd0ced6149dcba000e61800993c851
                                                                      • Instruction Fuzzy Hash: 08C17F25B08B1296F754BB76E48037EA6A4BB44B50FC0223BDA4D83798DF2CF8158364
                                                                      Function 00007FF7D0E264C8 Relevance: 37.0, APIs: 3, Strings: 18, Instructions: 202registrylibraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 701 7ff7d0e264c8-7ff7d0e26508 call 7ff7d0db1a28 704 7ff7d0e2653a-7ff7d0e26559 GetProcAddress 701->704 705 7ff7d0e2650a-7ff7d0e26511 701->705 707 7ff7d0e2655f-7ff7d0e26575 GetCurrentProcess call 7ff7d0e196bc 704->707 708 7ff7d0e265f6-7ff7d0e2661d call 7ff7d0e1a65c 704->708 706 7ff7d0e26516-7ff7d0e26535 call 7ff7d0db12b4 705->706 715 7ff7d0e2679a-7ff7d0e267a1 706->715 718 7ff7d0e26577-7ff7d0e26583 707->718 719 7ff7d0e26585-7ff7d0e26589 707->719 716 7ff7d0e26628-7ff7d0e2662a 708->716 717 7ff7d0e2661f-7ff7d0e26626 708->717 720 7ff7d0e267ae-7ff7d0e267b5 715->720 721 7ff7d0e267a3-7ff7d0e267a9 RegCloseKey 715->721 722 7ff7d0e2662c-7ff7d0e2662e 716->722 717->722 718->706 719->708 723 7ff7d0e2658b-7ff7d0e2659f call 7ff7d0e21370 719->723 724 7ff7d0e267b7 call 7ff7d0db4278 720->724 725 7ff7d0e267bc-7ff7d0e267ce 720->725 721->720 726 7ff7d0e26630-7ff7d0e26637 722->726 727 7ff7d0e26641-7ff7d0e26643 722->727 735 7ff7d0e265b2-7ff7d0e265ce call 7ff7d0db69ec 723->735 736 7ff7d0e265a1-7ff7d0e265ad 723->736 724->725 726->727 730 7ff7d0e26649-7ff7d0e26661 call 7ff7d0e263b0 727->730 731 7ff7d0e26732-7ff7d0e26746 call 7ff7d0e21370 727->731 740 7ff7d0e26674-7ff7d0e26677 730->740 741 7ff7d0e26663-7ff7d0e2666a 730->741 743 7ff7d0e26748-7ff7d0e2674f 731->743 744 7ff7d0e26759-7ff7d0e26772 call 7ff7d0db69ec 731->744 745 7ff7d0e265d0-7ff7d0e265dc 735->745 746 7ff7d0e265e1-7ff7d0e265f3 735->746 736->706 747 7ff7d0e26679-7ff7d0e26695 call 7ff7d0db69ec 740->747 748 7ff7d0e266bd-7ff7d0e266cc call 7ff7d0e263b0 740->748 741->740 743->744 755 7ff7d0e26774-7ff7d0e2677b 744->755 756 7ff7d0e26785-7ff7d0e26797 744->756 745->706 746->708 757 7ff7d0e266a8-7ff7d0e266ba 747->757 758 7ff7d0e26697-7ff7d0e2669e 747->758 754 7ff7d0e266d1-7ff7d0e266d5 748->754 759 7ff7d0e266e8-7ff7d0e266eb 754->759 760 7ff7d0e266d7-7ff7d0e266de 754->760 755->756 756->715 757->748 758->757 759->731 761 7ff7d0e266ed-7ff7d0e26709 call 7ff7d0db69ec 759->761 760->759 764 7ff7d0e2671c-7ff7d0e2672f 761->764 765 7ff7d0e2670b-7ff7d0e26712 761->765 764->731 765->764
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressCloseCurrentErrorLastLibraryLoadProcProcess
                                                                      • String ID: Failed to check if running as system.$Failed to ensure array size for Windows\SystemTemp value.$Failed to ensure array size for Windows\TEMP value.$Failed to ensure array size for system TEMP value.$Failed to ensure array size for system TMP value.$Failed to get system Windows subdirectory path SystemTemp.$Failed to get system Windows subdirectory path TEMP.$Failed to get temp path from system TEMP.$Failed to get temp path from system TMP.$Failed to load kernel32.dll$Failed to open system environment registry key.$GetTempPath2W$SystemTemp$System\CurrentControlSet\Control\Session Manager\Environment$TEMP$TMP$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path3utl.cpp$kernel32.dll
                                                                      • API String ID: 1593934338-44121869
                                                                      • Opcode ID: 0761d39310ce1fd1081081e3641e08d58c61431cfe74d69e9f5571a3a1ecde94
                                                                      • Instruction ID: 4cf05292ee9773f90deeae97a2f255e148cfd31406977c312990d6b7a8b8a100
                                                                      • Opcode Fuzzy Hash: 0761d39310ce1fd1081081e3641e08d58c61431cfe74d69e9f5571a3a1ecde94
                                                                      • Instruction Fuzzy Hash: 60918E62B08A0296EB10BB35D4807BDA3A1AB44788FD0563BDA0D8379DDF3DF515C760
                                                                      Function 00007FF7D0E1DAB4 Relevance: 36.8, APIs: 9, Strings: 12, Instructions: 100libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc
                                                                      • String ID: Failed to load Msi.DLL$Msi.dll$MsiBeginTransactionW$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEndTransaction$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\wiutil.cpp
                                                                      • API String ID: 190572456-4147843358
                                                                      • Opcode ID: f2c52ce2770bdf847672b515e1dc474f5a71dca2f0b65a746359447ebc4db83c
                                                                      • Instruction ID: ff9b0517973ff3866b2b9708c76678d830fda206f77f5d5fd51a470d58db7ae7
                                                                      • Opcode Fuzzy Hash: f2c52ce2770bdf847672b515e1dc474f5a71dca2f0b65a746359447ebc4db83c
                                                                      • Instruction Fuzzy Hash: 3E519764A1AA0785EA04FB51FA95278B360FF49784FD02A3BD54E83329DF7CB456C360
                                                                      Function 00007FF7D0DBBE2C Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 171COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1326 7ff7d0dbbe2c-7ff7d0dbbe74 EnterCriticalSection call 7ff7d0db9b6c 1329 7ff7d0dbbe76-7ff7d0dbbe82 1326->1329 1330 7ff7d0dbbe87-7ff7d0dbbe8a 1326->1330 1331 7ff7d0dbc04e-7ff7d0dbc06f call 7ff7d0db12b4 1329->1331 1332 7ff7d0dbbeb6-7ff7d0dbbec9 1330->1332 1333 7ff7d0dbbe8c-7ff7d0dbbea3 call 7ff7d0dbbbfc 1330->1333 1341 7ff7d0dbc074-7ff7d0dbc07f LeaveCriticalSection 1331->1341 1334 7ff7d0dbbf15-7ff7d0dbbf1d 1332->1334 1335 7ff7d0dbbecb-7ff7d0dbbece 1332->1335 1349 7ff7d0dbbf0f 1333->1349 1350 7ff7d0dbbea5-7ff7d0dbbeb1 1333->1350 1339 7ff7d0dbc022-7ff7d0dbc040 call 7ff7d0de6394 1334->1339 1340 7ff7d0dbbf23-7ff7d0dbbf34 1334->1340 1335->1334 1338 7ff7d0dbbed0-7ff7d0dbbed3 1335->1338 1343 7ff7d0dbbed5-7ff7d0dbbeda 1338->1343 1344 7ff7d0dbbedc-7ff7d0dbbedf 1338->1344 1339->1341 1359 7ff7d0dbc042-7ff7d0dbc049 1339->1359 1340->1339 1346 7ff7d0dbbf3a-7ff7d0dbbf40 1340->1346 1347 7ff7d0dbc0a2-7ff7d0dbc0bc 1341->1347 1348 7ff7d0dbc081-7ff7d0dbc089 1341->1348 1343->1334 1343->1344 1351 7ff7d0dbbee1-7ff7d0dbbee4 1344->1351 1352 7ff7d0dbbee6-7ff7d0dbbf0a call 7ff7d0db12b0 1344->1352 1354 7ff7d0dbbf42-7ff7d0dbbf49 1346->1354 1355 7ff7d0dbbf4e-7ff7d0dbbf53 1346->1355 1348->1347 1356 7ff7d0dbc08b-7ff7d0dbc09d call 7ff7d0dbc0c0 1348->1356 1349->1334 1350->1331 1351->1334 1351->1352 1352->1331 1360 7ff7d0dbbff1-7ff7d0dbbff4 1354->1360 1361 7ff7d0dbbfe2-7ff7d0dbbfe8 1355->1361 1362 7ff7d0dbbf59-7ff7d0dbbf5c 1355->1362 1356->1347 1359->1331 1363 7ff7d0dbbff7 call 7ff7d0dbc0c0 1360->1363 1365 7ff7d0dbbfea 1361->1365 1366 7ff7d0dbbffc-7ff7d0dbc000 1361->1366 1367 7ff7d0dbbf5e-7ff7d0dbbf61 1362->1367 1368 7ff7d0dbbfab-7ff7d0dbbfb1 1362->1368 1363->1366 1365->1360 1366->1339 1372 7ff7d0dbc002-7ff7d0dbc008 1366->1372 1369 7ff7d0dbbf94-7ff7d0dbbfa1 1367->1369 1370 7ff7d0dbbf63-7ff7d0dbbf66 1367->1370 1368->1365 1373 7ff7d0dbbfb3-7ff7d0dbbfdb call 7ff7d0dbc0c0 1368->1373 1376 7ff7d0dbbfa4-7ff7d0dbbfa9 call 7ff7d0dbc0c0 1369->1376 1370->1368 1374 7ff7d0dbbf68-7ff7d0dbbf6b 1370->1374 1372->1339 1375 7ff7d0dbc00a-7ff7d0dbc00e 1372->1375 1381 7ff7d0dbbfe0 1373->1381 1374->1366 1378 7ff7d0dbbf71-7ff7d0dbbf7d 1374->1378 1375->1339 1379 7ff7d0dbc010-7ff7d0dbc01d call 7ff7d0db9b38 1375->1379 1376->1366 1382 7ff7d0dbbf7f-7ff7d0dbbf86 1378->1382 1383 7ff7d0dbbf88-7ff7d0dbbf92 1378->1383 1379->1339 1381->1366 1382->1363 1383->1376
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$CompareEnterErrorLastLeaveString_cwprintf_s_l
                                                                      • String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting %ls variable '%ls' to value '%ls'$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%ls'$Unsetting variable '%ls'$d:\a\wix4\wix4\src\burn\engine\variable.cpp$formatted$string
                                                                      • API String ID: 1673681053-2464245954
                                                                      • Opcode ID: d386d69a2b529bec333ce1dafe3e38c3269cf61878943cdff6c6323a97eab7b2
                                                                      • Instruction ID: b3944ffb0be98138c8f0a2d18f065b6f3a986f4f76f9f1994703ee1f8b6e5e5a
                                                                      • Opcode Fuzzy Hash: d386d69a2b529bec333ce1dafe3e38c3269cf61878943cdff6c6323a97eab7b2
                                                                      • Instruction Fuzzy Hash: F9718071A0874292EA24BB15E8442BEEAB0BF44B91FC06137DA4D077A9DFBDF544C720
                                                                      Function 00007FF7D0E176E8 Relevance: 28.1, APIs: 6, Strings: 10, Instructions: 88libraryloaderCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0DB1A28: LoadLibraryExW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A58
                                                                        • Part of subcall function 00007FF7D0DB1A28: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A66
                                                                      • GetProcAddressForCaller.KERNELBASE(?,?,?,?,00000000,00007FF7D0DB95EE), ref: 00007FF7D0E17715
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00000000,00007FF7D0DB95EE), ref: 00007FF7D0E17730
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00000000,00007FF7D0DB95EE), ref: 00007FF7D0E177B0
                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF7D0DB95EE), ref: 00007FF7D0E177CC
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00000000,00007FF7D0DB95EE), ref: 00007FF7D0E1781D
                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF7D0DB95EE), ref: 00007FF7D0E17839
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$ErrorLast$CallerLibraryLoad
                                                                      • String ID: AdvApi32.dll$Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory$Failed to load Crypt32.dll$Failed to load a decryption method$Failed to load an encryption method$SystemFunction040$SystemFunction041$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\cryputil.cpp
                                                                      • API String ID: 1485715633-402918305
                                                                      • Opcode ID: c8d754dcebb0bcdda32ceb95da721a5f4649e71f8044152adca076483cb7a98f
                                                                      • Instruction ID: 93b5859586a82d510d343524804bebb5087a473a45fb7c5c744db763c27a67f7
                                                                      • Opcode Fuzzy Hash: c8d754dcebb0bcdda32ceb95da721a5f4649e71f8044152adca076483cb7a98f
                                                                      • Instruction Fuzzy Hash: 97411D24A19A2385FB40BB25E88437DA6A5AF14744FC0787BC44D873A9EF6DF949C330
                                                                      Function 00007FF7D0DE72C0 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 243COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1454 7ff7d0de72c0-7ff7d0de72fa CoInitializeEx 1455 7ff7d0de732c-7ff7d0de73a2 call 7ff7d0e2d68a 1454->1455 1456 7ff7d0de72fc-7ff7d0de7327 call 7ff7d0db12b4 1454->1456 1462 7ff7d0de73a4-7ff7d0de73e5 call 7ff7d0db12b0 call 7ff7d0db12b4 1455->1462 1463 7ff7d0de73ea-7ff7d0de741d call 7ff7d0e2d715 1455->1463 1461 7ff7d0de767a-7ff7d0de769a call 7ff7d0e03b50 1456->1461 1482 7ff7d0de7674 CoUninitialize 1462->1482 1471 7ff7d0de7423-7ff7d0de742f 1463->1471 1472 7ff7d0de754c-7ff7d0de7558 SetEvent 1463->1472 1476 7ff7d0de7435-7ff7d0de743b 1471->1476 1477 7ff7d0de766c-7ff7d0de766f call 7ff7d0e2d727 1471->1477 1473 7ff7d0de75bf-7ff7d0de75cf call 7ff7d0db18f4 1472->1473 1474 7ff7d0de755a-7ff7d0de7590 GetLastError call 7ff7d0db12b0 1472->1474 1490 7ff7d0de75df-7ff7d0de75eb ResetEvent 1473->1490 1491 7ff7d0de75d1-7ff7d0de75dd 1473->1491 1489 7ff7d0de7597 1474->1489 1476->1477 1478 7ff7d0de7441-7ff7d0de744c 1476->1478 1477->1482 1483 7ff7d0de7452-7ff7d0de7455 1478->1483 1484 7ff7d0de7509-7ff7d0de7547 call 7ff7d0db12b4 1478->1484 1482->1461 1487 7ff7d0de746d-7ff7d0de7470 1483->1487 1488 7ff7d0de7457-7ff7d0de7468 1483->1488 1484->1477 1495 7ff7d0de74c4-7ff7d0de74c9 1487->1495 1496 7ff7d0de7472 1487->1496 1494 7ff7d0de7505-7ff7d0de7507 1488->1494 1497 7ff7d0de7599-7ff7d0de75ba call 7ff7d0db12b4 1489->1497 1498 7ff7d0de762f-7ff7d0de7635 1490->1498 1499 7ff7d0de75ed-7ff7d0de762a GetLastError call 7ff7d0db12b0 1490->1499 1491->1497 1494->1472 1494->1484 1502 7ff7d0de7500 1495->1502 1503 7ff7d0de74cb-7ff7d0de74ce 1495->1503 1504 7ff7d0de7474-7ff7d0de7478 1496->1504 1505 7ff7d0de74bd-7ff7d0de74c2 1496->1505 1497->1477 1500 7ff7d0de7667 1498->1500 1501 7ff7d0de7637-7ff7d0de763a 1498->1501 1499->1489 1500->1477 1509 7ff7d0de7663-7ff7d0de7665 1501->1509 1510 7ff7d0de763c-7ff7d0de765e call 7ff7d0db12b0 1501->1510 1502->1494 1511 7ff7d0de74d0-7ff7d0de74d3 1503->1511 1512 7ff7d0de74f9-7ff7d0de74fe 1503->1512 1513 7ff7d0de74b6-7ff7d0de74bb 1504->1513 1514 7ff7d0de747a-7ff7d0de747d 1504->1514 1505->1484 1509->1477 1510->1489 1517 7ff7d0de74d5-7ff7d0de74d8 1511->1517 1518 7ff7d0de74f2-7ff7d0de74f7 1511->1518 1512->1484 1513->1484 1519 7ff7d0de74af-7ff7d0de74b4 1514->1519 1520 7ff7d0de747f-7ff7d0de7482 1514->1520 1522 7ff7d0de74eb-7ff7d0de74f0 1517->1522 1523 7ff7d0de74da-7ff7d0de74dd 1517->1523 1518->1484 1519->1484 1524 7ff7d0de7484-7ff7d0de7487 1520->1524 1525 7ff7d0de74a8-7ff7d0de74ad 1520->1525 1522->1484 1526 7ff7d0de74e6-7ff7d0de74e9 1523->1526 1527 7ff7d0de74df-7ff7d0de74e4 1523->1527 1528 7ff7d0de74a1-7ff7d0de74a6 1524->1528 1529 7ff7d0de7489-7ff7d0de748c 1524->1529 1525->1484 1526->1484 1527->1484 1528->1484 1530 7ff7d0de748e-7ff7d0de7491 1529->1530 1531 7ff7d0de749a-7ff7d0de749f 1529->1531 1530->1527 1532 7ff7d0de7493-7ff7d0de7498 1530->1532 1531->1484 1532->1484
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeUninitialize
                                                                      • String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 3442037557-242603754
                                                                      • Opcode ID: 7adcdc5a8a9af30590740795bf714f35760b2b2a20ca7a4185b08767b44b0a21
                                                                      • Instruction ID: 68680ed48cfc0c405f1f88fbdd3efc3b93d2a3614ba9bfa6cf832552177db1b3
                                                                      • Opcode Fuzzy Hash: 7adcdc5a8a9af30590740795bf714f35760b2b2a20ca7a4185b08767b44b0a21
                                                                      • Instruction Fuzzy Hash: 35B17331B1CA03D2E7A9BB65A49067EE6A0BB44744FD0623BD68E4779CDF2DF5008724
                                                                      Function 00007FF7D0E2E140 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 195libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: DloadSection$AccessWrite$ExceptionProtectRaiseRelease$AcquireErrorLastLibraryLoad
                                                                      • String ID: H
                                                                      • API String ID: 282135826-2852464175
                                                                      • Opcode ID: 4e34e669640002ee8d01061e8b33f596ebf32558e760d5e641b27431fa9a45f2
                                                                      • Instruction ID: e25db1b298fc79cd1358efa3088fa07fc0e01ce8133c2f8e023c16b90e92467e
                                                                      • Opcode Fuzzy Hash: 4e34e669640002ee8d01061e8b33f596ebf32558e760d5e641b27431fa9a45f2
                                                                      • Instruction Fuzzy Hash: D2911A22A15B61C6EB44FF75D8446ACA3A5FB08B55BC4643ADE0E17758EF38F445C310
                                                                      Function 00007FF7D0DB8E70 Relevance: 26.4, APIs: 6, Strings: 9, Instructions: 177windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close$Handle$MessagePostWindow
                                                                      • String ID: "%ls" %ls$Failed to allocate full command-line.$Failed to cache to clean room.$Failed to create clean room command-line.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to open clean room log.$Failed to wait for clean room process: %ls$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                      • API String ID: 417716614-4161841978
                                                                      • Opcode ID: bae6123957e4273f7784ba016ea0feb86eda75a7a8ff06c76d11c23fb709da8a
                                                                      • Instruction ID: d4d733e83614a53aa0a7e25f0fbd9e413ce8513cd722f1dc06d9bb87bdfbd1ca
                                                                      • Opcode Fuzzy Hash: bae6123957e4273f7784ba016ea0feb86eda75a7a8ff06c76d11c23fb709da8a
                                                                      • Instruction Fuzzy Hash: B1815A22B18A5295EB10AF61D8507BDABB4FB48798FD02137EA0D57B98DF3DE541C320
                                                                      Function 00007FF7D0E184AC Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 183COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000002,?,?,00007FF7D0DCEFD4,?,?,?,00000000), ref: 00007FF7D0E184E5
                                                                      • LeaveCriticalSection.KERNEL32 ref: 00007FF7D0E1874E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: Failed to combine the log path.$Failed to copy log path.$Failed to create log based on current system time.$Failed to ensure log file directory exists: %ls$Failed to expand the log path.$Failed to get log directory.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp$failed to create log file: %ls
                                                                      • API String ID: 3168844106-925379867
                                                                      • Opcode ID: 751fe80f44d8e4d0e2df0ca450a6af9a07c1acce500d0bc969fc8d54e05a2207
                                                                      • Instruction ID: 05026fc7f3b68bfea1deec597e2b69a068ae381a5ded786b2312655df627cab0
                                                                      • Opcode Fuzzy Hash: 751fe80f44d8e4d0e2df0ca450a6af9a07c1acce500d0bc969fc8d54e05a2207
                                                                      • Instruction Fuzzy Hash: 85819F25B08A1285EB10FB21E8905BDA3A5EF84794FD02937E94D83B9CDF3CF4448360
                                                                      Function 00007FF7D0DC1534 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 137fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
                                                                      • String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$d:\a\wix4\wix4\src\burn\engine\container.cpp
                                                                      • API String ID: 2619879409-4109612866
                                                                      • Opcode ID: 580a574426d25143b1fe845e18140cefabf155fe4583366fdbb8ba1263da41e5
                                                                      • Instruction ID: d5d13b5c985e830f981d2fb8652f5b7f4c8dfcb81e845fc3b52608507522783e
                                                                      • Opcode Fuzzy Hash: 580a574426d25143b1fe845e18140cefabf155fe4583366fdbb8ba1263da41e5
                                                                      • Instruction Fuzzy Hash: 4B51A136A14B2286E710AF26984066AA6A4FB48B90FD1513BDD4D83798DF3CE941C794
                                                                      Function 00007FF7D0DB10B0 Relevance: 22.8, APIs: 2, Strings: 11, Instructions: 96fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0DB543C: SetLastError.KERNEL32(?,?,?,?,?,00007FF7D0DB1155), ref: 00007FF7D0DB5462
                                                                        • Part of subcall function 00007FF7D0DB543C: GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7D0DB1155), ref: 00007FF7D0DB5474
                                                                        • Part of subcall function 00007FF7D0DB543C: GetLastError.KERNEL32(?,?,?,?,?,00007FF7D0DB1155), ref: 00007FF7D0DB547E
                                                                      • CreateFileW.KERNELBASE ref: 00007FF7D0DB117F
                                                                        • Part of subcall function 00007FF7D0DB1728: HeapSetInformation.KERNEL32 ref: 00007FF7D0DB1749
                                                                        • Part of subcall function 00007FF7D0DB1728: GetLastError.KERNEL32 ref: 00007FF7D0DB176F
                                                                        • Part of subcall function 00007FF7D0DB1728: GetLastError.KERNEL32 ref: 00007FF7D0DB179C
                                                                      • CloseHandle.KERNEL32 ref: 00007FF7D0DB11FD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$File$CloseCreateHandleHeapInformationModuleName
                                                                      • String ID: D:\a\wix4\wix4\src\burn\stub\stub.cpp$Failed to run application.$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll
                                                                      • API String ID: 1668717245-1077387440
                                                                      • Opcode ID: 3ccf7bc6d4935e85ba92efac8401e58cf0f84e35340b10170e0968822d1386aa
                                                                      • Instruction ID: f2dcd2748c3f8b8ca2569bc00a031f05debd4f0971e4a94d00bc5e3c76a5b5f5
                                                                      • Opcode Fuzzy Hash: 3ccf7bc6d4935e85ba92efac8401e58cf0f84e35340b10170e0968822d1386aa
                                                                      • Instruction Fuzzy Hash: 63413A22B08B0299E710EF61E8407ADA6A4AB487A8FC01237DE1D53799DE38E1198354
                                                                      Function 00007FF7D0DE66F0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 111fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
                                                                      • String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 3030546534-373254902
                                                                      • Opcode ID: 36aeb0f077e8e6d3bcab6fa8a93048137311a701b94667b809691f3c98990815
                                                                      • Instruction ID: 1186f70eb216d1552bc961b8e58ef66e2cf3a01eeb19a1538892eb90ef3dcbe7
                                                                      • Opcode Fuzzy Hash: 36aeb0f077e8e6d3bcab6fa8a93048137311a701b94667b809691f3c98990815
                                                                      • Instruction Fuzzy Hash: ED519171B18B4186E710AF66E48066EA7A5FB48794FD0123BDA9D83798CF3CF415C750
                                                                      Function 00007FF7D0DE7964 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateErrorEventLast
                                                                      • String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 545576003-2441605526
                                                                      • Opcode ID: ec51110445c90a18dd0a850491692b75788af5036563afb27417c28084b248ce
                                                                      • Instruction ID: e96228f446fcb37cc6bc90bab2d1f07e5449ec05926769fee06e18172bc4df21
                                                                      • Opcode Fuzzy Hash: ec51110445c90a18dd0a850491692b75788af5036563afb27417c28084b248ce
                                                                      • Instruction Fuzzy Hash: DC41B021B18B4296F755BB79A88077EA2A4AF84354FD0223BDA4D83799DE3CF5058720
                                                                      Function 00007FF7D0E21C08 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0DB1A28: LoadLibraryExW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A58
                                                                        • Part of subcall function 00007FF7D0DB1A28: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A66
                                                                      • CoTaskMemFree.OLE32 ref: 00007FF7D0E21D62
                                                                      • FreeLibrary.KERNEL32 ref: 00007FF7D0E21D72
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLibrary$ErrorLastLoadTask
                                                                      • String ID: Failed to backslash terminate shell folder path: %ls$Failed to copy shell folder path: %ls$Failed to find SHGetKnownFolderPath entry point.$Failed to get known folder path.$Failed to load shell32.dll.$SHGetKnownFolderPath$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\shelutil.cpp$shell32.dll
                                                                      • API String ID: 3444712580-2659096373
                                                                      • Opcode ID: 744b55a3f1a22f1e5c26f0793c575aa380f9337dbc3496ecdbd2fdf977bea8a8
                                                                      • Instruction ID: 0ab629308ed967278d30133892936207eca01ebc76f524e9db05f2315e7ff8be
                                                                      • Opcode Fuzzy Hash: 744b55a3f1a22f1e5c26f0793c575aa380f9337dbc3496ecdbd2fdf977bea8a8
                                                                      • Instruction Fuzzy Hash: 81415C25B08B4292EB10BB22E4803BDA760AF98780FC4613BD94D87BA8DF2DF545C710
                                                                      Function 00007FF7D0DD91E0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentHandleProcess$CloseDuplicateErrorLast
                                                                      • String ID: -%ls=%Iu$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$d:\a\wix4\wix4\src\burn\engine\core.cpp
                                                                      • API String ID: 4224961946-761155037
                                                                      • Opcode ID: 05a9ff7a00f17664ffa273747c6835349083bcbaf57dd01e3c6d1667ddbf1e4f
                                                                      • Instruction ID: ac82726315b03537f669409c05b857649c33340c320d42eea86ea77aa59235fa
                                                                      • Opcode Fuzzy Hash: 05a9ff7a00f17664ffa273747c6835349083bcbaf57dd01e3c6d1667ddbf1e4f
                                                                      • Instruction Fuzzy Hash: 95318231B08B4295E710AF26E88026EEAA4BB847A4FD41137DE5D837A8DE7CF045C764
                                                                      Function 00007FF7D0E1887C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 116fileCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,00000000,00000001,00007FF7D0E17C45), ref: 00007FF7D0E18898
                                                                      • WriteFile.KERNELBASE(?,?,?,?,?,00000000,00000001,00007FF7D0E17C45), ref: 00007FF7D0E18990
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000001,00007FF7D0E17C45), ref: 00007FF7D0E1899A
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00000000,00000001,00007FF7D0E17C45), ref: 00007FF7D0E18A19
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterErrorFileLastLeaveWrite
                                                                      • String ID: Failed to concatenate string to pre-init buffer$Failed to get length of raw string$Failed to write output to log: %ls - %hs$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp
                                                                      • API String ID: 1726892732-492501437
                                                                      • Opcode ID: c1764fad8848d23bf1665b4f293170b41e4aa1ba0d3e3a119a87483487ba6b30
                                                                      • Instruction ID: 1af7e00a389af638c6e5aec72f69c0fd219c8694c618d86d9973aa4254c54bbf
                                                                      • Opcode Fuzzy Hash: c1764fad8848d23bf1665b4f293170b41e4aa1ba0d3e3a119a87483487ba6b30
                                                                      • Instruction Fuzzy Hash: 9341BB31B08A5286E710BF25A98417EE261EF847A0FD42637D99E537A8DF3CF9058720
                                                                      Function 00007FF7D0DB79E8 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 98COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDirectoryErrorLast$AttributesFile
                                                                      • String ID: \$cannot find parent path$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp$failed to create path: %ls
                                                                      • API String ID: 925696554-4176349969
                                                                      • Opcode ID: a47ff287e19a3a8d91f3f2231897a73d5faa99af46d11c675ef9933b743574db
                                                                      • Instruction ID: 30dd5e173d5e38c88d6e962bde76770dc4698cd2b9b97e110614c99508c15818
                                                                      • Opcode Fuzzy Hash: a47ff287e19a3a8d91f3f2231897a73d5faa99af46d11c675ef9933b743574db
                                                                      • Instruction Fuzzy Hash: 1A416021B0874296EB50BF22A59067EFAA1AF44BC0FC46037DA4D87759EF3CF9418764
                                                                      Function 00007FF7D0DB8018 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 79COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0DB8056
                                                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0DB8063
                                                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0DB807A
                                                                      • GetCurrentProcess.KERNEL32(?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0DB809E
                                                                        • Part of subcall function 00007FF7D0E18E18: OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,00007FF7D0DB80B3,?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0E18E3A
                                                                        • Part of subcall function 00007FF7D0E18E18: GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7D0DB80B3,?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0E18E44
                                                                        • Part of subcall function 00007FF7D0E18E18: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,00007FF7D0DB80B3,?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0E18F25
                                                                        • Part of subcall function 00007FF7D0DDB24C: CompareStringW.KERNEL32 ref: 00007FF7D0DDB2D8
                                                                        • Part of subcall function 00007FF7D0DDB24C: CompareStringW.KERNEL32 ref: 00007FF7D0DDB30B
                                                                        • Part of subcall function 00007FF7D0DDB24C: CompareStringW.KERNEL32 ref: 00007FF7D0DDB33F
                                                                        • Part of subcall function 00007FF7D0DDB24C: CompareStringW.KERNEL32 ref: 00007FF7D0DDB373
                                                                        • Part of subcall function 00007FF7D0DDB24C: CompareStringW.KERNEL32 ref: 00007FF7D0DDB3A7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString$CriticalInitializeSection$Process$CloseCurrentErrorHandleLastOpenToken
                                                                      • String ID: Failed to initialize engine section.$Failed to initialize internal cache functionality.$Fatal error while parsing command line.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                      • API String ID: 268551788-2320754317
                                                                      • Opcode ID: 42432ae88bd107c23b7aa40bb498d589d0f96d6003efd884acea9435c5eee8fc
                                                                      • Instruction ID: adbf2438cc61f9227086a0a6f0cf958c1f46803d612ee96b311d94b3222d78a8
                                                                      • Opcode Fuzzy Hash: 42432ae88bd107c23b7aa40bb498d589d0f96d6003efd884acea9435c5eee8fc
                                                                      • Instruction Fuzzy Hash: 9D318D31709B8295E710BB25E8406EEB764FB49798FD01237DA5C87B99EF78E246C310
                                                                      Function 00007FF7D0E18E18 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,00007FF7D0DB80B3,?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0E18E3A
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7D0DB80B3,?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0E18E44
                                                                      • GetTokenInformation.KERNELBASE(?,?,?,?,?,?,?,00007FF7D0DB80B3,?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0E18E9F
                                                                      • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,00007FF7D0DB80B3,?,?,?,?,00000000,00007FF7D0DB9589), ref: 00007FF7D0E18F25
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Token$CloseErrorHandleInformationLastOpenProcess
                                                                      • String ID: Failed to get elevation token from process.$Failed to open process token.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp
                                                                      • API String ID: 3370771294-1812211342
                                                                      • Opcode ID: 38ed1fb0a8f90a3d5dfb85c646750d73fb2bfd1109399e7609f7eff655dcee40
                                                                      • Instruction ID: 1d7d5aba6f1b57bf95a688ad2dcfe76b101098bd53db92376996a787e33457e7
                                                                      • Opcode Fuzzy Hash: 38ed1fb0a8f90a3d5dfb85c646750d73fb2bfd1109399e7609f7eff655dcee40
                                                                      • Instruction Fuzzy Hash: 45317031B08742DAE700BF61E9806ADA2A1EB84B50FC0513BDA4E83358DF3CF955C764
                                                                      Function 00007FF7D0E1EE04 Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FromProg$Initialize
                                                                      • String ID: MSXML.DOMDocument$Msxml2.DOMDocument$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed to get CLSID for XML DOM$failed to initialize COM
                                                                      • API String ID: 4047641309-3267221515
                                                                      • Opcode ID: dffb43baaddad9bc6bdb51b739d96642f4a3a695025360941462ed5dcd0f4e73
                                                                      • Instruction ID: 204433d1c07e95f49f769e520c26032236bcae3a71fe88813023c3ec1501d2a2
                                                                      • Opcode Fuzzy Hash: dffb43baaddad9bc6bdb51b739d96642f4a3a695025360941462ed5dcd0f4e73
                                                                      • Instruction Fuzzy Hash: 8211D764B1961286EB50BB21E98527DA2A1EF14314FD02977D80D823A8EE7DF5898631
                                                                      Function 00007FF7D0E23128 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 123memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$Global$AllocFree
                                                                      • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp$failed to allocate version info for file: %ls$failed to get version info for file: %ls$failed to get version value for file: %ls
                                                                      • API String ID: 1145190524-120110023
                                                                      • Opcode ID: 39d30e47cf5d98fbb08267685f51a69969a6f4ec8c60af5f2ef1cbb306806ffd
                                                                      • Instruction ID: 2ee53d48f6ef4531443c5490318672d320c305758c60d6c25b0b687b66035b75
                                                                      • Opcode Fuzzy Hash: 39d30e47cf5d98fbb08267685f51a69969a6f4ec8c60af5f2ef1cbb306806ffd
                                                                      • Instruction Fuzzy Hash: A0517C21B0870286E710FF76A8845ADB7A4BB44B90FD0653BDA4D83799DF7CF8458B24
                                                                      Function 00007FF7D0DE68E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 104fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLast$PointerRead
                                                                      • String ID: Failed to move to virtual file pointer.$Failed to read during cabinet extraction.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 2170121939-693781326
                                                                      • Opcode ID: 0ed86816ffb5f291a339978eed2719b9eb369ea735997d4a2ce8bf672f78d7e3
                                                                      • Instruction ID: 9d6e7682ac1b86e5f81e09bb35653c0ccf0ed477b0d1e1f428154a71930b2547
                                                                      • Opcode Fuzzy Hash: 0ed86816ffb5f291a339978eed2719b9eb369ea735997d4a2ce8bf672f78d7e3
                                                                      • Instruction Fuzzy Hash: DA416536B0464196E711AF26F88066EE6A4FB84B90FC0113BDE8E87769DF3CE545C710
                                                                      Function 00007FF7D0E20D4C Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Both paths are required.$Failed to canonicalize wzPath1.$Failed to canonicalize wzPath2.$Failed to compare canonicalized paths.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp
                                                                      • API String ID: 0-2188151180
                                                                      • Opcode ID: fede792173ae96eece8cb60ed36197cea2215e18a9e17279548623fb713c1418
                                                                      • Instruction ID: cead174ebe48dcb860289ed09c81a7ad168d6bf9da9dc39dfc5f99df4971bf71
                                                                      • Opcode Fuzzy Hash: fede792173ae96eece8cb60ed36197cea2215e18a9e17279548623fb713c1418
                                                                      • Instruction Fuzzy Hash: 3B317C21B0864286EB10FB75A4903BEA6A0AF88790FD1553BD94D8379ADF7CF940C760
                                                                      Function 00007FF7D0DB1AE4 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 84COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: %ls%ls$Failed to create the fully-qualified path to %ls.$Failed to get the Windows system directory.$Failed to load the library %ls.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp
                                                                      • API String ID: 0-242608188
                                                                      • Opcode ID: 67ef53d6fb76c82031dae7dc45e5c0847792aa4b6c13489baefde53258fd5f2a
                                                                      • Instruction ID: e2af156dc53ec2bb073e4270ed9bae3b109a672314002d8526f60638cdd6dab1
                                                                      • Opcode Fuzzy Hash: 67ef53d6fb76c82031dae7dc45e5c0847792aa4b6c13489baefde53258fd5f2a
                                                                      • Instruction Fuzzy Hash: FF313B26B08B4292E710AF26E48036EFBA4FB84B80FD45137DA4D83769DF3CE5518B54
                                                                      Function 00007FF7D0E167B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ArgvCommandErrorLastLine
                                                                      • String ID: Failed to copy command line.$Failed to initialize command line.$Failed to parse command line.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\app2util.cpp$ignored
                                                                      • API String ID: 3459693003-1494111247
                                                                      • Opcode ID: 9d40f0f7c73836f8c8e5373fdfa9186b3953c36ccd197477d62e72ff3c91e7d9
                                                                      • Instruction ID: 1987819470cf4a47d21eb4a8968f70fe3bea281d25073073c99f032341214461
                                                                      • Opcode Fuzzy Hash: 9d40f0f7c73836f8c8e5373fdfa9186b3953c36ccd197477d62e72ff3c91e7d9
                                                                      • Instruction Fuzzy Hash: 58315822B18B0286EB00FF25D48476EA7A0EB88780FC0653BDA4D83799DE7CF505C760
                                                                      Function 00007FF7D0DD9308 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 72fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateFileHandle
                                                                      • String ID: -%ls=%Iu$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self$d:\a\wix4\wix4\src\burn\engine\core.cpp
                                                                      • API String ID: 3498533004-2018830601
                                                                      • Opcode ID: 2c5df6709ce8b56ce8360d0c2c22f3e1b031a008ac5ae8c2b80303a8fdf89c6d
                                                                      • Instruction ID: 0718ec01667fd2d52384e56104df12f1a200a7d7f714bc3f5ff4fc7d454111c4
                                                                      • Opcode Fuzzy Hash: 2c5df6709ce8b56ce8360d0c2c22f3e1b031a008ac5ae8c2b80303a8fdf89c6d
                                                                      • Instruction Fuzzy Hash: C9313731608B4285E710AF21D8046ADA3A4AB487B4FD95337DA7C473D8DF7AE5468760
                                                                      Function 00007FF7D0E1AD6C Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 138stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrlenW.KERNEL32(?,?,?,?,PackageCache,WiX\Burn,?,?,?,00007FF7D0E1A998), ref: 00007FF7D0E1AF16
                                                                        • Part of subcall function 00007FF7D0DB6A48: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7D0DB6EA4), ref: 00007FF7D0DB6A51
                                                                        • Part of subcall function 00007FF7D0DB6A48: RtlFreeHeap.NTDLL(?,?,00000000,00007FF7D0DB6EA4), ref: 00007FF7D0DB6A5F
                                                                        • Part of subcall function 00007FF7D0DB6A48: GetLastError.KERNEL32(?,?,00000000,00007FF7D0DB6EA4), ref: 00007FF7D0DB6A6B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$ErrorFreeLastProcesslstrlen
                                                                      • String ID: Failed to allocate buffer for raw registry value.$Failed to expand registry value: %ls$Failed to get size of raw registry value.$Failed to read raw registry value.$PackageCache$WiX\Burn$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                      • API String ID: 1805815496-2559918165
                                                                      • Opcode ID: 04af35d9d5a7741def71e8a98dd706fb70bb0de10536a0b71740f88334786d69
                                                                      • Instruction ID: 38d84930736d60b6b5f9d4e90ab46e8d6e24f96378f20048e93ded58f3c651ca
                                                                      • Opcode Fuzzy Hash: 04af35d9d5a7741def71e8a98dd706fb70bb0de10536a0b71740f88334786d69
                                                                      • Instruction Fuzzy Hash: 94518161B0874285EB20BB12A4842BDB2A1FF48794FD46577DA8D87759DF3DF482C321
                                                                      Function 00007FF7D0E25F8C Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 140COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast
                                                                      • String ID: Failed to allocate space for expanded path.$Failed to expand environment variables in string: %ls$Failed to get max length of input buffer.$Failed to get max length of written input buffer.$Failed to re-allocate more space for expanded path.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\env2util.cpp
                                                                      • API String ID: 1452528299-33012345
                                                                      • Opcode ID: 0013e021e670484a279ca5946d82639de24c974ab2ea8a11bc299b73e1ce5e5c
                                                                      • Instruction ID: 87fc21c2d6d197b6dcf3dca1bbf6965de24c0befa99624b5b4715a50f72396c4
                                                                      • Opcode Fuzzy Hash: 0013e021e670484a279ca5946d82639de24c974ab2ea8a11bc299b73e1ce5e5c
                                                                      • Instruction Fuzzy Hash: 8451E326B0970282EB24FB35A98057EA2A4BF44B94FD0523BCE0D83799DF3DF8159354
                                                                      Function 00007FF7D0E1EEC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • VariantInit.OLEAUT32 ref: 00007FF7D0E1EF13
                                                                        • Part of subcall function 00007FF7D0E1E4B8: GetModuleHandleA.KERNEL32(?,?,?,?,?,00000000,?,00007FF7D0E1EF27), ref: 00007FF7D0E1E4F7
                                                                        • Part of subcall function 00007FF7D0E1E4B8: GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00007FF7D0E1EF27), ref: 00007FF7D0E1E509
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorHandleInitLastModuleVariant
                                                                      • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed XmlCreateDocument$failed loadXML$failed put_resolveExternals$failed put_validateOnParse
                                                                      • API String ID: 52713655-3681987369
                                                                      • Opcode ID: 1f3dcb7df1545f6f33462148bd07c74ca6560f1befc8b4b5d3bd1dbd089af84f
                                                                      • Instruction ID: e0ddeb2b7ccb882227e9c3508800f2225523c5fd3bfc98b28c19669a00f5c2b8
                                                                      • Opcode Fuzzy Hash: 1f3dcb7df1545f6f33462148bd07c74ca6560f1befc8b4b5d3bd1dbd089af84f
                                                                      • Instruction Fuzzy Hash: 39518926B04A419AEB10EF65E4406EDB3B1BB88798FC55132DE0D57768DF38E546C360
                                                                      Function 00007FF7D0E0E2B8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7D0E0A7F5,?,?,?,?,00007FF7D0DB6E74), ref: 00007FF7D0E0E2C7
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7D0E0A7F5,?,?,?,?,00007FF7D0DB6E74), ref: 00007FF7D0E0E2FD
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7D0E0A7F5,?,?,?,?,00007FF7D0DB6E74), ref: 00007FF7D0E0E32A
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7D0E0A7F5,?,?,?,?,00007FF7D0DB6E74), ref: 00007FF7D0E0E33B
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7D0E0A7F5,?,?,?,?,00007FF7D0DB6E74), ref: 00007FF7D0E0E34C
                                                                      • SetLastError.KERNEL32(?,?,?,00007FF7D0E0A7F5,?,?,?,?,00007FF7D0DB6E74), ref: 00007FF7D0E0E367
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Value$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 2506987500-0
                                                                      • Opcode ID: 6262d057a812f5c2f928db953ebc8865f7822feda257fda2b0ccab29179fa8de
                                                                      • Instruction ID: 0391643d485187d76f6fb158b1723b9240e6bc670b305b87edaaecda1f47ffb2
                                                                      • Opcode Fuzzy Hash: 6262d057a812f5c2f928db953ebc8865f7822feda257fda2b0ccab29179fa8de
                                                                      • Instruction Fuzzy Hash: CB116A20E0D24282FA68B771A55153DE5926F857F0FC4673AE83E2B7DEDE6CB4418231
                                                                      Function 00007FF7D0DE6A70 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 108COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 2976181284-2861879377
                                                                      • Opcode ID: b25aeacc7a5ecf52bfd3d6918e6d373c1f59895f061c1cfa0569b1339377962d
                                                                      • Instruction ID: e2af3aa7a05a096c1b3f80344f1426aa6e80050aa7734df30f6d24e060a564ee
                                                                      • Opcode Fuzzy Hash: b25aeacc7a5ecf52bfd3d6918e6d373c1f59895f061c1cfa0569b1339377962d
                                                                      • Instruction Fuzzy Hash: B8419C76B18A4186E715AF29E44062EE3A4FB84B98FD0513BDA8D83B58DF7CE901C710
                                                                      Function 00007FF7D0E21D8C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLast$ReadWrite
                                                                      • String ID: Failed to read from source.$Failed to write to target.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                      • API String ID: 277903624-3357669501
                                                                      • Opcode ID: c3623f6dce8561f4e16c1ea28ea20801cc825525acd0a3b2ccc0281a51f03d9c
                                                                      • Instruction ID: a9317ad940d798c9f5c587c6aa2afd89a6a53f8bdda1fab6d7984ed5b6ea6114
                                                                      • Opcode Fuzzy Hash: c3623f6dce8561f4e16c1ea28ea20801cc825525acd0a3b2ccc0281a51f03d9c
                                                                      • Instruction Fuzzy Hash: 9831DB22B1874146E721BF76A8407BEA2D4BB54790FC4203AED4DC7758EE7CF5418B10
                                                                      Function 00007FF7D0DDA168 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 81processCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateErrorLastProcess
                                                                      • String ID: CreateProcessW failed with return code: %d$d:\a\wix4\wix4\src\burn\engine\core.cpp$h
                                                                      • API String ID: 2919029540-2795142421
                                                                      • Opcode ID: 63136635b7cc7fff6d37b532b63b2002f07edd3706672013ec74a1decf7ef047
                                                                      • Instruction ID: e7f9a2a6fd1d2d61f50f44693aa1240d0ba771143391c5302937261d63124b76
                                                                      • Opcode Fuzzy Hash: 63136635b7cc7fff6d37b532b63b2002f07edd3706672013ec74a1decf7ef047
                                                                      • Instruction Fuzzy Hash: 56317E36B18B5186D760AF16E84079EB6A4FB98B80FC55137DA8C83B58DF3CE840CB50
                                                                      Function 00007FF7D0E267D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: Failed to combine logging path with root path.$Failed to open policy registry key.$SOFTWARE\Policies\$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp
                                                                      • API String ID: 3535843008-3658365009
                                                                      • Opcode ID: 7c158a826ac962699e3e50e9d92df213c7158d16258fb56f1560f8e17691051e
                                                                      • Instruction ID: 2d6cf08db26f30041dc159da987ff2190e9eab974abe7a7995400731c0eedf6d
                                                                      • Opcode Fuzzy Hash: 7c158a826ac962699e3e50e9d92df213c7158d16258fb56f1560f8e17691051e
                                                                      • Instruction Fuzzy Hash: A0219D21B08A4286EB18BBB1E49037EE260AF40794FC0563FDA1C86799EE6CF4048721
                                                                      Function 00007FF7D0E19750 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CodeErrorExitLastObjectProcessSingleWait
                                                                      • String ID: Failed to get process return code.$Failed to wait for process to complete.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp
                                                                      • API String ID: 1402617016-1146304469
                                                                      • Opcode ID: b58a270557d855a03ee4fa10c8ab8fbd562e98b6f65b554e0cebba0a7ff55790
                                                                      • Instruction ID: af9cd885c671a047b1738069289c8282558f5cff3a12a4efc5645b87bcee7a47
                                                                      • Opcode Fuzzy Hash: b58a270557d855a03ee4fa10c8ab8fbd562e98b6f65b554e0cebba0a7ff55790
                                                                      • Instruction Fuzzy Hash: 0F119025B0875296E710BF66A5802AEE6A0AF44B90FE41137D94D8379CDE6CF842C720
                                                                      Function 00007FF7D0E25BF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFromStringUuid
                                                                      • String ID: Failed to convert guid into string.$UuidCreate failed.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\guidutil.cpp
                                                                      • API String ID: 4041566446-2208176607
                                                                      • Opcode ID: cd3b1b1c901f0fd644786a3a336bff44b11559b46f2e1844788a9fd255fd8d48
                                                                      • Instruction ID: 0ef36aef314fabecd71a9beb3481d744a07c1323831fdf0b88c0de53ef31faf4
                                                                      • Opcode Fuzzy Hash: cd3b1b1c901f0fd644786a3a336bff44b11559b46f2e1844788a9fd255fd8d48
                                                                      • Instruction Fuzzy Hash: DE117F36B18B4192E710BB21E4451BEB3A5BB88780FC0113BD94D47759DF3CE5058B60
                                                                      Function 00007FF7D0E26AEC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: Failed to open policy key: %ls$Failed to open policy key: %ls, name: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp
                                                                      • API String ID: 3535843008-3938230626
                                                                      • Opcode ID: 95d397c66bba2a481464947047cd6f447f6c8a926cb568db43dc6d2bec47399a
                                                                      • Instruction ID: 0f20ce949d586520eb042a9a41550a4990ff77824b17f56c40f1b96c442c4552
                                                                      • Opcode Fuzzy Hash: 95d397c66bba2a481464947047cd6f447f6c8a926cb568db43dc6d2bec47399a
                                                                      • Instruction Fuzzy Hash: 49418E36619B4286EB21BF61D4816BDB3A0FB84B80FD4523ADA4D43B58CF3CF9418710
                                                                      Function 00007FF7D0E269B4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 91registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: Failed to open policy key: %ls$Failed to open policy key: %ls, name: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp
                                                                      • API String ID: 3535843008-3938230626
                                                                      • Opcode ID: ff7931b8b1674e865f2da662e8de733600184583745fc0a2d1aa875053382bdf
                                                                      • Instruction ID: dbda8cd7acd1549d49c245115c051663e802de940e456036a7df226485dd18fb
                                                                      • Opcode Fuzzy Hash: ff7931b8b1674e865f2da662e8de733600184583745fc0a2d1aa875053382bdf
                                                                      • Instruction Fuzzy Hash: 5731BF7261864286EB20BF61E48067EB2A0FB84B80FD4963BDA4D53B58DF3CF9518710
                                                                      Function 00007FF7D0E235EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID: Failed to write data to file handle.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                      • API String ID: 442123175-1082378667
                                                                      • Opcode ID: d407306c0fdceb1b3a9534ce4aa4d1dbd145b762a14b25958bfaf9da883fd8e2
                                                                      • Instruction ID: 767c159879171abb7c4ea29a1d22dbd29e8af1080556bfe1aeffa4d0a6c8409e
                                                                      • Opcode Fuzzy Hash: d407306c0fdceb1b3a9534ce4aa4d1dbd145b762a14b25958bfaf9da883fd8e2
                                                                      • Instruction Fuzzy Hash: 6921B032B08B5196E320FF76E4402ADE6A5BB84BA0FD4123BDE4C47799DF3CE5458A10
                                                                      Function 00007FF7D0E22E84 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID: Failed to set file pointer.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                      • API String ID: 2976181284-4026511950
                                                                      • Opcode ID: 9c56ff33643dbda1b4ee31b5768f95f131e0a70ca5b467b0d3bb42afc0c88646
                                                                      • Instruction ID: f339db7121915b1b26602685ff68b2c68075277fad57ab75f64f22186d4fc05a
                                                                      • Opcode Fuzzy Hash: 9c56ff33643dbda1b4ee31b5768f95f131e0a70ca5b467b0d3bb42afc0c88646
                                                                      • Instruction Fuzzy Hash: 8101C432B0860196E7007B26E5905BEE6B0AF44790FD4113FDA4E837ACDE2CE9418714
                                                                      Function 00007FF7D0E03C5C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                      • String ID:
                                                                      • API String ID: 1452418845-0
                                                                      • Opcode ID: 27b8dab774c2d9bab2e773a9f7d5706ea40abbe41812c2071e251beafb35e4d2
                                                                      • Instruction ID: 29eb39434c7a1733198cf4f608b502069ede5fdadcb94d82b01a6fccba078228
                                                                      • Opcode Fuzzy Hash: 27b8dab774c2d9bab2e773a9f7d5706ea40abbe41812c2071e251beafb35e4d2
                                                                      • Instruction Fuzzy Hash: 83311361A0920682FA28BB7595513BDE295BF41744FC4653BEA4E2B3AFDE2CB5048231
                                                                      Function 00007FF7D0E1A674 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,00000000,00007FF7D0E1A66D), ref: 00007FF7D0E1A6C1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Open
                                                                      • String ID: Failed to open registry key, root: %x, subkey: %ls.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                      • API String ID: 71445658-2584571730
                                                                      • Opcode ID: 965dfb476a08b0058f714feff75aa3df8aa7835b1a35abdcb0ef4915d9edd745
                                                                      • Instruction ID: 8568b0ad823395a9b2b8440229b0f3eb5387400c9fd858d550f0659ec104c8b4
                                                                      • Opcode Fuzzy Hash: 965dfb476a08b0058f714feff75aa3df8aa7835b1a35abdcb0ef4915d9edd745
                                                                      • Instruction Fuzzy Hash: 08218631B1865142F724BB16F54467EB6E0FB94790FD8613BEA8D43BACDE2DE4418710
                                                                      Function 00007FF7D0E0B72C Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: 118586e5da2c2c5df0f31c9d882adbc8871ef55a971431e94d8a96148af0b72d
                                                                      • Instruction ID: 6242c542fd356850b78baa1adc8ce5dbe12bf51c7f80050ac42ef263b85f4d47
                                                                      • Opcode Fuzzy Hash: 118586e5da2c2c5df0f31c9d882adbc8871ef55a971431e94d8a96148af0b72d
                                                                      • Instruction Fuzzy Hash: 82D09E24B0860682EA187B715C9607DD2517F88B05FC4353FD81B163ABDE7CB4098320
                                                                      Function 00007FF7D0E19A7C Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RegQueryValueExW.KERNELBASE(?,?,?,?,?,00000000,?,00007FF7D0E1ADB9,?,?,?,?,PackageCache,WiX\Burn), ref: 00007FF7D0E19B25
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: QueryValue
                                                                      • String ID:
                                                                      • API String ID: 3660427363-0
                                                                      • Opcode ID: a64a5ef4644afd26a39ffb46d3ae2a1aa7cbad339d34b15aea17090be9bbd9d2
                                                                      • Instruction ID: 056d906c098327c3cba00695a467f18839705fbef41e698845a1528ec1fd6384
                                                                      • Opcode Fuzzy Hash: a64a5ef4644afd26a39ffb46d3ae2a1aa7cbad339d34b15aea17090be9bbd9d2
                                                                      • Instruction Fuzzy Hash: 85318032A08B4182E724AF19F48096DE395FB88790FD49136DA8D83768DF3CE4458B25
                                                                      Function 00007FF7D0E0B65D Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                      • String ID:
                                                                      • API String ID: 3947729631-0
                                                                      • Opcode ID: 6256f53ca04e45a470767ab099876bb17516bf02e3579ecd857cdc2fa85d8ce6
                                                                      • Instruction ID: 022cd07c760c2f0618d67056a2e65f7a3f9d022f96c851c9b335bf0c12ebcdc5
                                                                      • Opcode Fuzzy Hash: 6256f53ca04e45a470767ab099876bb17516bf02e3579ecd857cdc2fa85d8ce6
                                                                      • Instruction Fuzzy Hash: 3A219A32E146068AEB24AF74D4403BC73A0FB44718FC4263AD65C26BC9DF78E484CBA1
                                                                      Function 00007FF7D0E18A34 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E17E94: CloseHandle.KERNELBASE(?,?,?,?,00007FF7D0E18A3D,?,?,?,?,00007FF7D0DB9B13), ref: 00007FF7D0E17EBD
                                                                      • DeleteCriticalSection.KERNEL32(?,?,?,?,00007FF7D0DB9B13), ref: 00007FF7D0E18A4D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCriticalDeleteHandleSection
                                                                      • String ID:
                                                                      • API String ID: 1370521891-0
                                                                      • Opcode ID: 3972122421e57a6d6ed499a902b0d120fed6fd47b253657dadbc3f4465c40462
                                                                      • Instruction ID: 7cde75f0499656768fe130aa219de48633e7e1f2f5d2387d4fdf1ac2e72eb182
                                                                      • Opcode Fuzzy Hash: 3972122421e57a6d6ed499a902b0d120fed6fd47b253657dadbc3f4465c40462
                                                                      • Instruction Fuzzy Hash: A6016D29E2A52386FB55FB10F95473CA260AF60715FC039BBC48D417AD8FAC38488271
                                                                      Function 00007FF7D0E0E440 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: __vcrt_uninitialize_ptd
                                                                      • String ID:
                                                                      • API String ID: 1180542099-0
                                                                      • Opcode ID: fe93c9f3dae6367e2934335e3a96940a33db470144273d8a97dc67f1954e6c33
                                                                      • Instruction ID: d6d6d58b787744f24f52ca11d80f9232229f9eeb629931b895e3ac19fc4f0c97
                                                                      • Opcode Fuzzy Hash: fe93c9f3dae6367e2934335e3a96940a33db470144273d8a97dc67f1954e6c33
                                                                      • Instruction Fuzzy Hash: DAE0E260E1E10391F958BB3058820BC92543F253A4FE03A3BD47E623EBEE2C71465631
                                                                      Function 00007FF7D0E0E884 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(?,?,00000000,00007FF7D0E0E31A,?,?,?,00007FF7D0E0A7F5,?,?,?,?,00007FF7D0DB6E74), ref: 00007FF7D0E0E8D9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap
                                                                      • String ID:
                                                                      • API String ID: 4292702814-0
                                                                      • Opcode ID: 6816f070582a0aa4d523cefa68a651e2d594f7e8dc88d9f20504efd4beb997d1
                                                                      • Instruction ID: 6b228feefa76df4c7c9eb8823170bdb03e1d8ef2f7dc69d0adfc4be4b805d4f8
                                                                      • Opcode Fuzzy Hash: 6816f070582a0aa4d523cefa68a651e2d594f7e8dc88d9f20504efd4beb997d1
                                                                      • Instruction Fuzzy Hash: 8CF04954B0920781FE6C76A299012BCD2916F98BC0FCCA436D90EA63CDED6CB4819230
                                                                      Function 00007FF7D0DE6610 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle
                                                                      • String ID:
                                                                      • API String ID: 2962429428-0
                                                                      • Opcode ID: 65306c1bc02eaa31b320e4704995aa6286b217acbabccfd50aa651c1b362c6af
                                                                      • Instruction ID: 7c5ddadd2d8e23f1fe0f8b3f32c53ca6047db4ce7b401d6c47b6c0d065a13ccc
                                                                      • Opcode Fuzzy Hash: 65306c1bc02eaa31b320e4704995aa6286b217acbabccfd50aa651c1b362c6af
                                                                      • Instruction Fuzzy Hash: D3F0A461B25A0282EB585B21940072CB690FB48BB4FC8973BC67C433E4DE3CF4454310
                                                                      Function 00007FF7D0E17E94 Relevance: 1.3, APIs: 1, Instructions: 25COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CloseHandle.KERNELBASE(?,?,?,?,00007FF7D0E18A3D,?,?,?,?,00007FF7D0DB9B13), ref: 00007FF7D0E17EBD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle
                                                                      • String ID:
                                                                      • API String ID: 2962429428-0
                                                                      • Opcode ID: 351051fcdfc542b78d82e75e9d4a8f3ed6b9744f615abb6132e3ae73b979003e
                                                                      • Instruction ID: 81de2f4d0c7bfe2e2e532bae24d598d64a3cd1259e9b5b78571014410554e55b
                                                                      • Opcode Fuzzy Hash: 351051fcdfc542b78d82e75e9d4a8f3ed6b9744f615abb6132e3ae73b979003e
                                                                      • Instruction Fuzzy Hash: 71F03C29E1991340FA15FB65B85433CA2A0AF50730FC42BBBE47D42BE8CF6C78448271

                                                                      Non-executed Functions

                                                                      Function 00007FF7D0DDB24C Relevance: 256.9, APIs: 76, Strings: 70, Instructions: 1353stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString$lstrlen
                                                                      • String ID: Clean room command-line switch must be first argument on command-line.$Failed to allocate the list of ancestors.$Failed to allocate the list of dependencies to ignore.$Failed to copy append log file path.$Failed to copy last used source.$Failed to copy log file path.$Failed to copy parent.$Failed to copy path for layout directory.$Failed to copy source process path.$Failed to ensure size for secret args.$Failed to ensure size for unknown args.$Failed to initialize parent to none.$Failed to parse elevated connection.$Failed to parse embedded connection.$Failed to parse file handle: '%ls'$Failed to parse splash screen window: '%ls'$Failed to store the custom working directory.$Invalid switch: %ls$Missing required parameter for switch: %ls$Multiple mode command-line switches were provided.$Must specify a path for append log.$Must specify a path for log.$Must specify a path for original source.$Must specify a value for parent.$Must specify the elevated name, token and parent process id.$Must specify the embedded name, token and parent process id.$W$burn.$burn.ancestors$burn.clean.room$burn.elevated$burn.embedded$burn.engine.working.directory$burn.filehandle.attached$burn.filehandle.self$burn.ignoredependencies$burn.log.append$burn.log.mode$burn.passthrough$burn.related.addon$burn.related.chain.package$burn.related.dependent.addon$burn.related.dependent.patch$burn.related.detect$burn.related.patch$burn.related.update$burn.related.upgrade$burn.runonce$burn.splash.screen$burn.system.component$d:\a\wix4\wix4\src\burn\engine\core.cpp$disablesystemrestore$help$keepaupaused$layout$log$modify$noaupause$originalsource$package$parent$parent:none$passive$quiet$repair$silent$uninstall$unsafeuninstall$update$xlog
                                                                      • API String ID: 1657112622-2303107143
                                                                      • Opcode ID: fc14395ed4ec41f42face3e38396021dc52055173c1501288e88ed037f15334a
                                                                      • Instruction ID: de5b74eef18d1904c124b8d31df1e876e26809e17541977fed6897ef82442f72
                                                                      • Opcode Fuzzy Hash: fc14395ed4ec41f42face3e38396021dc52055173c1501288e88ed037f15334a
                                                                      • Instruction Fuzzy Hash: 9FD28F72A08642C6E720BF25E4406BDA6A5FB88768FD4223BD55D877A8DF3CF544C720
                                                                      Function 00007FF7D0DC47F8 Relevance: 179.6, APIs: 35, Strings: 67, Instructions: 1058COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$Compare$Free$Variant$ClearHeapInitProcess
                                                                      • String ID: ComponentId$Condition$DirectorySearch$DirectorySearch|FileSearch|RegistrySearch|MsiComponentSearch|MsiProductSearch|MsiFeatureSearch|ExtensionSearch|SetVariable$DisableFileRedirection$ExpandEnvironment$ExtensionId$ExtensionSearch$Failed to allocate memory for search structs.$Failed to find extension '%ls' for search '%ls'$Failed to get @ComponentId.$Failed to get @Condition.$Failed to get @ExpandEnvironment.$Failed to get @ExtensionId.$Failed to get @Id.$Failed to get @Path.$Failed to get @ProductCode or @UpgradeCode.$Failed to get @ProductCode.$Failed to get @Root.$Failed to get @Type.$Failed to get @UpgradeCode.$Failed to get @Value.$Failed to get @Variable.$Failed to get @VariableType.$Failed to get DisableFileRedirection attribute.$Failed to get Key attribute.$Failed to get Value attribute.$Failed to get Win64 attribute.$Failed to get next node.$Failed to get search node count.$Failed to select search nodes.$FileSearch$HKCR$HKCU$HKLM$HKU$Invalid value for @Root: %ls$Invalid value for @Type: %ls$Invalid value for @VariableType: %ls$Key$MsiComponentSearch$MsiProductSearch$Path$ProductCode$RegistrySearch$Root$SetVariable$Type$Unexpected element name: %ls$UpgradeCode$Value$Variable$VariableType$Win64$assignment$d:\a\wix4\wix4\src\burn\engine\search.cpp$directory$exists$formatted$keyPath$language$numeric$path$state$string$value$version
                                                                      • API String ID: 1017089093-2296787432
                                                                      • Opcode ID: 3dc0c97224cfa6b013c6ae1c2adfff102b22e6d3ed1add2691bcae90f4445704
                                                                      • Instruction ID: d3671944b123ab9bba0a54ac09910a9f3e1b8a85c9458925a108cfb76e14d90a
                                                                      • Opcode Fuzzy Hash: 3dc0c97224cfa6b013c6ae1c2adfff102b22e6d3ed1add2691bcae90f4445704
                                                                      • Instruction Fuzzy Hash: 1BB28031B08A4296EB10BF61D4806ADA7A1FB48748FD0653BCA0D9776CDF3CF58587A4
                                                                      Function 00007FF7D0DCC5C8 Relevance: 112.7, APIs: 3, Strings: 61, Instructions: 681COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: StringVariant$AllocClearFreeInit
                                                                      • String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @InProgressDisplayName.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$InProgressDisplayName$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Registration$Tag$Update$UpdateUrl$Version$button$d:\a\wix4\wix4\src\burn\engine\registration.cpp$yes
                                                                      • API String ID: 760788290-4015652564
                                                                      • Opcode ID: 1170f1058f20d4f206ea7fa92fd00be57f01d0b6b6755a7fd3302ca0ccbf4cef
                                                                      • Instruction ID: 6bd95db2ea7ad5c7bf0fd3e846f49632d206da743ae23b3fdddce237c361b633
                                                                      • Opcode Fuzzy Hash: 1170f1058f20d4f206ea7fa92fd00be57f01d0b6b6755a7fd3302ca0ccbf4cef
                                                                      • Instruction Fuzzy Hash: 51623461B08A0395EA14BB6594802BDE661BB88744FD03437D60D877A9DFBCF949C3A4
                                                                      Function 00007FF7D0DE93B4 Relevance: 102.2, APIs: 2, Strings: 56, Instructions: 731COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CloseHandle.KERNEL32 ref: 00007FF7D0DE9F27
                                                                        • Part of subcall function 00007FF7D0DE9224: RegCloseKey.ADVAPI32(?,?,00000000,?,?,?,?,00007FF7D0DE9567), ref: 00007FF7D0DE9392
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close$Handle
                                                                      • String ID: %ls$ -%ls$ -%ls=%ls$ -%ls=ALL$ -disablesystemrestore$ -quiet$"%ls"$%ls %ls$-repair$-uninstall$Failed to allocate base command.$Failed to allocate obfuscated bundle command.$Failed to append %ls$Failed to append argument from ARP.$Failed to append disable system restore.$Failed to append operation argument.$Failed to append quiet argument.$Failed to append relation type argument.$Failed to append the custom working directory to the bundlepackage command line.$Failed to append the list of ancestors to the command line.$Failed to append the list of dependencies to ignore to the command line.$Failed to append the parent switch to the command line.$Failed to append the parent to the command line.$Failed to build executable path.$Failed to copy executable path.$Failed to copy package arguments.$Failed to evaluate bundle package command-line condition.$Failed to format argument string.$Failed to format obfuscated argument string.$Failed to get cached path for package: %ls$Failed to get cached path for related bundle: %ls$Failed to get command-line argument for install.$Failed to get command-line argument for repair.$Failed to get command-line argument for uninstall.$Failed to get parent directory for QuietUninstallString executable path: %ls$Failed to parse QuietUninstallString: %ls.$Failed to query ARP for uninstall.$Failed to run BUNDLE process$Failed to run bundle as embedded from path: %ls$Failed to separate command-line arguments.$Failed to verify the QuietUninstallString executable path is in a secure location: %ls$Invalid Bundle package action: %d.$Process returned error: 0x%x$QuietUninstallString is null.$QuietUninstallString must contain an executable path.$Related bundles must have a fully qualified target path.$The QuietUninstallString executable path is not in a secure location: %ls$The only supported action when the cache is not available is UNINSTALL.$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$burn.ancestors$burn.filehandle.self$burn.ignoredependencies$burn.system.component$d:\a\wix4\wix4\src\burn\engine\bundlepackageengine.cpp$parent
                                                                      • API String ID: 187904097-2509892201
                                                                      • Opcode ID: 43d4a0b7ae3e3ab29b15711caacff0180075177611a256c967ea91f13d3bb872
                                                                      • Instruction ID: 64bd0148a30af603b5999719ab19b2b24d22ecad788df4f79a3cb38b7a3bb250
                                                                      • Opcode Fuzzy Hash: 43d4a0b7ae3e3ab29b15711caacff0180075177611a256c967ea91f13d3bb872
                                                                      • Instruction Fuzzy Hash: 5B728B22A09A4386EB14FF21E4802AEE365EB84784FD02137DA8D8779DDF7CF5058760
                                                                      Function 00007FF7D0DEBA3C Relevance: 89.9, APIs: 2, Strings: 49, Instructions: 692COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle_cwprintf_s_l
                                                                      • String ID: -%ls$ -%ls=%ls$ -%ls=ALL$ -norestart$"%ls"$%ls %ls$Failed to allocate base command.$Failed to allocate obfuscated exe command.$Failed to append %ls$Failed to append argument from ARP.$Failed to append norestart argument.$Failed to append the custom working directory to the exepackage command line.$Failed to append the list of ancestors to the command line.$Failed to append the list of dependencies to ignore to the command line.$Failed to append the relation type to the command line.$Failed to build executable path.$Failed to copy executable path.$Failed to copy package arguments.$Failed to evaluate executable package command-line condition.$Failed to format argument string.$Failed to format obfuscated argument string.$Failed to get cached path for package: %ls$Failed to get command-line argument for install.$Failed to get command-line argument for repair.$Failed to get command-line argument for uninstall.$Failed to get parent directory for QuietUninstallString executable path: %ls$Failed to get parent directory for pseudo-package: %ls$Failed to parse QuietUninstallString: %ls.$Failed to query ArpEntry for %hs.$Failed to run EXE process$Failed to run exe with Burn protocol from path: %ls$Failed to run netfx chainer: %ls$Failed to separate command-line arguments.$Failed to verify the QuietUninstallString executable path is in a secure location: %ls$Invalid Exe package action: %d.$Process returned error: 0x%x$Pseudo ExePackages must have a fully qualified target path.$QuietUninstallString is null.$QuietUninstallString must contain an executable path.$The QuietUninstallString executable path is not in a secure location: %ls$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$burn.ancestors$burn.filehandle.self$burn.ignoredependencies$burn.related.chain.package$d:\a\wix4\wix4\src\burn\engine\exeengine.cpp$install$uninstall
                                                                      • API String ID: 801792519-2088893599
                                                                      • Opcode ID: a9e23997a310b4bd5775e58ffa0a35309a4c5569d3e78c50f8786eaccdc866e9
                                                                      • Instruction ID: 571e14609f4b70eef291ffa46e63e9c3643f2fc8db3de0e0cd395fb4d06e6cc1
                                                                      • Opcode Fuzzy Hash: a9e23997a310b4bd5775e58ffa0a35309a4c5569d3e78c50f8786eaccdc866e9
                                                                      • Instruction Fuzzy Hash: 68627E32B08A4296EB14EB65E4405BEA3A1EB84794FD02137DA8D87B9DDF3CF505C760
                                                                      Function 00007FF7D0DC2284 Relevance: 79.4, APIs: 2, Strings: 43, Instructions: 614COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E1E988: VariantInit.OLEAUT32 ref: 00007FF7D0E1E9B6
                                                                        • Part of subcall function 00007FF7D0E1E988: VariantClear.OLEAUT32 ref: 00007FF7D0E1EB19
                                                                        • Part of subcall function 00007FF7D0E1E988: SysFreeString.OLEAUT32 ref: 00007FF7D0E1EB27
                                                                      • CompareStringW.KERNEL32(?,?,?,?,?,?,?,00007FF7D0DC91FF), ref: 00007FF7D0DC24D2
                                                                      • CompareStringW.KERNEL32(?,?,?,?,?,?,?,00007FF7D0DC91FF), ref: 00007FF7D0DC24FE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$CompareVariant$ClearFreeInit
                                                                      • String ID: @Container is required for embedded payload.$CertificateRootPublicKeyIdentifier$CertificateRootThumbprint$Container$DownloadUrl$Failed to add payload to container dictionary.$Failed to add payload to payloads dictionary.$Failed to allocate memory for layout payloads.$Failed to allocate memory for payload structs.$Failed to create dictionary for container payloads.$Failed to create dictionary for payloads.$Failed to find container: %ls$Failed to get @CertificateRootPublicKeyIdentifier.$Failed to get @CertificateRootThumbprint.$Failed to get @Container.$Failed to get @DownloadUrl.$Failed to get @FilePath.$Failed to get @FileSize.$Failed to get @Hash.$Failed to get @Id.$Failed to get @LayoutOnly.$Failed to get @Packaging.$Failed to get @SourcePath.$Failed to get next node.$Failed to get payload node count.$Failed to hex decode @CertificateRootPublicKeyIdentifier.$Failed to hex decode @CertificateRootThumbprint.$Failed to hex decode the Payload/@Hash.$Failed to parse @FileSize.$Failed to select payload nodes.$File size is required when verifying by hash for payload: %ls$FilePath$FileSize$Hash$Invalid value for @Packaging: %ls$LayoutOnly$Packaging$Payload$SourcePath$There was no verification information for payload: %ls$d:\a\wix4\wix4\src\burn\engine\payload.cpp$embedded$external
                                                                      • API String ID: 1311288327-2408702627
                                                                      • Opcode ID: 5fa59fbc48b2a1792706025eff86d56aed105aeda486125f440f35ba33919bd0
                                                                      • Instruction ID: de3171787f5b18781a39a3c0222754e7283d7237b786f7f61fcf70c3b83b97de
                                                                      • Opcode Fuzzy Hash: 5fa59fbc48b2a1792706025eff86d56aed105aeda486125f440f35ba33919bd0
                                                                      • Instruction Fuzzy Hash: F8428D21B18B0386EB10BF65D4802BEA7A4AB48B44FC46037DA0D9779DDE3CF945C7A4
                                                                      Function 00007FF7D0E2AA50 Relevance: 79.2, APIs: 13, Strings: 32, Instructions: 475COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0DB6828: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7D0DB2158,?,?,?,?,?,?,00000000,00007FF7D0DB1F49,?,?,?,00000000), ref: 00007FF7D0DB683C
                                                                      • SysFreeString.OLEAUT32 ref: 00007FF7D0E2B16D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeHeapProcessString
                                                                      • String ID: Failed to allocate ATOM feed authors.$Failed to allocate ATOM feed categories.$Failed to allocate ATOM feed entries.$Failed to allocate ATOM feed generator.$Failed to allocate ATOM feed icon.$Failed to allocate ATOM feed id.$Failed to allocate ATOM feed links.$Failed to allocate ATOM feed logo.$Failed to allocate ATOM feed structure.$Failed to allocate ATOM feed subtitle.$Failed to allocate ATOM feed title.$Failed to allocate ATOM feed updated.$Failed to find required feed/id element.$Failed to find required feed/title element.$Failed to find required feed/updated element.$Failed to get child nodes of ATOM feed element.$Failed to parse ATOM author.$Failed to parse ATOM category.$Failed to parse ATOM entry.$Failed to parse ATOM link.$Failed to parse unknown ATOM feed element: %ls$author$category$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp$entry$generator$icon$link$logo$subtitle$title$updated
                                                                      • API String ID: 8073737-3675139366
                                                                      • Opcode ID: 5f1c499add2234a2a688b8578068f91b700d0ade658d57f3f7d6345e51723469
                                                                      • Instruction ID: efad2b66d49b3c1e88541f77f662b179fee7ef8ea8773585662d310e973fd857
                                                                      • Opcode Fuzzy Hash: 5f1c499add2234a2a688b8578068f91b700d0ade658d57f3f7d6345e51723469
                                                                      • Instruction Fuzzy Hash: 7A223D71A08A4296EB20BF36D8901AEB7A1FB48794BC4213BD64C87768DF3CF555C750
                                                                      Function 00007FF7D0E2A3AC Relevance: 70.4, APIs: 11, Strings: 29, Instructions: 423COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeString
                                                                      • String ID: Cannot have two content elements in ATOM entry.$Failed to allocate ATOM entry authors.$Failed to allocate ATOM entry categories.$Failed to allocate ATOM entry content.$Failed to allocate ATOM entry id.$Failed to allocate ATOM entry links.$Failed to allocate ATOM entry published.$Failed to allocate ATOM entry summary.$Failed to allocate ATOM entry title.$Failed to allocate ATOM entry updated.$Failed to find required feed/entry/id element.$Failed to find required feed/entry/title element.$Failed to find required feed/entry/updated element.$Failed to get child nodes of ATOM entry element.$Failed to parse ATOM entry author.$Failed to parse ATOM entry category.$Failed to parse ATOM entry content.$Failed to parse ATOM entry link.$Failed to parse unknown ATOM entry element: %ls$Failed to process all ATOM entry elements.$author$category$content$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp$link$published$summary$title$updated
                                                                      • API String ID: 3341692771-2592745375
                                                                      • Opcode ID: 6a0daaf6130e23b9235925afa567c147a560c7eba3eeb6340082e00d1bccd2b1
                                                                      • Instruction ID: 6ffba3758dd00860068fca61a44ca529f417d37d5ead8871b0f19ecd5ce82887
                                                                      • Opcode Fuzzy Hash: 6a0daaf6130e23b9235925afa567c147a560c7eba3eeb6340082e00d1bccd2b1
                                                                      • Instruction Fuzzy Hash: 5E124E31A08A4296EB24BF36E4801AEB7A5FB88744BD4613BD64D83B68DF3CF545C750
                                                                      Function 00007FF7D0E1B9E0 Relevance: 58.1, APIs: 21, Strings: 12, Instructions: 337COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CreateKnownWell$DescriptorFreeInitializeLocalSecurity
                                                                      • String ID: Failed to create ACL for system restore.$Failed to create administrator SID for system restore.$Failed to create local service SID for system restore.$Failed to create local system SID for system restore.$Failed to create network service SID for system restore.$Failed to create self SID for system restore.$Failed to initialize COM security for system restore.$Failed to initialize security descriptor for system restore.$Failed to set DACL for system restore.$Failed to set administrators group access for system restore.$Failed to set administrators owner for system restore.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\srputil.cpp
                                                                      • API String ID: 2188021893-1154305825
                                                                      • Opcode ID: 94f7c7f0271402e1d888e12ff441a357b94870033cb95f34f7b40c2ab66478f4
                                                                      • Instruction ID: fb2abccea048a05af6418714cae11fd373d0bee0724e8640b3a4b2d5b32ef852
                                                                      • Opcode Fuzzy Hash: 94f7c7f0271402e1d888e12ff441a357b94870033cb95f34f7b40c2ab66478f4
                                                                      • Instruction Fuzzy Hash: A3F13822B18B929AE710EF75D8806ADA3A4FB44704FC0213BD94D93B99EF7CE505C764
                                                                      Function 00007FF7D0E2C364 Relevance: 54.6, APIs: 9, Strings: 22, Instructions: 344COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00007FF7D0E2CA6D,?,?,?,?,?,00007FF7D0DF9690), ref: 00007FF7D0E2C3BD
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00007FF7D0E2CA6D,?,?,?,?,?,00007FF7D0DF9690), ref: 00007FF7D0E2C3E9
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00007FF7D0E2CA6D,?,?,?,?,?,00007FF7D0DF9690), ref: 00007FF7D0E2C434
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00007FF7D0E2CA6D,?,?,?,?,?,00007FF7D0DF9690), ref: 00007FF7D0E2C4B5
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00007FF7D0E2CA6D,?,?,?,?,?,00007FF7D0DF9690), ref: 00007FF7D0E2C504
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00007FF7D0E2CA6D,?,?,?,?,?,00007FF7D0DF9690), ref: 00007FF7D0E2C581
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00007FF7D0E2CA6D,?,?,?,?,?,00007FF7D0DF9690), ref: 00007FF7D0E2C5A9
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,00000000,00000000,00007FF7D0E2CA6D,?,?,?,?,?,00007FF7D0DF9690), ref: 00007FF7D0E2C5E3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: Failed to allocate application identity.$Failed to allocate application summary.$Failed to allocate application title.$Failed to allocate application type.$Failed to allocate content type.$Failed to allocate content.$Failed to allocate enclosures for application update entry.$Failed to allocate upgrade id.$Failed to compare version to upgrade version.$Failed to parse enclosure.$Failed to parse upgrade version string '%ls' from ATOM entry.$Failed to parse version string '%ls' from ATOM entry.$Upgrade version is greater than or equal to application version.$application$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apuputil.cpp$enclosure$exclusive$http://appsyndication.org/2006/appsyn$true$type$upgrade$version
                                                                      • API String ID: 1825529933-937056351
                                                                      • Opcode ID: 23ea699e5599f4fe506c16e70333afe659531e457d8e6be03ae07f3ab97b0e9d
                                                                      • Instruction ID: de8f82c1b04b76fabb4c981399e108a8ed82f16aa43655dbf3813d8eee39d6c8
                                                                      • Opcode Fuzzy Hash: 23ea699e5599f4fe506c16e70333afe659531e457d8e6be03ae07f3ab97b0e9d
                                                                      • Instruction Fuzzy Hash: 4AF18D71B08A4296EB24FB36D4406AEA7A0FB58784FD06537CA0D43B68EF3CF5448760
                                                                      Function 00007FF7D0DEF1E4 Relevance: 40.9, APIs: 2, Strings: 21, Instructions: 633COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: BA aborted detect MSI feature.$BA aborted detect compatible MSI package.$BA aborted detect related MSI package.$Failed to compare related installed version '%ls' to related max version: '%ls'$Failed to compare related installed version '%ls' to related min version: '%ls'$Failed to compare version '%ls' to dependency version: '%ls'$Failed to compare version '%ls' to installed version: '%ls'$Failed to detect compatible package for MSI package.$Failed to detect dependencies for MSI package.$Failed to enum related products.$Failed to get product information for ProductCode: %ls$Failed to get version for product in machine context: %ls$Failed to get version for product in user unmanaged context: %ls$Failed to parse dependency version: '%ls' for ProductCode: %ls$Failed to parse installed version: '%ls' for ProductCode: %ls$Failed to parse related installed version: '%ls' for ProductCode: %ls$Failed to query feature state.$Invalid state value.$Language$VersionString$d:\a\wix4\wix4\src\burn\engine\msiengine.cpp
                                                                      • API String ID: 1825529933-4240161938
                                                                      • Opcode ID: 0123d77c6365f2c4257f757a9fc96eb2d8538189ded58550cc1b67182254bd5d
                                                                      • Instruction ID: 332fcfdf676a135f986b07032a608bc0880c0db54eeb597fe17c63e965f5fb1a
                                                                      • Opcode Fuzzy Hash: 0123d77c6365f2c4257f757a9fc96eb2d8538189ded58550cc1b67182254bd5d
                                                                      • Instruction Fuzzy Hash: 20525C32B08A4296F718AB66D4503AEB3A1FB48748FD02137DA8D97B99DF3CF4158750
                                                                      Function 00007FF7D0DD0488 Relevance: 38.7, APIs: 10, Strings: 12, Instructions: 236pipeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CloseCreateFreeHandleLocalNamedPipe
                                                                      • String ID: D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGW0x00100000;;;WD)$Failed to allocate full name of cache pipe: %ls$Failed to allocate full name of logging pipe: %ls$Failed to allocate full name of pipe: %ls$Failed to create cache pipe: %ls$Failed to create logging pipe: %ls$Failed to create pipe: %ls$Failed to create the security descriptor for the connection event and pipe.$\\.\pipe\%ls$\\.\pipe\%ls.Cache$\\.\pipe\%ls.Log$d:\a\wix4\wix4\src\burn\engine\pipe.cpp
                                                                      • API String ID: 1815745246-2819417629
                                                                      • Opcode ID: 567f2d78391e832f954883df963d1b3695d9fe8fd18bacc2e23b07cc27e715f0
                                                                      • Instruction ID: 17ab4c79fcfe6abd0cf16fde3de0e4eda1654e865f353e198e987bf485dddcab
                                                                      • Opcode Fuzzy Hash: 567f2d78391e832f954883df963d1b3695d9fe8fd18bacc2e23b07cc27e715f0
                                                                      • Instruction Fuzzy Hash: ECB18431B14B4286E710EF26E8807ADAAA4FB84794FD01237DA5D83798DF3CE515C764
                                                                      Function 00007FF7D0E173D0 Relevance: 38.7, APIs: 14, Strings: 8, Instructions: 195encryptionCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CryptErrorLast$Hash$Context$AcquireCreateDestroyFileParamPointerRelease
                                                                      • String ID: @$Failed to acquire crypto context.$Failed to get file pointer.$Failed to get hash value.$Failed to hash data block.$Failed to initiate hash.$Failed to read data block.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\cryputil.cpp
                                                                      • API String ID: 1716956426-2527826350
                                                                      • Opcode ID: 22613951719ddfd963dcee3be013201e57e4ca8e0c656bdd42f3a2475839783b
                                                                      • Instruction ID: 15b0b7957e22a1da272d1ea1e9f4118285bed346f124d1bd0acbbfcb50388f82
                                                                      • Opcode Fuzzy Hash: 22613951719ddfd963dcee3be013201e57e4ca8e0c656bdd42f3a2475839783b
                                                                      • Instruction Fuzzy Hash: FF81B622F1466286F760FB26980077EA6A5BB84B90FC1513BDC4DD3798DF3CE90587A4
                                                                      Function 00007FF7D0E258AC Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 225registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: Failed to delete the dependency "%ls".$Failed to delete the dependent "%ls" under the dependency "%ls".$Failed to delete the dependents subkey under the dependency "%ls".$Failed to get the number of dependent subkeys under the dependency "%ls".$Failed to get the number of values under the dependency "%ls".$Failed to open root registry key "%ls".$Failed to open the dependents subkey under the dependency "%ls".$Failed to open the registry key for the dependency "%ls".$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp
                                                                      • API String ID: 3535843008-1164676106
                                                                      • Opcode ID: e6a2305cca7a45b19b3295ae99d4983dd04fbbf6fa31e0a871c2e7bce3577cd4
                                                                      • Instruction ID: 0d57089ffcb5f637d1fb8c5a0091b335587ed0bdf201b7b226824694bead08b4
                                                                      • Opcode Fuzzy Hash: e6a2305cca7a45b19b3295ae99d4983dd04fbbf6fa31e0a871c2e7bce3577cd4
                                                                      • Instruction Fuzzy Hash: 9CA16E22B18703C6FB10BBB1D5957BEA2A4AB44358FD4653BD91D86B8CDF7CF44482A0
                                                                      Function 00007FF7D0DF8184 Relevance: 21.7, Strings: 17, Instructions: 443COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: BA aborted plan restore related bundle.$Failed to add to plan related bundle: %ls$Failed to allocate the custom working directory.$Failed to allocate the list of ancestors.$Failed to allocate the list of dependencies to ignore.$Failed to append restore related bundle action to plan.$Failed to begin plan dependency actions for related bundle package: %ls$Failed to begin plan dependency actions to package: %ls$Failed to calculate plan for related bundle: %ls$Failed to check the dictionary for a related bundle provider key: "%ls".$Failed to complete plan dependency actions for related bundle package: %ls$Failed to copy the list of dependencies to ignore.$Failed to create dictionary for planned packages.$Failed to get the list of dependencies to ignore.$Failed to grow plan's array of restore related bundle actions.$Failed to plan related bundle package provider actions.$d:\a\wix4\wix4\src\burn\engine\plan.cpp
                                                                      • API String ID: 0-2008653302
                                                                      • Opcode ID: 99fb9671b880673ce46979269a9774a41e386a632474ad8ab5a0102e74933644
                                                                      • Instruction ID: 148c4deea3380c9adadc090a99123a939bcada4a79602fed82851539243927b2
                                                                      • Opcode Fuzzy Hash: 99fb9671b880673ce46979269a9774a41e386a632474ad8ab5a0102e74933644
                                                                      • Instruction Fuzzy Hash: E612AF32B086C28AE764AB25D44466EABA5FB44784FE0A137DA0D8779CDF3CF454C721
                                                                      Function 00007FF7D0DD2D04 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 196fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseCreateDecryptErrorHandleLast
                                                                      • String ID: Failed to open payload at path: %ls$Failed to verify file size for path: %ls$Failed to verify hash of payload: %ls$Failed to verify signature of payload: %ls$Payload has no verification information: %ls$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 3262865546-780857860
                                                                      • Opcode ID: abded6e9017ba37770e36fdd553d77e2cd04b53b83577b230120874c7b3e405d
                                                                      • Instruction ID: 05b29259b04dbb4e052d6f6983301b4aeb63bf478291b29d405ce6cdbc4c7ea2
                                                                      • Opcode Fuzzy Hash: abded6e9017ba37770e36fdd553d77e2cd04b53b83577b230120874c7b3e405d
                                                                      • Instruction Fuzzy Hash: 9591B131608B4186E720AB22E48066EB7A4FB88B90FD45237EA5D43B9CDF3CE5118760
                                                                      Function 00007FF7D0DBB140 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 137COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLibrary
                                                                      • String ID: Failed to get OS info.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3664257935-2618661516
                                                                      • Opcode ID: 2db4bdd0001c59e4aa0796259fda7b12461a35bfaf5bde8f15e37dba9e5f5281
                                                                      • Instruction ID: a996d5786cf828ae5ec8498db0e486f99a4ac24163d5dd7c0ba11c3ff0d31178
                                                                      • Opcode Fuzzy Hash: 2db4bdd0001c59e4aa0796259fda7b12461a35bfaf5bde8f15e37dba9e5f5281
                                                                      • Instruction Fuzzy Hash: 7F51B232A1C74695EB50AB66E4841BEABA0FB49B94FC4203BE94D4779CDE7CF400C724
                                                                      Function 00007FF7D0DD2AEC Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 129fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: File$CloseCreateDecryptErrorHandleLast
                                                                      • String ID: Container has no verification information: %ls$Failed to open container at path: %ls$Failed to verify hash of container: %ls$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 3262865546-1184176504
                                                                      • Opcode ID: 24a412ccc0ef1239b780796da86287080f7e8b631e6ac81e8144fb993cdab716
                                                                      • Instruction ID: 4692b37820f8c69978b59e14758bde1095d62a565de07c31dea73e2943254ecb
                                                                      • Opcode Fuzzy Hash: 24a412ccc0ef1239b780796da86287080f7e8b631e6ac81e8144fb993cdab716
                                                                      • Instruction Fuzzy Hash: F9519F31B18B4186E710AF16E4807AEB6A0FB94BA0FD4523BDA5D43798CF3DE5518724
                                                                      Function 00007FF7D0DFEAC0 Relevance: 14.0, Strings: 11, Instructions: 271COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: BA aborted cache acquire begin.$BA aborted cache payload verify begin.$BA aborted cache verify begin.$Failed to concat layout path for bundle.$Failed to copy bundle from: '%ls' to: '%ls'$Failed to determine if layout bundle path was equivalent with current process path.$Failed to get path to bundle source process path to layout.$Failed to get path to bundle to layout.$Failed to layout bundle: %ls to layout directory: %ls$WixBundleSourceProcessPath$d:\a\wix4\wix4\src\burn\engine\apply.cpp
                                                                      • API String ID: 3168844106-2818923931
                                                                      • Opcode ID: aeff11caee7e49cee3f7816165ed23714ee8048dd8b32afb96f06f610184c66b
                                                                      • Instruction ID: 57d7818b9d43887415e4f084b786d9e5a0aa2956a7a8adedef68564975e04661
                                                                      • Opcode Fuzzy Hash: aeff11caee7e49cee3f7816165ed23714ee8048dd8b32afb96f06f610184c66b
                                                                      • Instruction Fuzzy Hash: 1DC18122B08A529EF710EB61D4903BEA6A1AB44748FC06137EE0D57B9DDF3CF1158760
                                                                      Function 00007FF7D0E042EC Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 3140674995-0
                                                                      • Opcode ID: f0cf7bd9e4cc2a76a56b3a9d04e710952a6c06f4d5dee41621f74f624ae6ed04
                                                                      • Instruction ID: 0a0c745480d41c89d8dbb554fcb16c87f3518bc751b0549c0b2949b207b6d7fe
                                                                      • Opcode Fuzzy Hash: f0cf7bd9e4cc2a76a56b3a9d04e710952a6c06f4d5dee41621f74f624ae6ed04
                                                                      • Instruction Fuzzy Hash: 20315EB6608A81C6EB60AF61E8407EDB364FB44744F84513ADA4E57B98DF38E548C720
                                                                      Function 00007FF7D0E0A42C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                      • String ID:
                                                                      • API String ID: 1239891234-0
                                                                      • Opcode ID: dd397338ec1154c038745e4b552c8848acb7150cb8a925169b08ec19b4cfdff6
                                                                      • Instruction ID: eee416b9bbe529a1e96478b2196b24825ef2328ab347dc93aa72e25490dd86ce
                                                                      • Opcode Fuzzy Hash: dd397338ec1154c038745e4b552c8848acb7150cb8a925169b08ec19b4cfdff6
                                                                      • Instruction Fuzzy Hash: 6B317F36618B8185DB60EB35E8402AEB3A4FB85754F941136EA9D43BA8DF38E145CB10
                                                                      Function 00007FF7D0DD3CF8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 110fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$AttributesCloseErrorFirstLastNext
                                                                      • String ID: *.*$.unverified
                                                                      • API String ID: 3458812364-2528915496
                                                                      • Opcode ID: 4a8e7f2a7680de46b6cc48bda4a67e9328f75981387718c49c72c47957acdb4a
                                                                      • Instruction ID: df0eca82108a3d9ce5b0636683211f5726f00aeb1b2edd4f0f7aca0f8726d807
                                                                      • Opcode Fuzzy Hash: 4a8e7f2a7680de46b6cc48bda4a67e9328f75981387718c49c72c47957acdb4a
                                                                      • Instruction Fuzzy Hash: D1415E22A1968241EA20FB61E4502FEE361EF85794FC42237EA9E467DDDF7CF4458720
                                                                      Function 00007FF7D0E0E914 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                      • String ID:
                                                                      • API String ID: 2227656907-0
                                                                      • Opcode ID: 9569b9c0d11f0f413ef65a1dff9195b99827b5b19e9f0eb0b95eec3e638f3f1f
                                                                      • Instruction ID: 23c8d9c2cbdb4c3f6d3d1aa13067a4089d08c4d4528b44f155617d0e3ed2b750
                                                                      • Opcode Fuzzy Hash: 9569b9c0d11f0f413ef65a1dff9195b99827b5b19e9f0eb0b95eec3e638f3f1f
                                                                      • Instruction Fuzzy Hash: F3B19322B1869241EA61BB2594146BDE361FB84BE4FC46133EE5E67BCDDE3CF4418720
                                                                      Function 00007FF7D0DD4460 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDecryptDirectoryErrorFileLast
                                                                      • String ID: Failed create acquisition folder.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 4153065963-4185204549
                                                                      • Opcode ID: 522be6c2ee30eef2628078b4dc2b47784333a04296878ecfcfd5c84f5e137d4d
                                                                      • Instruction ID: fb8b9198e5b2121dddf294f8e592dfa697da3201f5ab7dfb43ae0de575d3bd79
                                                                      • Opcode Fuzzy Hash: 522be6c2ee30eef2628078b4dc2b47784333a04296878ecfcfd5c84f5e137d4d
                                                                      • Instruction Fuzzy Hash: 41F0F622B0864283E710AB22E4812AEE760FB84784FD45037DA4C43728DF3CF4518710
                                                                      Function 00007FF7D0E11830 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: memcpy_s
                                                                      • String ID:
                                                                      • API String ID: 1502251526-0
                                                                      • Opcode ID: cc81cd3ac1b567683db4a9a378c90754975d486612a1ac658515e2d66ad77290
                                                                      • Instruction ID: 53fcbf75cbf86599adbdaa4f426f4bd2cf528cdeeb5e89948e499958b42443a2
                                                                      • Opcode Fuzzy Hash: cc81cd3ac1b567683db4a9a378c90754975d486612a1ac658515e2d66ad77290
                                                                      • Instruction Fuzzy Hash: 9CC1E572B1968687E724AF19E04466EF791F784B84FC4A176DB4A83748DB3DF801CB50
                                                                      Function 00007FF7D0E16398 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionRaise_clrfp
                                                                      • String ID:
                                                                      • API String ID: 15204871-0
                                                                      • Opcode ID: 62a65e8e68d52042a0e1946782109eadefa1f3f61b0d6ee731664c0ed1f695e5
                                                                      • Instruction ID: 2d56660c8eeefc872047a28eb247713a194db98415c953404ca6aedecc35cfb7
                                                                      • Opcode Fuzzy Hash: 62a65e8e68d52042a0e1946782109eadefa1f3f61b0d6ee731664c0ed1f695e5
                                                                      • Instruction Fuzzy Hash: 11B19F73600B848BEB15EF29C48636C7BE0F744B48F95896ADB5D837A8CB39E451C721
                                                                      Function 00007FF7D0E18ABC Relevance: 3.1, APIs: 2, Instructions: 57memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateCheckCloseInitializeMembershipToken
                                                                      • String ID:
                                                                      • API String ID: 2114926846-0
                                                                      • Opcode ID: 2c7e5a13d1e94c4e3565b7f35be88a2e015ee182f0c09b989adbff9ec687ad3f
                                                                      • Instruction ID: 0471572b7ec74828c9e4ef1eea8e355b043288ee8290526cdae82a6cf0f6b640
                                                                      • Opcode Fuzzy Hash: 2c7e5a13d1e94c4e3565b7f35be88a2e015ee182f0c09b989adbff9ec687ad3f
                                                                      • Instruction Fuzzy Hash: 35216BB6A0860189E720AF62E4406AEF7F4FB84784F80553BDA4C93B58CF7CE1408B60
                                                                      Function 00007FF7D0E22798 Relevance: 3.0, APIs: 2, Instructions: 38fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Find$CloseFileFirst
                                                                      • String ID:
                                                                      • API String ID: 2295610775-0
                                                                      • Opcode ID: e0d6984bcc9757d2926cda4b2d61a9e377d07a2c4eda70cd5c0a03789cefe777
                                                                      • Instruction ID: 7363731633d6221d37c7d64eea73c226045d049441d974c20399f6573cdfb0e7
                                                                      • Opcode Fuzzy Hash: e0d6984bcc9757d2926cda4b2d61a9e377d07a2c4eda70cd5c0a03789cefe777
                                                                      • Instruction Fuzzy Hash: 4B018436B0864181EA74FB35E44426DA3A0FB88BA4FC45236D9AD47B89CF7CE5068B10
                                                                      Function 00007FF7D0E094A0 Relevance: 2.8, Strings: 2, Instructions: 350COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $
                                                                      • API String ID: 0-227171996
                                                                      • Opcode ID: 329c1cafed81ea7fb3e0d374ec61d91405ddcb2724f8b376174e0f80c7b4a995
                                                                      • Instruction ID: 8833b4895f1ff539dd3bf478bf054bd5ca2922b8221405e2fadba02b46d271bd
                                                                      • Opcode Fuzzy Hash: 329c1cafed81ea7fb3e0d374ec61d91405ddcb2724f8b376174e0f80c7b4a995
                                                                      • Instruction Fuzzy Hash: 4EE1E372A1864282EB69BE25945013DB3A0FF45B48FD46237DA4E2779CDF7AF841C720
                                                                      Function 00007FF7D0DE8180 Relevance: .6, Instructions: 574COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c5bd680396472452cf544b22d0b8cdbc9226a7d8252b8d1b8dd7f91ab9b7df97
                                                                      • Instruction ID: 94e3a3abcd2a0625bb2999e23f8830f0d39dff316101b2130a4488d92c7808b5
                                                                      • Opcode Fuzzy Hash: c5bd680396472452cf544b22d0b8cdbc9226a7d8252b8d1b8dd7f91ab9b7df97
                                                                      • Instruction Fuzzy Hash: C7226E61F08A5342E65CF62BC92017E9291FF84B80BD0A033CB5D97B6FDE29F851D661
                                                                      Function 00007FF7D0DE7D10 Relevance: .2, Instructions: 243COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2427ced06a07de4687e9315ff2356bdd9c2d94174fe9b6913b1fcd61a2815984
                                                                      • Instruction ID: 598c263901418586909990dbdfc1f4dd261650ec961c88575b55d58b54c035db
                                                                      • Opcode Fuzzy Hash: 2427ced06a07de4687e9315ff2356bdd9c2d94174fe9b6913b1fcd61a2815984
                                                                      • Instruction Fuzzy Hash: E0A11B72B0860281F65CBA67C5101BEA392FF84B84BD4A433CB5D57B9EDE29F855D220
                                                                      Function 00007FF7D0E0D77C Relevance: .2, Instructions: 198COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 25e8e40c479a1db29b81c02b322a209602ca22b4a94111bdb6f8812a63089a74
                                                                      • Instruction ID: cfd9b3ca89c0a48cc436bb7ffcc34bbfa046cf67cb311b60440560cc34e6574e
                                                                      • Opcode Fuzzy Hash: 25e8e40c479a1db29b81c02b322a209602ca22b4a94111bdb6f8812a63089a74
                                                                      • Instruction Fuzzy Hash: 4B81B472E0C78145E764EB19944036EFA91FB86794FD4A236EA8D53B9DDE3CF4408B20
                                                                      Function 00007FF7D0E084BC Relevance: .1, Instructions: 146COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aeaa4d226cfc6ad080383ae9afbcffa98b1d4b02c4f348a8229da7f61345b46b
                                                                      • Instruction ID: 8466d4885943073f7e239e08fa389e1e19e5f935e19bb7d693dbf0e463210105
                                                                      • Opcode Fuzzy Hash: aeaa4d226cfc6ad080383ae9afbcffa98b1d4b02c4f348a8229da7f61345b46b
                                                                      • Instruction Fuzzy Hash: F351A632A14A5186E725AB29D55023CB3A0FB54B68FE56132CECD27798CF3AF843C750
                                                                      Function 00007FF7D0E086C8 Relevance: .1, Instructions: 146COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ccef08dcac92de96f80e62e39422300b1b07a4443c4a4c576b31c173fb34a7b9
                                                                      • Instruction ID: 68dae4fff5eca41d03cb06e2432c7588bfffeffa4dee9bf7bea0d56704f165ba
                                                                      • Opcode Fuzzy Hash: ccef08dcac92de96f80e62e39422300b1b07a4443c4a4c576b31c173fb34a7b9
                                                                      • Instruction Fuzzy Hash: C9519736A1465186E768AB29C14022CB7A0FB55B58FF86133CA8C6779CDB3AF842C750
                                                                      Function 00007FF7D0E088D4 Relevance: .1, Instructions: 146COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4511e46d3dad8bb9131fcbe58f47e52a3bb0c7fd98dab0744a1f68c8f35f932a
                                                                      • Instruction ID: e46f46db437488a6157ef7b4f502d3688f3d4148c925f04613d0066d9e3ef3dd
                                                                      • Opcode Fuzzy Hash: 4511e46d3dad8bb9131fcbe58f47e52a3bb0c7fd98dab0744a1f68c8f35f932a
                                                                      • Instruction Fuzzy Hash: 06517736A1865185E764BB29C15023CB7B0FB94B58FE46133CACD27798CB3AF852C751
                                                                      Function 00007FF7D0DF37AC Relevance: .1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9737d1d36a664a2d1eac21050ef45ebe19750109be73a891a133502aaa51538e
                                                                      • Instruction ID: 5af1416efdb6bebc6da8621180b648559c3208cd60091e3b8072c3785c9fa3b4
                                                                      • Opcode Fuzzy Hash: 9737d1d36a664a2d1eac21050ef45ebe19750109be73a891a133502aaa51538e
                                                                      • Instruction Fuzzy Hash: AF416772E081C68EE6B9ED25A54453DBD92AB943C0FE6E07FD50D1378CCD3CB9498660
                                                                      Function 00007FF7D0E0BA80 Relevance: .1, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFreeHeapLast
                                                                      • String ID:
                                                                      • API String ID: 485612231-0
                                                                      • Opcode ID: 60f4d3c0ecfb20a6fcd1b75d10b0ea18f7c2c4c0a185d923640a38a4ab3ade8b
                                                                      • Instruction ID: f507c849873cd7e547e7752006c07441c0552e30d5be40892be17030a7ea8856
                                                                      • Opcode Fuzzy Hash: 60f4d3c0ecfb20a6fcd1b75d10b0ea18f7c2c4c0a185d923640a38a4ab3ade8b
                                                                      • Instruction Fuzzy Hash: B741D162B14A5482EF54EF6AE95416DF3A1BB48FD0BC8A437DE0D97B58DE3CE1418310
                                                                      Function 00007FF7D0E044D0 Relevance: .0, Instructions: 2COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a2d87e52002873939cdd41a68ab5698367994441df2833cf10978d5824ac9a8d
                                                                      • Instruction ID: 9bd1141103d28efa2fc21c0983ab58ff07de0475be49fc7d453d77cee9c80436
                                                                      • Opcode Fuzzy Hash: a2d87e52002873939cdd41a68ab5698367994441df2833cf10978d5824ac9a8d
                                                                      • Instruction Fuzzy Hash: 69A001AA908812D0E654BB22E950568A221BB51344BC16237E02D512B89E6CB4408220
                                                                      Function 00007FF7D0DF6880 Relevance: 70.2, APIs: 19, Strings: 21, Instructions: 238COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _cwprintf_s_l
                                                                      • String ID: (deleted action)$ bundle id: %ls$ bundle provider key: %ls$ can affect machine state: %hs$ disable-rollback: %hs$ disallow-removal: %hs$ downgrade: %hs$ layout directory: %ls$ overall progress ticks: %u$ per-machine: %hs$ registration options: %hs$ use-forward-compatible: %hs$ Clean action[%u]: CLEAN_COMPATIBLE_PACKAGE package id: %ls$ Clean action[%u]: CLEAN_PACKAGE package id: %ls$ Dependency action[%u]: PLANNED_PROVIDER key: %ls, name: %ls$--- Begin plan dump ---$--- End plan dump ---$Plan action: %hs$Plan cache size: %llu$Plan execute package count: %u$Restore action[%u]: RELATED_BUNDLE package id: %ls, action: %hs, ignore dependencies: %ls
                                                                      • API String ID: 2941638530-1818579274
                                                                      • Opcode ID: 5a1bb4c31ab7ea3ff988ac4ddb390d951e7e468c61ea87ebe580e861683dac08
                                                                      • Instruction ID: b6babd923a76808545cc2317ca219570d2f5922dd49b5df2ba9541f20890f315
                                                                      • Opcode Fuzzy Hash: 5a1bb4c31ab7ea3ff988ac4ddb390d951e7e468c61ea87ebe580e861683dac08
                                                                      • Instruction Fuzzy Hash: 5CB16E72A1469296E704BF25C4501ADB761FB44B84FC4A03BDA0D2B79EDE39F944C7A0
                                                                      Function 00007FF7D0E2B1C8 Relevance: 45.8, APIs: 8, Strings: 18, Instructions: 264COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$CompareFree
                                                                      • String ID: Failed get attributes for ATOM link.$Failed to allocate ATOM link href.$Failed to allocate ATOM link rel.$Failed to allocate ATOM link title.$Failed to allocate ATOM link type.$Failed to allocate ATOM link value.$Failed to get child nodes of ATOM link element.$Failed to parse ATOM link length.$Failed to parse unknown ATOM link attribute: %ls$Failed to parse unknown ATOM link element: %ls$Failed to process all ATOM link attributes.$Failed to process all ATOM link elements.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp$href$length$rel$title$type
                                                                      • API String ID: 3589242889-3014251594
                                                                      • Opcode ID: e9fcde556c8a096618963259ad8e162a2f8d36ce7f3a36a3da1c481a157f7e40
                                                                      • Instruction ID: 17b96b0a5741c384c1142d399907d41b5975c245ce1edb57893de510191eec89
                                                                      • Opcode Fuzzy Hash: e9fcde556c8a096618963259ad8e162a2f8d36ce7f3a36a3da1c481a157f7e40
                                                                      • Instruction Fuzzy Hash: 76C14C22B08A468AEB14BF35D8802ADA365FB44748FD0613BDA0D87B6CDF2DF545C360
                                                                      Function 00007FF7D0E22940 Relevance: 44.1, APIs: 10, Strings: 15, Instructions: 328fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CreateFile
                                                                      • String ID: *wzSrcPath is null$Failed to allocate memory to read in file: %ls$Failed to completely read file: %ls$Failed to get size of file: %ls$Failed to load file: %ls, too large.$Failed to open file: %ls$Failed to re-allocate memory to read in file: %ls$Failed to read from file: %ls$Failed to seek position %d$Invalid argument pcbDest$Invalid argument ppbDest$Invalid argument wzSrcPath$Start position %d bigger than file '%ls' size %llu$Underflow calculating remaining buffer size.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                      • API String ID: 1722934493-3998981784
                                                                      • Opcode ID: fe01692ea7f491d3b8dc53f082c164990f7e8d3f963b949806b1279220c9e951
                                                                      • Instruction ID: 5c35488806267ed5a98dcbdd9ac79a66ff0b1124fc3445fc46c9cd168dd55f06
                                                                      • Opcode Fuzzy Hash: fe01692ea7f491d3b8dc53f082c164990f7e8d3f963b949806b1279220c9e951
                                                                      • Instruction Fuzzy Hash: 52E1D021B0860296E620BF72E4846BDE6A5AF88760FD4213FD94D83798DF7CF8418764
                                                                      Function 00007FF7D0DD9494 Relevance: 38.9, APIs: 8, Strings: 14, Instructions: 398synchronizationthreadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle$CreateCriticalSectionThread$DeleteErrorInitializeLastMutexRelease
                                                                      • String ID: Another per-user setup is already executing.$Apply cannot be done without a successful Plan.$BA aborted apply begin.$Failed to cache engine to working directory.$Failed to create cache thread.$Failed to elevate.$Failed to initialize apply in elevated process.$Failed to register bundle.$Failed to set initial apply variables.$Failed to wait for cache thread after execute.$Failed to wait for cache thread before execute.$Failed while caching, aborting execution.$Plans cannot be applied multiple times.$d:\a\wix4\wix4\src\burn\engine\core.cpp
                                                                      • API String ID: 628592193-1871941313
                                                                      • Opcode ID: 6d41f309899205dcb8e3d7d2598fd32aaf18c1537388de3000b13968b767cf0a
                                                                      • Instruction ID: bfc8eabab68d101e516823495fa3476975812f86c87ae366e6a0012966826cd4
                                                                      • Opcode Fuzzy Hash: 6d41f309899205dcb8e3d7d2598fd32aaf18c1537388de3000b13968b767cf0a
                                                                      • Instruction Fuzzy Hash: 79123932A087428AEB20EF65D4507ADA7A4FB44748FC4213BD90D8679CDE7DF545CB60
                                                                      Function 00007FF7D0E0368C Relevance: 37.0, APIs: 6, Strings: 15, Instructions: 268synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateErrorHandleLastProcess$CodeExitMutexObjectReleaseSingleUuidWait
                                                                      • String ID: %ls$%ls /pipe %ls$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate section name.$Failed to append netfx chainer args.$Failed to append user args.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxEvent.%ls$NetFxSection.%ls$d:\a\wix4\wix4\src\burn\engine\netfxchainer.cpp
                                                                      • API String ID: 4018796558-3586658835
                                                                      • Opcode ID: 7ff0c7f8915f3bea66e06f8a7c5add47607887ab9124e02ff881f0a671ee7c84
                                                                      • Instruction ID: ee387008b3dbe6cb2e78d6eace8602ba2df178091967efe76c88d40b22be9f9f
                                                                      • Opcode Fuzzy Hash: 7ff0c7f8915f3bea66e06f8a7c5add47607887ab9124e02ff881f0a671ee7c84
                                                                      • Instruction Fuzzy Hash: F2C14C31B08A5296EB20FB61E8402AEA7A8FB84784FC05137DA4D97B99DF3CF5458750
                                                                      Function 00007FF7D0DEAB20 Relevance: 37.0, APIs: 4, Strings: 17, Instructions: 249COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$Compare$Variant$AllocClearFreeInit
                                                                      • String ID: Action$Addon$Detect$Failed to get @Action.$Failed to get @Id.$Failed to get RelatedBundle element count.$Failed to get RelatedBundle nodes$Failed to get next RelatedBundle element.$Failed to resize Addon code array$Failed to resize Detect code array$Failed to resize Patch code array$Failed to resize Upgrade code array$Invalid value for @Action: %ls$Patch$RelatedBundle$Upgrade$d:\a\wix4\wix4\src\burn\engine\bundlepackageengine.cpp
                                                                      • API String ID: 937563602-738192170
                                                                      • Opcode ID: cd993b2c866b4c2e9161a670e1c33925a2c4c96362fea980602643691c94b9d7
                                                                      • Instruction ID: 80e206213b060926a0af510899e0917dc1a887bd641bd82dbfb8cdb708e7dfe5
                                                                      • Opcode Fuzzy Hash: cd993b2c866b4c2e9161a670e1c33925a2c4c96362fea980602643691c94b9d7
                                                                      • Instruction Fuzzy Hash: E4C12B72B08A028AEB14EF69D4806ADB7A0FB88B58FD05137DA4D47768DF38F545C760
                                                                      Function 00007FF7D0DCBB50 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 189registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D0E00245), ref: 00007FF7D0DCBE34
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: "%ls" /%ls /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to open run key.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$burn.clean.room$burn.runonce$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                      • API String ID: 3535843008-1559682262
                                                                      • Opcode ID: f316e4b35f1a3661ed0064fda73ce718e3f991b67d85229d50987da66108adcd
                                                                      • Instruction ID: bc280911a2f65fa89285b193a88d3e914f8a7960dd907fc7770374271796ed51
                                                                      • Opcode Fuzzy Hash: f316e4b35f1a3661ed0064fda73ce718e3f991b67d85229d50987da66108adcd
                                                                      • Instruction Fuzzy Hash: CD81B524B0874286EB10BB66E4402BEA7A5FF89790FC46033D94E83369DF3CF4458764
                                                                      Function 00007FF7D0DC4280 Relevance: 30.0, APIs: 5, Strings: 12, Instructions: 244registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close_cwprintf_s_l
                                                                      • String ID: Failed to change value type.$Failed to format key string.$Failed to format value string.$Failed to open registry key.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                      • API String ID: 3644356412-3422224897
                                                                      • Opcode ID: b8b518e273067d4a52a1db28b1473d59c9b24b342d70c6522dd798828085579e
                                                                      • Instruction ID: 58f114f91c65fa6affd3201eb60620ac1cf34ee626dcf63116614a1b510d24c3
                                                                      • Opcode Fuzzy Hash: b8b518e273067d4a52a1db28b1473d59c9b24b342d70c6522dd798828085579e
                                                                      • Instruction Fuzzy Hash: C0B19D22B186128AFB21BE61D4407BDA7A4BF48788FD06137DA0D57B8DDF2CF54183A4
                                                                      Function 00007FF7D0E02BB0 Relevance: 29.9, APIs: 4, Strings: 13, Instructions: 170COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CloseHandle$CreateCurrentErrorLast
                                                                      • String ID: %ls$%ls -%ls %ls %ls %u$-uninstall$Failed to append embedded args.$Failed to append user args.$Failed to create embedded pipe name and client token.$Failed to create embedded pipe.$Failed to create embedded process at path: %ls$Failed to process messages from embedded message.$Failed to wait for embedded executable: %ls$Failed to wait for embedded process to connect to pipe.$burn.embedded$d:\a\wix4\wix4\src\burn\engine\embedded.cpp
                                                                      • API String ID: 422308620-4261189878
                                                                      • Opcode ID: 9c5d1ec3f6ffb7644aa077b4cc9997c0c4171c1db146a96be2f415b5414279c3
                                                                      • Instruction ID: 8eb7a37aa13373a8acd260e544768712d114e60a242458f905155a510ded1b21
                                                                      • Opcode Fuzzy Hash: 9c5d1ec3f6ffb7644aa077b4cc9997c0c4171c1db146a96be2f415b5414279c3
                                                                      • Instruction Fuzzy Hash: 27714E21B08B0295EB11FB62E8806ADA7A4FB48784FC0653BDE4D97B59DF3CF5418360
                                                                      Function 00007FF7D0DCB1F8 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 214COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SysFreeString.OLEAUT32 ref: 00007FF7D0DCB430
                                                                        • Part of subcall function 00007FF7D0DB6828: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7D0DB2158,?,?,?,?,?,?,00000000,00007FF7D0DB1F49,?,?,?,00000000), ref: 00007FF7D0DB683C
                                                                      • SysFreeString.OLEAUT32 ref: 00007FF7D0DCB3E9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeString$HeapProcess
                                                                      • String ID: Failed to allocate memory for software tag structs.$Failed to convert SoftwareTag text to UTF-8$Failed to get @Filename.$Failed to get @Path.$Failed to get @Regid.$Failed to get SoftwareTag text.$Failed to get next node.$Failed to get software tag count.$Failed to select software tag nodes.$Filename$Path$Regid$SoftwareTag$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                      • API String ID: 3485037438-1873729996
                                                                      • Opcode ID: c1f9bf87daf3b37bf44e61fe1a1b80752a6da04c16ed14f9d5411350a3a3eb2d
                                                                      • Instruction ID: 13310236c2c43ad1104ab1a6bf0ae1b70c59613412a319828625c47f6a3d8c7c
                                                                      • Opcode Fuzzy Hash: c1f9bf87daf3b37bf44e61fe1a1b80752a6da04c16ed14f9d5411350a3a3eb2d
                                                                      • Instruction Fuzzy Hash: 73916F61B18A1285FB04BF65D4802BDA760AB48B99FC02037DE0D87799DF6DF445C3B8
                                                                      Function 00007FF7D0DB86C8 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 177synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close$HandleMutexRelease
                                                                      • String ID: Failed to connect to unelevated process.$Failed to create elevated logging thread.$Failed to create finished event for logging thread.$Failed to create log event for logging thread.$Failed to create the message window.$Failed to open elevated log.$Failed to pump messages from parent process.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                      • API String ID: 2585119886-4116955637
                                                                      • Opcode ID: 8336da03d7541b861453cf79fca67742efaf1534c52a47f5ae18a7860ec38f6e
                                                                      • Instruction ID: e8a3121729e79a473b00741f42697a0a2ea6a5960e7e90b7c4c598cd0e7dd1b3
                                                                      • Opcode Fuzzy Hash: 8336da03d7541b861453cf79fca67742efaf1534c52a47f5ae18a7860ec38f6e
                                                                      • Instruction Fuzzy Hash: D3816C36B08B8296EB21AB65E8807EDA7A4FB44744FD0203BDA4D87758DF3CE505C750
                                                                      Function 00007FF7D0DE5910 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 146registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ClassErrorLast$CreateRegisterUnregisterWindow
                                                                      • String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$d:\a\wix4\wix4\src\burn\engine\uithread.cpp
                                                                      • API String ID: 3976189915-2033051560
                                                                      • Opcode ID: 3d8165fdef7c1778e5dd7f12cd9bd14def3e345cbed08d886275d1ab36f8656e
                                                                      • Instruction ID: 5bd99ce65fb37c5495d748fea843b8f9d42cfddc3d398a20a4d0159ef309b123
                                                                      • Opcode Fuzzy Hash: 3d8165fdef7c1778e5dd7f12cd9bd14def3e345cbed08d886275d1ab36f8656e
                                                                      • Instruction Fuzzy Hash: 8B617032B18A429AE714EF76E4806ADB3A4FB48744FC0513BDA4D83B58DF38E516C750
                                                                      Function 00007FF7D0DE5240 Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 123registrywindowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Class$CursorDeleteErrorLastLoadMessageObjectPostRegisterUnregister
                                                                      • String ID: Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$d:\a\wix4\wix4\src\burn\engine\splashscreen.cpp
                                                                      • API String ID: 4012016417-1790364600
                                                                      • Opcode ID: 0c6715a91b6f91f9a68a0033e1bf64849a15980fbc5315597352a7e4e888c664
                                                                      • Instruction ID: 5772ab1d905ba348cb99d7eee622c32f089f445d58293779ec1c3b3ddcddfc59
                                                                      • Opcode Fuzzy Hash: 0c6715a91b6f91f9a68a0033e1bf64849a15980fbc5315597352a7e4e888c664
                                                                      • Instruction Fuzzy Hash: CE513A36B14A42D6EB14AF76E4806ADB3A5FB48B84FC06137CA4D83B58DF38E515C760
                                                                      Function 00007FF7D0DB89D0 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 206windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseMessagePostWindow
                                                                      • String ID: Failed to check global conditions$Failed to create the message window.$Failed to load BundleExtensions.$Failed to open log.$Failed to query registration.$Failed to set command line action variable.$Failed to set layout directory variable to value provided from command-line.$Failed to set registration variables.$Failed while running $WixBundleCommandLineAction$WixBundleLayoutDirectory$WixBundleOriginalSource$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                      • API String ID: 2588979123-2260081804
                                                                      • Opcode ID: d05a8b03e8462869f2e14e53ecde60b9dcb3d0017c3765503eb878c6d80ec2f4
                                                                      • Instruction ID: 8f757e5c741b29d828d6f963f849ae1c9a8fc374a87907917086826b9889bc10
                                                                      • Opcode Fuzzy Hash: d05a8b03e8462869f2e14e53ecde60b9dcb3d0017c3765503eb878c6d80ec2f4
                                                                      • Instruction Fuzzy Hash: 73917B62B08642A6EB14BB21D8902BDABB4FB44B84FD02437DA0D47B99DF3CF551C364
                                                                      Function 00007FF7D0DF3B0C Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 152serviceCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Service$ErrorLast$CloseHandleOpen$ChangeConfigManagerQueryStatus
                                                                      • String ID: Failed to mark WU service to start on demand.$Failed to open WU service.$Failed to open service control manager.$Failed to query status of WU service.$Failed to read configuration for WU service.$d:\a\wix4\wix4\src\burn\engine\msuengine.cpp$wuauserv
                                                                      • API String ID: 2017831661-2546018573
                                                                      • Opcode ID: 2c9ddb1b7625baf45f815efa44b20b696a317ef2f0deda1c53fa2983b471a606
                                                                      • Instruction ID: 482364a26a40d19f83a5d4c0a1f04a16ea76638db0d12b939c4bfa3b489f53fb
                                                                      • Opcode Fuzzy Hash: 2c9ddb1b7625baf45f815efa44b20b696a317ef2f0deda1c53fa2983b471a606
                                                                      • Instruction Fuzzy Hash: 8B515121B1874189F750FB66998067DA6A5AF84B80FC1A03BDD0D8779DEE7DF4458320
                                                                      Function 00007FF7D0DB543C Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 134COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$FileModuleName
                                                                      • String ID: Failed to allocate space for module path.$Failed to get max length of input buffer.$Failed to get path for executing process.$Failed to get size of path for executing process.$Failed to re-allocate more space for module path.$Unexpected failure getting path for executing process.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                      • API String ID: 1026760046-3511924
                                                                      • Opcode ID: 902fc170f0bdd2ca30d4937ac6355a66afac27a7e292a50727cae38aed815fb4
                                                                      • Instruction ID: 90d6e2258c0e04b5d2ccfacd2d790054070e33a8e671ef33cac2b038d5b6a31c
                                                                      • Opcode Fuzzy Hash: 902fc170f0bdd2ca30d4937ac6355a66afac27a7e292a50727cae38aed815fb4
                                                                      • Instruction Fuzzy Hash: 3F51A221B1860396F710BF66A89023EEAE5AF94751FD42137C94D837ADDE7CF8458720
                                                                      Function 00007FF7D0DE03B8 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 196COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to launch approved exe: %ls$Failed to open the registry key for the approved exe path.$Failed to read approved exe WaitForInputIdle timeout.$Failed to read approved exe arguments.$Failed to read approved exe id.$Failed to read the value for the approved exe path.$Failed to send BURN_ELEVATION_MESSAGE_TYPE_LAUNCH_APPROVED_EXE_PROCESSID message to per-user process.$Failed to verify the executable path is in a secure location: %ls$Failed to write the approved exe process id to message buffer.$The executable path is not in a secure location: %ls$The per-user process requested unknown approved exe with id: %ls$d:\a\wix4\wix4\src\burn\engine\elevation.cpp$yes
                                                                      • API String ID: 0-3760680463
                                                                      • Opcode ID: 49abda448f05a181899f0d7d814cb81a599256138b5669f4f0a482871add6d11
                                                                      • Instruction ID: 2b651be37423d20abd7b2fa491e3bfe0564df0a9dbdaa05d1086a5f64d376fc8
                                                                      • Opcode Fuzzy Hash: 49abda448f05a181899f0d7d814cb81a599256138b5669f4f0a482871add6d11
                                                                      • Instruction Fuzzy Hash: 2A916C62B08A4696EB10EF61D4802EDA770FB48788FD06137EA4D97B9DDF38E545C360
                                                                      Function 00007FF7D0E2B7AC Relevance: 24.7, APIs: 3, Strings: 11, Instructions: 185COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeString$HeapProcess
                                                                      • String ID: Failed get attributes on ATOM unknown element.$Failed to allocate ATOM unknown element name.$Failed to allocate ATOM unknown element namespace.$Failed to allocate ATOM unknown element value.$Failed to allocate unknown element.$Failed to enumerate all attributes on ATOM unknown element.$Failed to get unknown element name.$Failed to get unknown element namespace.$Failed to get unknown element value.$Failed to parse attribute on ATOM unknown element.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp
                                                                      • API String ID: 3485037438-2936770743
                                                                      • Opcode ID: 6306ccebe81bc0d71d4af1f65837bd19856a7b2922944d46dcbbf584579718b1
                                                                      • Instruction ID: d2ffba39429dc5be74a19b89db1a51232fd4bf6507e97e4e354cf8f9a1859ac3
                                                                      • Opcode Fuzzy Hash: 6306ccebe81bc0d71d4af1f65837bd19856a7b2922944d46dcbbf584579718b1
                                                                      • Instruction Fuzzy Hash: DF811B25B19B429AEB19BB35D89027DA364EF44B84FC46437CA0D837A8DF29F545C320
                                                                      Function 00007FF7D0DB8444 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 169COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$ErrorLast$Heap$CloseCreateDeleteEnterFreeHandleInitializeLeaveLibraryLoadObjectProcessSemaphoreSingleWait
                                                                      • String ID: Failed to create queue for bootstrapper engine.$Failed to create semaphore for queue.$Failed to dequeue action.$Failed to load BA.$Failed to start bootstrapper application.$Failed to wait on queue event.$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                      • API String ID: 2225474240-197728619
                                                                      • Opcode ID: 187f2d647a2aa6bdef5957d3c5cb0c06ae32490c230674121bba88506eead7d0
                                                                      • Instruction ID: 4a286e2fd7436ea9a1352840d6a5442c78ec306a51c32432d8136ca5a7d16e07
                                                                      • Opcode Fuzzy Hash: 187f2d647a2aa6bdef5957d3c5cb0c06ae32490c230674121bba88506eead7d0
                                                                      • Instruction Fuzzy Hash: 51714B21B08652AAFB10FB65D8806BDAB60EF44744FE06137EA1E87799DF68F545C320
                                                                      Function 00007FF7D0E29AD0 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 139COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$CompareFree
                                                                      • String ID: Failed to allocate ATOM author email.$Failed to allocate ATOM author name.$Failed to allocate ATOM author uri.$Failed to get child nodes of ATOM author element.$Failed to process all ATOM author elements.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp$email$name$uri
                                                                      • API String ID: 3589242889-1832427698
                                                                      • Opcode ID: 7104e1e07cfb66c24194176648ab5f8c3169e140516e59b43dbffe26b3e55c46
                                                                      • Instruction ID: 5a6c564e0edb9e91f0fdbbb570c564a968168522642ff02224b1b89d711b700f
                                                                      • Opcode Fuzzy Hash: 7104e1e07cfb66c24194176648ab5f8c3169e140516e59b43dbffe26b3e55c46
                                                                      • Instruction Fuzzy Hash: 35510122A08A4686EB14BF35D8847ADA7A0FB48788FC02537D50D5776CDF7CE445C364
                                                                      Function 00007FF7D0DE5430 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 128windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Window$LongProc$MessageObjectPostSelect$CompatibleCreateDeleteQuitStretch
                                                                      • String ID:
                                                                      • API String ID: 79061458-3916222277
                                                                      • Opcode ID: 832407ac416ec40dc60261662f06be782c85584cd33cb5f4ecd676e32aa50239
                                                                      • Instruction ID: ddc2ac5542fe37299bc860301aaeea840bd920ad158a9e17dbda718b97bbd655
                                                                      • Opcode Fuzzy Hash: 832407ac416ec40dc60261662f06be782c85584cd33cb5f4ecd676e32aa50239
                                                                      • Instruction Fuzzy Hash: CF51903261864186E728AB22E454B3DF261FB89BD0FD46137CA8E07B5CCE3CF5458710
                                                                      Function 00007FF7D0E1FA80 Relevance: 24.5, APIs: 6, Strings: 8, Instructions: 38libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0DB1A28: LoadLibraryExW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A58
                                                                        • Part of subcall function 00007FF7D0DB1A28: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A66
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00007FF7D0DB960E), ref: 00007FF7D0E1FAA9
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00007FF7D0DB960E), ref: 00007FF7D0E1FAC4
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00007FF7D0DB960E), ref: 00007FF7D0E1FAF6
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00007FF7D0DB960E), ref: 00007FF7D0E1FB11
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00007FF7D0DB960E), ref: 00007FF7D0E1FB2C
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00007FF7D0DB960E), ref: 00007FF7D0E1FB47
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$ErrorLastLibraryLoad
                                                                      • String ID: AdjustWindowRectExForDpi$GetDpiForMonitor$GetDpiForWindow$SetProcessDPIAware$SetProcessDpiAwareness$SetProcessDpiAwarenessContext$Shcore.dll$User32.dll
                                                                      • API String ID: 856020675-3801875990
                                                                      • Opcode ID: 3cc47b1b9cc6aed5a9194cc88a211235ceb700d6b550a536bc4b64f80dcf30c0
                                                                      • Instruction ID: fc31b2cc2a21fb362d5d6f398b1f40e8dee9dd7601e1683fc7ae480e04c5dab3
                                                                      • Opcode Fuzzy Hash: 3cc47b1b9cc6aed5a9194cc88a211235ceb700d6b550a536bc4b64f80dcf30c0
                                                                      • Instruction Fuzzy Hash: FF214278A59A0791EA00BF11F9940A9A760FF49785FC03A37C81D46338EF7CB55AC360
                                                                      Function 00007FF7D0DD4848 Relevance: 23.1, APIs: 2, Strings: 11, Instructions: 332COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareCriticalSectionString$EnterLeave
                                                                      • String ID: Failed to combine last source with relative.$Failed to combine last source with source.$Failed to combine layout source with relative.$Failed to combine layout source with source.$Failed to combine source process folder with relative.$Failed to combine source process folder with source.$Failed to copy absolute source path.$Failed to ensure size for search paths array.$WixBundleLastUsedSource$WixBundleOriginalSourceFolder$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 1408779843-2177830281
                                                                      • Opcode ID: 50afd28073c7d12655ca60b0b79f20bc5bc21bb199d6a4a9641eec6aef61f1ee
                                                                      • Instruction ID: d7c4f6f29452277f3274cc138cb2d0a4e8f9fc9cf7e37698233c8748b9a06699
                                                                      • Opcode Fuzzy Hash: 50afd28073c7d12655ca60b0b79f20bc5bc21bb199d6a4a9641eec6aef61f1ee
                                                                      • Instruction Fuzzy Hash: 30E15C36B18B4296EB10AA65D4407ADA765EB88B48FC46137CE0D93B98DF3DF501C760
                                                                      Function 00007FF7D0DFF550 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 289COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorEventLast
                                                                      • String ID: BA aborted cache.$Cache prepare package failed: %ls$Cancel during cache: %ls$Failed cache action: %ls$Failed to allocate cache search paths array.$Failed to ensure acquisition folder.$Failed to set syncpoint event.$cache package$d:\a\wix4\wix4\src\burn\engine\apply.cpp$layout bundle$layout container
                                                                      • API String ID: 3848097054-2210361204
                                                                      • Opcode ID: 48bd5f94b7416d4acb779ffc6af4d9cb540e77bbbecd48b5c8b0ed52cc3f5611
                                                                      • Instruction ID: 00241579cf3f22ccef3c9a13de84709d201f2cac9684b1f2b5b539c55aa331e6
                                                                      • Opcode Fuzzy Hash: 48bd5f94b7416d4acb779ffc6af4d9cb540e77bbbecd48b5c8b0ed52cc3f5611
                                                                      • Instruction Fuzzy Hash: 03D18031B18A829AE710BB66D44436DA7A5EF48794FC0A237DA4D87B9CDF3CF5018750
                                                                      Function 00007FF7D0E025D0 Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 213COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: HeapProcess
                                                                      • String ID: Failed to allocate memory for update bundle payload hash.$Failed to allocate space for burn payload group inside of update bundle struct$Failed to allocate space for burn payload inside of update bundle struct$Failed to copy cache id for update bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy id for update bundle.$Failed to copy install arguments for update bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy local source path for pseudo bundle.$Failed to decode hash string: %ls.$d:\a\wix4\wix4\src\burn\engine\pseudobundle.cpp
                                                                      • API String ID: 54951025-2400517205
                                                                      • Opcode ID: f4c70797388e1c26654dd289a022ddbdc26eba78fa03ac0cd7b0b59a47838884
                                                                      • Instruction ID: 1d85015a80939ea3379fd9d65b21424f2982f2b01d36de4ebcde82afbdf92ac2
                                                                      • Opcode Fuzzy Hash: f4c70797388e1c26654dd289a022ddbdc26eba78fa03ac0cd7b0b59a47838884
                                                                      • Instruction Fuzzy Hash: D5918065B0875296EB24FB25E4403AEE2A4FB44740FC4A03BDA4C97B99EF7DF4059720
                                                                      Function 00007FF7D0E01B40 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 196stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$CreateEnterFromLeaveStringUuidlstrlen
                                                                      • String ID: %ls\%ls$Engine is active, cannot change engine state.$Failed to build bundle update file path.$Failed to convert bundle update guid into string.$Failed to create bundle update guid.$Failed to create command-line for update bundle.$Failed to set update bundle.$d:\a\wix4\wix4\src\burn\engine\externalengine.cpp
                                                                      • API String ID: 1974238189-1325322743
                                                                      • Opcode ID: 04af57e6f2971b8e8ce3b83368d671af47a755ad8ef4b99894f36b9e24df2390
                                                                      • Instruction ID: 6a5c1d9a77fa32baeb13d3472d3a5a72bc2876beaf69a71cc9d1ad7d6e172880
                                                                      • Opcode Fuzzy Hash: 04af57e6f2971b8e8ce3b83368d671af47a755ad8ef4b99894f36b9e24df2390
                                                                      • Instruction Fuzzy Hash: 55813822B08B4285EB11BB61E8806ADA7A4FB44784FD06177DE4CAB79CEF78F541C750
                                                                      Function 00007FF7D0DE5628 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E26D00: FindResourceExA.KERNEL32(?,?,?,00000000,?,00007FF7D0DE567B), ref: 00007FF7D0E26D2C
                                                                        • Part of subcall function 00007FF7D0E26D00: GetLastError.KERNEL32(?,?,?,00000000,?,00007FF7D0DE567B), ref: 00007FF7D0E26D3A
                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D0DB95BE), ref: 00007FF7D0DE5837
                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D0DB95BE), ref: 00007FF7D0DE584B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle$ErrorFindLastResource
                                                                      • String ID: Failed to create UI thread.$Failed to create modal event.$Failed to load splash screen configuration.$Failed to read splash screen configuration resource.$Invalid splash screen type: %i$d:\a\wix4\wix4\src\burn\engine\splashscreen.cpp
                                                                      • API String ID: 3960716503-2387003162
                                                                      • Opcode ID: eef3b4784ad176635c7450cb56cde701eb778f9798600e25abe709cbcf020ecf
                                                                      • Instruction ID: 0183e19f291fecb75a7546c43da378c0b47683b0d71e111b305a08448320e6b4
                                                                      • Opcode Fuzzy Hash: eef3b4784ad176635c7450cb56cde701eb778f9798600e25abe709cbcf020ecf
                                                                      • Instruction Fuzzy Hash: 3B516B36B04A128AEB11EF65E4806AEB7A0BB48744FD0523BD94D83B5CEF3CE505C764
                                                                      Function 00007FF7D0DED7E4 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 217COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle$IdleInputProcessWait
                                                                      • String ID: %ls %ls$-uninstall$Bootstrapper application aborted during package process progress.$Bootstrapper application cancelled during package process progress, exit code: 0x%x$Failed to CreateProcess on path: %ls$Failed to append user args.$Failed to wait for executable to complete: %ls$d:\a\wix4\wix4\src\burn\engine\exeengine.cpp
                                                                      • API String ID: 3027418115-16237877
                                                                      • Opcode ID: 59eb1e3af77083b61bdb6fabd72db6877963720825c925e9095edf21414a70c0
                                                                      • Instruction ID: 02bbbbf67ace16a06b057d4ce74ce7e72c7a11e412ed8a92bd216d17367b14cc
                                                                      • Opcode Fuzzy Hash: 59eb1e3af77083b61bdb6fabd72db6877963720825c925e9095edf21414a70c0
                                                                      • Instruction Fuzzy Hash: 5E915A22F18A128AE714EF61E8807ADB6A1BB48788FD0113BDE4D97B59DF3CE544C750
                                                                      Function 00007FF7D0E2C8B8 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 174COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString$HeapProcess
                                                                      • String ID: Failed to allocate default application id.$Failed to allocate default application type.$Failed to allocate memory for update entries.$Failed to process ATOM entry.$Failed to reallocate memory for update entries.$application$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apuputil.cpp$http://appsyndication.org/2006/appsyn$type
                                                                      • API String ID: 3319327951-2947066191
                                                                      • Opcode ID: 9150c8f1d9744b579bb6dbf197083b280d58b265ea9f14b654602577527d328a
                                                                      • Instruction ID: 0aa3f2c8aa62f282c46927366f5e4b5ad6abd5fcd09717888b0b992be37db8a5
                                                                      • Opcode Fuzzy Hash: 9150c8f1d9744b579bb6dbf197083b280d58b265ea9f14b654602577527d328a
                                                                      • Instruction Fuzzy Hash: A771AD32A08A0286EA24FF35E44166EB7A0EB84B94FD4253BDA5D47798DF3CF541C760
                                                                      Function 00007FF7D0DD3748 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 146fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateErrorFileHandleLast
                                                                      • String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$Payload has no verification information: %ls$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 2528220319-3234199796
                                                                      • Opcode ID: bc962a4dadd807e5149b15bfc77bdcc38d20df1e56e90874a1565f108e270ddf
                                                                      • Instruction ID: 3d6ca0729a676e4dfd4be98cf7984c732dd5b3c34edab5e532c87af8bcb4d348
                                                                      • Opcode Fuzzy Hash: bc962a4dadd807e5149b15bfc77bdcc38d20df1e56e90874a1565f108e270ddf
                                                                      • Instruction Fuzzy Hash: 1C517E35718B8196E320AF16F4806AEB7A4FB88B90FD4113ADE8D43B58CF3DE5158754
                                                                      Function 00007FF7D0E192C0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 128COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastToken$InformationProcess$CloseHandleHeapOpen
                                                                      • String ID: Failed to allocate token information.$Failed to get information from process token size.$Failed to get information from process token.$Failed to open process token.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp
                                                                      • API String ID: 1402880313-3612203842
                                                                      • Opcode ID: 93654e2996a761eb325c3759a878e80e0c52e1a5a3f9df58c6843972dfc6fca6
                                                                      • Instruction ID: caedb4219f578bc44856119e523f081c6d0a947c6ccb2857498e34f6967817e8
                                                                      • Opcode Fuzzy Hash: 93654e2996a761eb325c3759a878e80e0c52e1a5a3f9df58c6843972dfc6fca6
                                                                      • Instruction Fuzzy Hash: B551A331B087129AE711BF66A48066EB7A5BB84B50FC02137D98D83798DF7CF945C760
                                                                      Function 00007FF7D0E1F808 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 120COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Monitor$CapsCreateDeviceFromHeapInfoPointProcessRelease
                                                                      • String ID: DISPLAY$Failed to allocate memory for DpiuMonitorContext.$Failed to get DPI for monitor.$Failed to get device context for monitor.$Failed to get monitor from point.$Failed to get monitor info for point.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dpiutil.cpp
                                                                      • API String ID: 1183624408-1129088005
                                                                      • Opcode ID: 10dc910972e96ef09c9ba99fa8a9eb434e102d713b5bc66631448ba17b01cfa0
                                                                      • Instruction ID: 3f36b25f2c28347361255b226493970ced7a1758304124c401fa37fc9c75311a
                                                                      • Opcode Fuzzy Hash: 10dc910972e96ef09c9ba99fa8a9eb434e102d713b5bc66631448ba17b01cfa0
                                                                      • Instruction Fuzzy Hash: C641AE36A18A1296EB14BF26E4402ADE7A1EB88B50FD46037DA0D4775CDF3CF506C760
                                                                      Function 00007FF7D0E28408 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 132fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLast$CloseCreateHandleRead
                                                                      • String ID: %ls.R$Failed to calculate resume path from working path: %ls$Failed to create resume file: %ls$Failed to create resume path.$Failed to read resume file: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                      • API String ID: 3160720760-2159331624
                                                                      • Opcode ID: b0fb9219233507b50343dbf3de6941200a1d9370cb0aa56eb109785e7af19bf2
                                                                      • Instruction ID: 3c4f8461f51f702e233ba2093efb12441af2c6d84e1c99ea6dd4d51ac3b15fa0
                                                                      • Opcode Fuzzy Hash: b0fb9219233507b50343dbf3de6941200a1d9370cb0aa56eb109785e7af19bf2
                                                                      • Instruction Fuzzy Hash: 6C51C322B0875186E720BB36E98076EA6A0FB847A4FC0533ADDAD437D8DF3CE5058750
                                                                      Function 00007FF7D0E2B5D4 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeString$HeapProcess
                                                                      • String ID: Failed to allocate ATOM unknown attribute name.$Failed to allocate ATOM unknown attribute namespace.$Failed to allocate ATOM unknown attribute value.$Failed to allocate unknown attribute.$Failed to get unknown attribute name.$Failed to get unknown attribute namespace.$Failed to get unknown attribute value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp
                                                                      • API String ID: 3485037438-797782994
                                                                      • Opcode ID: f168fd8ff74354931a518d3b75d61f3c9652a41daeb371851fc4319f3d88320f
                                                                      • Instruction ID: 624e8591eaedd61ddd68b30be7e4d28259fbafc52b106a9974feb982d204d4c6
                                                                      • Opcode Fuzzy Hash: f168fd8ff74354931a518d3b75d61f3c9652a41daeb371851fc4319f3d88320f
                                                                      • Instruction Fuzzy Hash: 7E514B65B09A529AEB15FB35D8901BDA360EF44B84BD46437DE0D83BA8EE3CF4458320
                                                                      Function 00007FF7D0DD353C Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 126fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateErrorFileHandleLast
                                                                      • String ID: %ls container from working path '%ls' to path '%ls'$Container has no verification information: %ls$Copying$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 2528220319-3503443624
                                                                      • Opcode ID: 6d36b78f0c8ae030741ba7b745dbf87065d0aa8a2297b58738bfd2dcb2ad118d
                                                                      • Instruction ID: 43a035f08b2e941b78541984ea710360f5c2920456116a7d4a680e5e3f6ab3eb
                                                                      • Opcode Fuzzy Hash: 6d36b78f0c8ae030741ba7b745dbf87065d0aa8a2297b58738bfd2dcb2ad118d
                                                                      • Instruction Fuzzy Hash: 3F515E36B18B4196E320AF12F4806AAB7A4F788B90FD4123ADE8D43B58CF3DE5558754
                                                                      Function 00007FF7D0E208A8 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 120libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressErrorFreeLastLocalProc
                                                                      • String ID: Failed to canonicalize: %ls$Failed to copy the canonicalized path.$Failed to get address of PathAllocCanonicalize.$Failed to initialize path2utl.$Failed to load api-ms-win-core-path-l1-1-0.dll$PathAllocCanonicalize$api-ms-win-core-path-l1-1-0.dll$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp
                                                                      • API String ID: 3612902539-1745691185
                                                                      • Opcode ID: 5020280c84d4ef95f29fdd2211bc33ec566e1588389ba0ff39993e04a38af019
                                                                      • Instruction ID: 88f667aa160929d0ec6bdb3bfd0284cac4fa2fcf8003d6c35237c12a49c10ca8
                                                                      • Opcode Fuzzy Hash: 5020280c84d4ef95f29fdd2211bc33ec566e1588389ba0ff39993e04a38af019
                                                                      • Instruction Fuzzy Hash: D8518165A08B4295FB10BB26A48076DE2A0BF88784FD0253BD94D477AADF3CF545C720
                                                                      Function 00007FF7D0E21370 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 117COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryErrorLastSystemWindows
                                                                      • String ID: Failed to alloc Windows directory path.$Failed to concat subdirectory on Windows directory path.$Failed to get Windows directory path with default size.$Failed to get Windows directory path with returned size.$Failed to realloc Windows directory path.$Failed to terminate Windows directory path with backslash.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\path2utl.cpp
                                                                      • API String ID: 505562763-519864416
                                                                      • Opcode ID: 5b5ffd5b08da59444f2a6b08d79f3b2db3cafcd67f267dada83fb5041b079584
                                                                      • Instruction ID: 6507655df55c9e9a2b84a131453d5f4376b2ddcaad3b108d8608118bd9b46f75
                                                                      • Opcode Fuzzy Hash: 5b5ffd5b08da59444f2a6b08d79f3b2db3cafcd67f267dada83fb5041b079584
                                                                      • Instruction Fuzzy Hash: F6419F21B08B4286F701BB76D4903BEA6A5AF94790FD4113BDA4DC3799EE6CF9058320
                                                                      Function 00007FF7D0DB5B94 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryErrorLastSystemWow64
                                                                      • String ID: Failed to allocate space for system wow64 directory.$Failed to get max length of input buffer.$Failed to get system wow64 directory path with default size.$Failed to get system wow64 directory path with returned size.$Failed to realloc system wow64 directory path.$Failed to terminate system wow64 directory path with backslash.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                      • API String ID: 1255099494-3047029672
                                                                      • Opcode ID: ff19508f336dcb962411fc21d48ac1e850890a6e5401078c6a37363cedbdc9bc
                                                                      • Instruction ID: ef84ff742ad530f3fd22da570c7371f9d58d46f969a24a16ae703ba67f733c35
                                                                      • Opcode Fuzzy Hash: ff19508f336dcb962411fc21d48ac1e850890a6e5401078c6a37363cedbdc9bc
                                                                      • Instruction Fuzzy Hash: B341B620B08B0296F700BB25D49037DABA5AF94B80FD46137C90DC339DEE6DF9418324
                                                                      Function 00007FF7D0DB59F0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: DirectoryErrorLastSystem
                                                                      • String ID: Failed to allocate space for system directory.$Failed to get max length of input buffer.$Failed to get system directory path with default size.$Failed to get system directory path with returned size.$Failed to realloc system directory path.$Failed to terminate system directory path with backslash.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                      • API String ID: 3081803543-4099084807
                                                                      • Opcode ID: 3589f3566a259a15836bc151d70da601ff676074cf58000e6e0cd5a89819e201
                                                                      • Instruction ID: 6f8012fa306a4db6a714f51481f1865e941e0b34d0365d7a7b0a9a8c63534dd8
                                                                      • Opcode Fuzzy Hash: 3589f3566a259a15836bc151d70da601ff676074cf58000e6e0cd5a89819e201
                                                                      • Instruction Fuzzy Hash: BE419321F08B0296F710BB65949037DEAA4AF94B90FD46237DA0DC379DEE6CF9058364
                                                                      Function 00007FF7D0DB82A8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 101sleepCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep$ErrorLastWindow$CloseCriticalCurrentEnterHandleLookupPrivilegeProcessSectionValue
                                                                      • String ID: Failed to enable shutdown privilege in process token.$Failed to schedule restart.$SeShutdownPrivilege$d:\a\wix4\wix4\src\burn\engine\engine.cpp
                                                                      • API String ID: 1619525766-2157809017
                                                                      • Opcode ID: 8335a0d5f0e8bbece7f30233b55d3bfe093975e3dcf69f64dd79098857f69502
                                                                      • Instruction ID: 9011a27b186723a1bdc984bfdf556cdfdd3bb777e387a9ff8a9068773cfc650a
                                                                      • Opcode Fuzzy Hash: 8335a0d5f0e8bbece7f30233b55d3bfe093975e3dcf69f64dd79098857f69502
                                                                      • Instruction Fuzzy Hash: 73418021B0864392E714BB65E49027EE6A1EF44B44FE0603BCA0D87798DF6CF841C364
                                                                      Function 00007FF7D0DBD8D8 Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 166COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: Failed to get numeric.$Failed to get string.$Failed to write included flag.$Failed to write variable count.$Failed to write variable name.$Failed to write variable value as number.$Failed to write variable value as string.$Failed to write variable value type.$Unsupported variable type.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3168844106-3226335872
                                                                      • Opcode ID: 2f9ff8235a1512951770a9d4813028bbf8c285329225a902fa43203456165b82
                                                                      • Instruction ID: e82b2a6c774859ffa9cc0ff6da3e44c148d4fc7a21ae41a67db178029b2f5d16
                                                                      • Opcode Fuzzy Hash: 2f9ff8235a1512951770a9d4813028bbf8c285329225a902fa43203456165b82
                                                                      • Instruction Fuzzy Hash: 63617B21F0C602A6EA15FA22945067EFAA4BB58B80FD06137DA0D57799EF3DF502C760
                                                                      Function 00007FF7D0E25540 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 160registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close$lstrlen
                                                                      • String ID: %ls\%ls$Failed to allocate dependent subkey "%ls" under dependency "%ls".$Failed to allocate the registry key for dependency "%ls".$Failed to create the dependency registry key "%ls".$Failed to create the dependency subkey "%ls".$Failed to set the %ls registry value to "%ls".$Failed to set the %ls registry value to %d.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp
                                                                      • API String ID: 1752758355-602586573
                                                                      • Opcode ID: 95099f63415e8c6dfb790fd428379e41e8111bcca93647b5c6b3bb41871ddc1c
                                                                      • Instruction ID: 5cddee78999c8952e0b5c49bceb43993e3f2a0f864827e5f933cfd6000470569
                                                                      • Opcode Fuzzy Hash: 95099f63415e8c6dfb790fd428379e41e8111bcca93647b5c6b3bb41871ddc1c
                                                                      • Instruction Fuzzy Hash: DF712D36B28B1285EB00AB61E8807ADB7B4BB44798FC0253BDE4D57B59DF3CE5408760
                                                                      Function 00007FF7D0DE5B60 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160sleepwindowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Long$Proc$MessagePostQuitSleep
                                                                      • String ID: =======================================$P
                                                                      • API String ID: 305784972-501222615
                                                                      • Opcode ID: 5cbb6925490e8fb8b4ab063ef332ebc4ff37e39472f80b2fa451afbe8c133230
                                                                      • Instruction ID: 63c8168b7368464015795ca64a4fe77a96a7efdc189f9fc29779233e10b6d0c3
                                                                      • Opcode Fuzzy Hash: 5cbb6925490e8fb8b4ab063ef332ebc4ff37e39472f80b2fa451afbe8c133230
                                                                      • Instruction Fuzzy Hash: DA51C721A1864285F614BF2598585BDE295FF89BC0FD4213BE94E5779ECE3CF8418360
                                                                      Function 00007FF7D0DCFB04 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 130COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetCurrentProcessId.KERNEL32 ref: 00007FF7D0DCFB35
                                                                        • Part of subcall function 00007FF7D0E22858: ReadFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00009002), ref: 00007FF7D0E228AB
                                                                        • Part of subcall function 00007FF7D0E22858: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00009002), ref: 00007FF7D0E228B5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentErrorFileLastProcessRead
                                                                      • String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$d:\a\wix4\wix4\src\burn\engine\pipe.cpp
                                                                      • API String ID: 2959708427-3721239626
                                                                      • Opcode ID: d4737b1d9ecbbf329b8fd0ec5a8ccd374d3dc41c5e6b38a7d4991364c8d2c8f5
                                                                      • Instruction ID: 5e23f53ce0b1456bf5999ba2a3c263afd6a4f582f7d80517141447d252abcf18
                                                                      • Opcode Fuzzy Hash: d4737b1d9ecbbf329b8fd0ec5a8ccd374d3dc41c5e6b38a7d4991364c8d2c8f5
                                                                      • Instruction Fuzzy Hash: 5F519022B08A0296E710FB62D4802BDA665EB88794FD06137DE1D8779DDF3CF541C7A4
                                                                      Function 00007FF7D0E1E988 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 116memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: StringVariant$AllocClearFreeInit
                                                                      • String ID: Failed getNamedItem in XmlGetAttribute(%ls)$Failed get_attributes.$Failed get_nodeValue in XmlGetAttribute(%ls)$Failed to allocate attribute name BSTR.$Failed to copy attribute value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp
                                                                      • API String ID: 760788290-2059256487
                                                                      • Opcode ID: 9ead39a63c18f9cc7bace8f5f87ed038f2e141db5742273f149fed2c765b3583
                                                                      • Instruction ID: 709fcfd6ff8ba02f07755b9eb975d44f4a14661071232e06cdf6d55e1decd270
                                                                      • Opcode Fuzzy Hash: 9ead39a63c18f9cc7bace8f5f87ed038f2e141db5742273f149fed2c765b3583
                                                                      • Instruction Fuzzy Hash: 4E514B26B08B4686EB10BF22D4846BDA360FB48B84FC46177E90E47768DF2CF545C361
                                                                      Function 00007FF7D0DBABA0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 104timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: DateErrorFormatLast$SystemTime
                                                                      • String ID: Failed to allocate the buffer for the Date.$Failed to get the Date.$Failed to get the required buffer length for the Date.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 2700948981-1940114245
                                                                      • Opcode ID: 601ffede06019fed7b74101a6910f9d7821f3d5ddc033a4f70362da5fde16af0
                                                                      • Instruction ID: b853c9956d4bbf86acfc41a469662a7a42502bdd80106fa98a2efea3bb71142f
                                                                      • Opcode Fuzzy Hash: 601ffede06019fed7b74101a6910f9d7821f3d5ddc033a4f70362da5fde16af0
                                                                      • Instruction Fuzzy Hash: 4041AF31B18B4292F710FB25E4806AEAAA4BF84B80FD02137DA4D87759EF3CF5058764
                                                                      Function 00007FF7D0DBA890 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 99registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E1A674: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,00000000,00007FF7D0E1A66D), ref: 00007FF7D0E1A6C1
                                                                      • RegCloseKey.ADVAPI32 ref: 00007FF7D0DBA996
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpen
                                                                      • String ID: CommonFilesDir$Failed to ensure path was backslash terminated.$Failed to get 64-bit folder.$Failed to open Windows folder key.$Failed to read folder path for '%ls'.$Failed to set variant value.$ProgramFilesDir$SOFTWARE\Microsoft\Windows\CurrentVersion$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 47109696-3026353617
                                                                      • Opcode ID: 0c85f6d079ce6b1e861ce7baa1f194e72584532c41f66755beed974e70b7b8e1
                                                                      • Instruction ID: 8ffe716ec5ad25cbb6fd7f5d6f59e07e0ac19e05f2aa582376eff883696c459e
                                                                      • Opcode Fuzzy Hash: 0c85f6d079ce6b1e861ce7baa1f194e72584532c41f66755beed974e70b7b8e1
                                                                      • Instruction Fuzzy Hash: AE417121B0864295FB10EB16E4807BDAAA4FB44B84FD16137D94D87B59DF3CF5458B10
                                                                      Function 00007FF7D0E1E350 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 90COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeString
                                                                      • String ID: Failed to query IXMLDOMParseError.errorCode.$Failed to query IXMLDOMParseError.filepos.$Failed to query IXMLDOMParseError.line.$Failed to query IXMLDOMParseError.linepos.$Failed to query IXMLDOMParseError.reason.$Failed to query IXMLDOMParseError.srcText .$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp
                                                                      • API String ID: 3341692771-2297621156
                                                                      • Opcode ID: 4512603ddfcaf43032c64b985e8020668fc5d61bff97e75c2df6c7617902b3ed
                                                                      • Instruction ID: 3b99bd3a916de429d971faf08e9a8ea86131c188771b70c0eb2221a0d5978089
                                                                      • Opcode Fuzzy Hash: 4512603ddfcaf43032c64b985e8020668fc5d61bff97e75c2df6c7617902b3ed
                                                                      • Instruction Fuzzy Hash: 6541F726708A0685EB04BF26D8947BDA360FB54B88FC45437E91E87768DF2CF545C3A1
                                                                      Function 00007FF7D0DBB780 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 85libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressErrorHandleLastModuleProc
                                                                      • String ID: DllGetVersion$Failed to create msi.dll version from QWORD.$Failed to find DllGetVersion entry point in msi.dll.$Failed to get msi.dll version info.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp$msi
                                                                      • API String ID: 4275029093-1657635385
                                                                      • Opcode ID: 021f52ab083eb0e9da1a4df6df46773c030ff95cca2067d7327bc12b7904757e
                                                                      • Instruction ID: 558863e4ab7c2d2e1ed3bb094848fd58a5e44fa7111eb03bf88b08544beb3dd8
                                                                      • Opcode Fuzzy Hash: 021f52ab083eb0e9da1a4df6df46773c030ff95cca2067d7327bc12b7904757e
                                                                      • Instruction Fuzzy Hash: 46319725B18B4295FB01BB25E88027EA6A4EF44B90FD02137D54E8376DDF7CF4458760
                                                                      Function 00007FF7D0E28AFC Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 170COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      • Failed to get HTTP status code for failed request to URL: %ls, xrefs: 00007FF7D0E28B95
                                                                      • Unknown HTTP status code %d, returned from URL: %ls, xrefs: 00007FF7D0E28C97
                                                                      • Failed to send request to URL: %ls, trying to process HTTP status code anyway., xrefs: 00007FF7D0E28B54
                                                                      • Failed to get redirect url: %ls, xrefs: 00007FF7D0E28D21
                                                                      • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp, xrefs: 00007FF7D0E28D4D
                                                                      • Failed to get HTTP status code for request to URL: %ls, xrefs: 00007FF7D0E28D37
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast_cwprintf_s_l
                                                                      • String ID: Failed to get HTTP status code for failed request to URL: %ls$Failed to get HTTP status code for request to URL: %ls$Failed to get redirect url: %ls$Failed to send request to URL: %ls, trying to process HTTP status code anyway.$Unknown HTTP status code %d, returned from URL: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                      • API String ID: 535874794-2050984236
                                                                      • Opcode ID: e1314c01c5f04b6ba81ecad10eeb462b0b102513a7982d6bdcbeeabc3b0a220c
                                                                      • Instruction ID: 824a09e1efc4af627b586fb4763b5a9d8455b1bfdcb6b3f77b425266bbea8693
                                                                      • Opcode Fuzzy Hash: e1314c01c5f04b6ba81ecad10eeb462b0b102513a7982d6bdcbeeabc3b0a220c
                                                                      • Instruction Fuzzy Hash: B961AB31A0A60286E724BA35A65827DE694EF45B40FE0663FCA0D47B9CCF7CF9048720
                                                                      Function 00007FF7D0DB6424 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 150COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Expected fully qualified path provided to prefix: %ls.$Failed to add prefix to UNC path.$Failed to add prefix to file path.$Failed to get length of path to prefix.$Failed to get size of full path.$\\?\$\\?\UNC$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                      • API String ID: 0-3583157011
                                                                      • Opcode ID: a12aa26839a8212efae9c4ff9b64cb91badb033cfe9af1d7552efa41baf5d959
                                                                      • Instruction ID: 4cf51eba8df3cf770d394e5554063b8457b4456b542146282250d504a94ee870
                                                                      • Opcode Fuzzy Hash: a12aa26839a8212efae9c4ff9b64cb91badb033cfe9af1d7552efa41baf5d959
                                                                      • Instruction Fuzzy Hash: 8F519F25B08742A6FB21AB51E8406BDBAB4AF44B90FD0613BD90D4379DDE3CF555C720
                                                                      Function 00007FF7D0DB56E8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 137COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetFullPathNameW.KERNEL32(?,?,?,00000000,?,?,?,00007FF7D0DB5161), ref: 00007FF7D0DB5799
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FullNamePath
                                                                      • String ID: Failed to allocate space for full path.$Failed to get current directory.$Failed to get full path for string: %ls$Failed to get max length of input buffer.$Failed to reallocate space for full path.$GetFullPathNameW results never converged.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                      • API String ID: 608056474-2352071517
                                                                      • Opcode ID: 57833038a21a912b398dccbe3f71b7d3b3023ad11398f9ea11995bfab75e28fd
                                                                      • Instruction ID: 4313963f9dea9fcf0ea708f66b457d00ce1764d95ea64871dbf6b5a54a77feba
                                                                      • Opcode Fuzzy Hash: 57833038a21a912b398dccbe3f71b7d3b3023ad11398f9ea11995bfab75e28fd
                                                                      • Instruction Fuzzy Hash: 8051B325B08742A6FB11FB16A85027EEAA1AF94B90FD46133D90D8779DDE3CF4468360
                                                                      Function 00007FF7D0DF46F4 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CreateEventW.KERNEL32(?,?,00000000,?,00000000,00007FF7D0DF46A7,?,?,?,?,00000000,00007FF7D0DF7037,?,?,?,?), ref: 00007FF7D0DF4737
                                                                      • GetLastError.KERNEL32(?,?,00000000,?,00000000,00007FF7D0DF46A7,?,?,?,?,00000000,00007FF7D0DF7037,?,?,?,?), ref: 00007FF7D0DF4749
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateErrorEventLast
                                                                      • String ID: Failed to append cache action.$Failed to append checkpoint before package start action.$Failed to append rollback cache action.$Failed to create syncpoint event.$Failed to plan cache for package.$Failed to plan package cache syncpoint$d:\a\wix4\wix4\src\burn\engine\plan.cpp
                                                                      • API String ID: 545576003-3436273000
                                                                      • Opcode ID: d0914f86cee8b0ec2ced260528ddd7a6b23984103b3be1bce50e0ea9257c05ec
                                                                      • Instruction ID: e272867049c96911858cef516c14e8c76559d91709d2b3b6b5750fd31debc172
                                                                      • Opcode Fuzzy Hash: d0914f86cee8b0ec2ced260528ddd7a6b23984103b3be1bce50e0ea9257c05ec
                                                                      • Instruction Fuzzy Hash: 34515E25B087829AF701AB66D48036EEBA5AB84790FD09037DA0C8779DEFBCF4458710
                                                                      Function 00007FF7D0DD2660 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLocal
                                                                      • String ID: Failed to allocate access for Administrators group to path: %ls$Failed to allocate access for Everyone group to path: %ls$Failed to allocate access for SYSTEM group to path: %ls$Failed to allocate access for Users group to path: %ls$Failed to create ACL to secure cache path: %ls$Failed to secure cache path: %ls$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 2826327444-3214910189
                                                                      • Opcode ID: 243e87a999ebd0d1ab40952a327c70c6d0e9f4ee8fde7ec225f2b59d1a11005f
                                                                      • Instruction ID: 77abd0f7e4c8b1cbc3f85de7f55905e937cd5cfd3d83e6443d6e82e1cd4158a5
                                                                      • Opcode Fuzzy Hash: 243e87a999ebd0d1ab40952a327c70c6d0e9f4ee8fde7ec225f2b59d1a11005f
                                                                      • Instruction Fuzzy Hash: D8517925B18B4686F720AB61D4503BEA2A4BB98B44FC46137DA4D83B8DDF7CF50587A0
                                                                      Function 00007FF7D0DCFCF8 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 119COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfomemcpy_s
                                                                      • String ID: Failed to allocate memory for message.$Failed to allocate message to write.$Failed to calculate total pipe message size$Failed to write message type to pipe.$Pipe message is too large.$d:\a\wix4\wix4\src\burn\engine\pipe.cpp
                                                                      • API String ID: 1759834784-1442410356
                                                                      • Opcode ID: 4e9e57b820781509b3a30f98961cb13a9b6958c468695467596be880ebbff945
                                                                      • Instruction ID: ac25f245d3917b9422ba34dfb49963e6b3ee05e63b7d6fa0d157c9f477092154
                                                                      • Opcode Fuzzy Hash: 4e9e57b820781509b3a30f98961cb13a9b6958c468695467596be880ebbff945
                                                                      • Instruction Fuzzy Hash: 4641E725B0864281FA10BF52E4401FDEA60AF88B90FC46237DA4D5779EDE3CF54687A8
                                                                      Function 00007FF7D0DCE610 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetCurrentProcessId.KERNEL32(?,?,?,?,?,00000000,?,00007FF7D0DCEFF0,?,?,?,00000000,?,?,?,00000001), ref: 00007FF7D0DCE65B
                                                                      • ProcessIdToSessionId.KERNEL32(?,?,?,?,?,00000000,?,00007FF7D0DCEFF0,?,?,?,00000000,?,?,?,00000001), ref: 00007FF7D0DCE667
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentSession
                                                                      • String ID: %u\$Failed to copy temp folder.$Failed to format session id as a string.$Failed to get length of session id string.$Failed to get temp folder.$d:\a\wix4\wix4\src\burn\engine\logging.cpp
                                                                      • API String ID: 2701954971-2959569260
                                                                      • Opcode ID: f0ca8641ff3292b95d7a62d5d417d438b0d5bfa7a547b383780b72ba57924fb0
                                                                      • Instruction ID: 29103393049ca2853bd8be7cfe1d6a892c5553f53edab194ae56109096d6628a
                                                                      • Opcode Fuzzy Hash: f0ca8641ff3292b95d7a62d5d417d438b0d5bfa7a547b383780b72ba57924fb0
                                                                      • Instruction Fuzzy Hash: 0841D2A6B0874289FB14BF61D8401BDA665EF58794FD02137DA0E53B9CDE3CF4818394
                                                                      Function 00007FF7D0E1826C Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 112COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _cwprintf_s_l$ErrorLastName$ComputerFileModule
                                                                      • String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d
                                                                      • API String ID: 3251030568-3153207428
                                                                      • Opcode ID: 5ea016fcbd75f4c4ec5900e7a98313e076532851bda2b68c80d65b6df27ed871
                                                                      • Instruction ID: ab22a3f3aa5c57bc6b934188c228d71ec146aee741c8fc24efacc806e4d2604e
                                                                      • Opcode Fuzzy Hash: 5ea016fcbd75f4c4ec5900e7a98313e076532851bda2b68c80d65b6df27ed871
                                                                      • Instruction Fuzzy Hash: 33512572A1864299EB14BF21D4502BD6360EB44B48FC8A93BEA0D57B9DDF38F504C760
                                                                      Function 00007FF7D0DC3380 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesErrorFileLast
                                                                      • String ID: Directory search: %ls, did not find path: %ls$Directory search: %ls, failed get to directory attributes. '%ls'$Directory search: %ls, found file at path: %ls$Failed to format variable string.$Failed to set variable.$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                      • API String ID: 1799206407-98901924
                                                                      • Opcode ID: e2287faf52cfcd9a4b05c1ad5e7f6265a16d6bd957921b3355e12b5bd84e01de
                                                                      • Instruction ID: 741c4c6dfeb9ca4e775480fe99fecd26768a99ac997bfe374f84feaeeafaeaa9
                                                                      • Opcode Fuzzy Hash: e2287faf52cfcd9a4b05c1ad5e7f6265a16d6bd957921b3355e12b5bd84e01de
                                                                      • Instruction Fuzzy Hash: 11418321B08A5291EB11EB26E48076DE7A0EB48B90FC06137DA4D83799DF2CF541C754
                                                                      Function 00007FF7D0DC3640 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesErrorFileLast
                                                                      • String ID: Failed to format variable string.$Failed to set variable.$File search: %ls, did not find path: %ls$File search: %ls, failed get to file attributes. '%ls'$File search: %ls, found directory at path: %ls$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                      • API String ID: 1799206407-2753988889
                                                                      • Opcode ID: b903b5c7d56ce00168fbc4cdd80d39e55c29728d0100a10a70a60c26580a0708
                                                                      • Instruction ID: 6efb50c3024c704ea6125e7b73c7a4c83af5392602ba26f9b223941fc33bf4bd
                                                                      • Opcode Fuzzy Hash: b903b5c7d56ce00168fbc4cdd80d39e55c29728d0100a10a70a60c26580a0708
                                                                      • Instruction Fuzzy Hash: 9C41A261B08B5291E710FB26E88076DA7A0EF48B90FC06137DA4D87B99DF2CF541C754
                                                                      Function 00007FF7D0DB14AC Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 42libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB14C6
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB14D4
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB153B
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1552
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$ErrorHandleLastModule
                                                                      • String ID: Failed to get module handle for kernel32.$SetDefaultDllDirectories$SetDllDirectoryW$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp$kernel32
                                                                      • API String ID: 3392887714-1639946792
                                                                      • Opcode ID: 448f6d6d3fceaf8dddfeef816180ca98639cda4229b9d3adfdb510a3f0b884dc
                                                                      • Instruction ID: 5a63b64cb612bd9ae46c0facb1a58b2c200933b5c88bbcaada9a250d3e5a2e4c
                                                                      • Opcode Fuzzy Hash: 448f6d6d3fceaf8dddfeef816180ca98639cda4229b9d3adfdb510a3f0b884dc
                                                                      • Instruction Fuzzy Hash: 54112168A18702DAE711BF32A85427CE2A4BF58740FC0213BC50E83368EF7CB558C760
                                                                      Function 00007FF7D0DD140C Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 183COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $Aborted cache verify payload signature begin.$Failed authenticode verification of payload: %ls$Failed to get provider state from authenticode certificate.$Failed to get signer chain from authenticode certificate.$Failed to verify expected payload against actual certificate chain.$P$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 0-3239389295
                                                                      • Opcode ID: 08dd8b6a2373310458455d9377b114611bb2719e7e8e543433c65bcdbe83985d
                                                                      • Instruction ID: b4182bd5c5f83c14f825ee8402fe7c1935e41713e466a6ce9de2a2faaa6b5929
                                                                      • Opcode Fuzzy Hash: 08dd8b6a2373310458455d9377b114611bb2719e7e8e543433c65bcdbe83985d
                                                                      • Instruction Fuzzy Hash: 7371A225B0870199F710EF66E8813AEA6A5BB48B84FC0113BDD0D97B99DF3CE405C764
                                                                      Function 00007FF7D0DB37B4 Relevance: 15.2, APIs: 4, Strings: 6, Instructions: 160COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharErrorLastMultiWide
                                                                      • String ID: Not enough memory to allocate string of size: %u$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\strutil.cpp$failed to allocate string, len: %u$failed to convert to unicode: %s$failed to get required size for conversion to unicode: %s$failed to get size of desusertion string
                                                                      • API String ID: 203985260-642716852
                                                                      • Opcode ID: da3039218adc81f24383304331035bda6c2f6f4b057e17fde15fc0ad0c03ca2e
                                                                      • Instruction ID: c3bbf865dc364fb9f4b2e11514acc39b776b8d002d1005f8475f16e1e5c31766
                                                                      • Opcode Fuzzy Hash: da3039218adc81f24383304331035bda6c2f6f4b057e17fde15fc0ad0c03ca2e
                                                                      • Instruction Fuzzy Hash: D061D621B09B4196EB10EF16A44066EBAB4FB88B90FD05237DA4D83759EF7CF401C714
                                                                      Function 00007FF7D0E01740 Relevance: 15.1, APIs: 2, Strings: 8, Instructions: 149COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DE847C), ref: 00007FF7D0E01778
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DE847C), ref: 00007FF7D0E01963
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: BA did not provide container or payload id.$BA requested unknown container with id: %ls$BA requested unknown payload with id: %ls$Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$d:\a\wix4\wix4\src\burn\engine\externalengine.cpp
                                                                      • API String ID: 3168844106-103459661
                                                                      • Opcode ID: b9ed0b6623a0e6e4547915c46f82a2eaee7a7dad5ce791c4c77751d412e331ac
                                                                      • Instruction ID: 4fc422f302a773efb32bdea6e4d273a85eaae71845ed9ed338d19c12c20054db
                                                                      • Opcode Fuzzy Hash: b9ed0b6623a0e6e4547915c46f82a2eaee7a7dad5ce791c4c77751d412e331ac
                                                                      • Instruction Fuzzy Hash: B2515A26B0874291EA25BB11E4506BEA2A4FF84B84FD8A037D94D9B79CDF3CF541C320
                                                                      Function 00007FF7D0DDE684 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 157COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: Failed to find package: %ls$Failed to read compatible package id.$Failed to read package id.$Failed to remove from cache compatible package: %ls$Package '%ls' has no compatible package to clean.$Package '%ls' has no compatible package with id: %ls$d:\a\wix4\wix4\src\burn\engine\elevation.cpp
                                                                      • API String ID: 1825529933-529956491
                                                                      • Opcode ID: 34399d768df18e0d49aa43e9dfe992324759d8d24ea4854b3b500236194cfebf
                                                                      • Instruction ID: 8cd649ed4cda258e1d03646f8ab9df79ed88962c4d85869e3a90c46ee5c79ca5
                                                                      • Opcode Fuzzy Hash: 34399d768df18e0d49aa43e9dfe992324759d8d24ea4854b3b500236194cfebf
                                                                      • Instruction Fuzzy Hash: 33617B32B08B4289EB10AB61E4806ADA7A5FB88784FD41537DE4C93758DF3CE551D760
                                                                      Function 00007FF7D0E26194 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 153registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RegCloseKey.ADVAPI32(00000000,?,00000001,00000000,?,00000000,?,00007FF7D0DD3FBB), ref: 00007FF7D0E26380
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: Failed to compare path from pending file rename to check path.$Failed to open pending file rename registry key.$Failed to read pending file renames.$Failed to update pending file renames.$PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\file2utl.cpp
                                                                      • API String ID: 3535843008-1055086927
                                                                      • Opcode ID: d2fe97b73de2c2dd9db6883ec5682cc28734f58f1537ecece89b34d7f5151d0c
                                                                      • Instruction ID: 492a81fa01157afef27b0dee83636dc950c6cac5891ef0badc05d7067f5a202b
                                                                      • Opcode Fuzzy Hash: d2fe97b73de2c2dd9db6883ec5682cc28734f58f1537ecece89b34d7f5151d0c
                                                                      • Instruction Fuzzy Hash: BC519D66A0864296EB10BF75D4405BDA765FF84798FD4123BEE0D03798CE39F459C360
                                                                      Function 00007FF7D0DEB658 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 150registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RegCloseKey.ADVAPI32(?,00000000,00000000,?,?,?,?,00007FF7D0DEB964,?,?,?,?,?,?,?,00007FF7D0DD84DA), ref: 00007FF7D0DEB851
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: DisplayVersion$Failed to compare versions.$Failed to open registry key: %ls.$Failed to read DisplayVersion.$Failed to read QuietUninstallString.$QuietUninstallString$d:\a\wix4\wix4\src\burn\engine\exeengine.cpp
                                                                      • API String ID: 3535843008-915021512
                                                                      • Opcode ID: ac021f0d4ad47cbd35175f7e37a5cf47a107297fef55f15788c3b23784f1e375
                                                                      • Instruction ID: adb649ae48a8510adbfcd191cb68019d218f2b70f812eb987bc70784d6d1dc24
                                                                      • Opcode Fuzzy Hash: ac021f0d4ad47cbd35175f7e37a5cf47a107297fef55f15788c3b23784f1e375
                                                                      • Instruction Fuzzy Hash: 40519B72A09A428AEB15AE61D8806BEA764FB44798FD01137DE4D87B99DF3CF445C320
                                                                      Function 00007FF7D0DBF718 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 149COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: Failed to find variable.$Failed to format variable '%ls' for condition '%ls'$Failed to get if variable is hidden.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$Failed to store formatted value for variable '%ls' for condition '%ls'$d:\a\wix4\wix4\src\burn\engine\condition.cpp
                                                                      • API String ID: 3215553584-164709811
                                                                      • Opcode ID: 1fdbb18b1e99bb94b29e364002afcf10c44d5f7b1fe3c45bdbae2cbbdf7d2e1a
                                                                      • Instruction ID: 647feaa7b4da79004e5a1f70fbf5b78f196734053408b6cd2231b0111d27def6
                                                                      • Opcode Fuzzy Hash: 1fdbb18b1e99bb94b29e364002afcf10c44d5f7b1fe3c45bdbae2cbbdf7d2e1a
                                                                      • Instruction Fuzzy Hash: C0615275B08B42A2EB14AB16D48026EABB0FB44B90FC06137DA4D83B59DF3CF550C750
                                                                      Function 00007FF7D0DD579C Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 148COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareCriticalSectionString$EnterLeave
                                                                      • String ID: Failed to determine length of relative path.$Failed to determine length of source path.$Failed to set last source.$Failed to trim source folder.$WixBundleLastUsedSource$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 1408779843-3313679279
                                                                      • Opcode ID: d80546b3a50a9189c6e3d5ee172a5ebb3de63259478a59f8194fa4c749a4eb7c
                                                                      • Instruction ID: 440d587e97438dd51425b48753979328eff8afb6a3c29b10396ccc38dbaa99ca
                                                                      • Opcode Fuzzy Hash: d80546b3a50a9189c6e3d5ee172a5ebb3de63259478a59f8194fa4c749a4eb7c
                                                                      • Instruction Fuzzy Hash: BD51D331B0874381EB20AB65E45057EE651AF447A0FD86237D95D57BACCFBCF5409B20
                                                                      Function 00007FF7D0DFB480 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _cwprintf_s_l
                                                                      • String ID: Verification failed on container: %ls$Verification failed on payload group item: %ls$Verification failed on payload: %ls$Verification failed on unknown item
                                                                      • API String ID: 2941638530-3108875620
                                                                      • Opcode ID: e5c5d43e2a60a3478df85ace7e2cc9d028fe75ab9ce8f4e41d72fb322722f553
                                                                      • Instruction ID: 77abfd40d81dc9283a67169e010317abae9dae52b6f3f2d7ac9ad5251009a80f
                                                                      • Opcode Fuzzy Hash: e5c5d43e2a60a3478df85ace7e2cc9d028fe75ab9ce8f4e41d72fb322722f553
                                                                      • Instruction Fuzzy Hash: 2C4100B290868285EA54AF26C15427CAB60EB45B98FD9E437CB4D4B79DCF2DF840C770
                                                                      Function 00007FF7D0DB624C Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastNamePathVolume
                                                                      • String ID: Failed to allocate space for volume path name.$Failed to get max length of input buffer.$Failed to get volume path name of: %ls$Failed to re-allocate more space for volume path name.$Failed to terminate volume path name with backslash.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\pathutil.cpp
                                                                      • API String ID: 836773004-3870598061
                                                                      • Opcode ID: 111ae56f78872d22bdadff5a5081fc48684e45e9a0027fa682dcb12ef0333480
                                                                      • Instruction ID: 6bd4a12b14a73abb2fccf4cac5d10b05e4dc093d6bfb9f76db2fe1bc66af0153
                                                                      • Opcode Fuzzy Hash: 111ae56f78872d22bdadff5a5081fc48684e45e9a0027fa682dcb12ef0333480
                                                                      • Instruction Fuzzy Hash: 2C419621B08742A6FB10FB25D49027EEAA0AF84790FD4613BD94E83799EE3CF9418754
                                                                      Function 00007FF7D0DDA934 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 106threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateErrorLastThread
                                                                      • String ID: Failed to actually elevate.$Failed to cache engine to working directory.$Failed to create unelevated logging thread.$Failed to overwrite the %ls built-in variable.$WixBundleElevated$d:\a\wix4\wix4\src\burn\engine\core.cpp
                                                                      • API String ID: 1689873465-937186276
                                                                      • Opcode ID: 989001d9cd542178439b8a18da00df32baf7a9c0f2142518d3b5cbeeae2207ba
                                                                      • Instruction ID: 84ee579626c591f605153845fc1d9f9f3628c02dd359bec8bb4209c1c0271a20
                                                                      • Opcode Fuzzy Hash: 989001d9cd542178439b8a18da00df32baf7a9c0f2142518d3b5cbeeae2207ba
                                                                      • Instruction Fuzzy Hash: D841BF21B08B4296E710BB66A5803AEE6A0BB447A4FD46237D95D837E8DF7CF501C760
                                                                      Function 00007FF7D0DB7B94 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 104COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory
                                                                      • String ID: Failed to allocate space for current directory.$Failed to get current directory.$Failed to get max length of input buffer.$Failed to reallocate space for current directory.$GetCurrentDirectoryW results never converged.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp
                                                                      • API String ID: 1611563598-979167295
                                                                      • Opcode ID: 76794302e0866829ce34387e37100ac7f8fda3d2212573e55e9435878ac2d463
                                                                      • Instruction ID: e1e27751d304f46486168661dbdb5149bc2c719c51d3e88e7e1b170927f08ce4
                                                                      • Opcode Fuzzy Hash: 76794302e0866829ce34387e37100ac7f8fda3d2212573e55e9435878ac2d463
                                                                      • Instruction Fuzzy Hash: CA417421B08B0256FB10FB26D89027DEAA1AF85B90FD5613BD90D87799EE3CF4418364
                                                                      Function 00007FF7D0E27B74 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 100COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • QueryServiceConfigW.ADVAPI32(?,?,?,?,?,00007FF7D0DF3CA7), ref: 00007FF7D0E27B9F
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00007FF7D0DF3CA7), ref: 00007FF7D0E27BAD
                                                                        • Part of subcall function 00007FF7D0DB6828: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7D0DB2158,?,?,?,?,?,?,00000000,00007FF7D0DB1F49,?,?,?,00000000), ref: 00007FF7D0DB683C
                                                                      • QueryServiceConfigW.ADVAPI32(?,?,?,?,?,00007FF7D0DF3CA7), ref: 00007FF7D0E27C26
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00007FF7D0DF3CA7), ref: 00007FF7D0E27C34
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ConfigErrorLastQueryService$HeapProcess
                                                                      • String ID: Failed to allocate memory to get configuration.$Failed to query service configuration.$Failed to read service configuration.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\svcutil.cpp
                                                                      • API String ID: 845450758-3172380343
                                                                      • Opcode ID: 324f1867c165fef17e273c9ed0f21dc17b3a0cdd658c858592b2e9308b68412d
                                                                      • Instruction ID: a9a4184377c6627f63beaffb387ccd86512ef6f5f3c89627dab8af141ef7f0f0
                                                                      • Opcode Fuzzy Hash: 324f1867c165fef17e273c9ed0f21dc17b3a0cdd658c858592b2e9308b68412d
                                                                      • Instruction Fuzzy Hash: 5C41B131B186128AE714BF31948066EE7A1BB88B80FC0653BCA4D97758DF3CF501CB60
                                                                      Function 00007FF7D0E1E814 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 98memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: StringVariant$AllocClearFreeInit
                                                                      • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed getNamedItem in XmlGetAttribute(%ls)$failed get_attributes$failed get_nodeValue in XmlGetAttribute(%ls)
                                                                      • API String ID: 760788290-1291303398
                                                                      • Opcode ID: 04b908322ec78d3d9644c64800fdb29fe662aa3cdc8df159d978eb656784be6c
                                                                      • Instruction ID: ad0ecd5cb8e6c014adc5e91fdc09da2c42a31726df798a3a85ccff4be38ee2cd
                                                                      • Opcode Fuzzy Hash: 04b908322ec78d3d9644c64800fdb29fe662aa3cdc8df159d978eb656784be6c
                                                                      • Instruction Fuzzy Hash: 1F414D26B08B0686EB54BF22D4846ADA360FB48B88FC45173EA4D4376CDF3CE545C360
                                                                      Function 00007FF7D0E0352C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 94synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: MutexObjectReleaseSingleWait$Event
                                                                      • String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.$d:\a\wix4\wix4\src\burn\engine\netfxchainer.cpp
                                                                      • API String ID: 2608678126-3113603724
                                                                      • Opcode ID: 7360c2685d6a1c5e619b77fc17da6f1d68f25e6ceaba4a394f00c60c14702ca6
                                                                      • Instruction ID: 12f614a3e00f249c2e6f9fe5f2e499c6cb0dbd4c88c6d20488857cb15e1953c3
                                                                      • Opcode Fuzzy Hash: 7360c2685d6a1c5e619b77fc17da6f1d68f25e6ceaba4a394f00c60c14702ca6
                                                                      • Instruction Fuzzy Hash: 72418132A0464196E720FB36E8407ADA7A4FB44B98FC05136DE4E57BA9CF7CE185C710
                                                                      Function 00007FF7D0DC34F4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 83COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesErrorFileLast
                                                                      • String ID: Directory search: %ls, did not find path: %ls, reason: 0x%x$Failed to format variable string.$Failed to set directory search path variable.$Failed while searching directory search: %ls, for path: %ls$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                      • API String ID: 1799206407-3779749482
                                                                      • Opcode ID: 1090c286c10424d5050651fb8cfff8493fd4ae2110632084a746dc025d3ad9bd
                                                                      • Instruction ID: fcfce9d7d23ad113e682533681e579d88833faff64c600a5e540205db476b126
                                                                      • Opcode Fuzzy Hash: 1090c286c10424d5050651fb8cfff8493fd4ae2110632084a746dc025d3ad9bd
                                                                      • Instruction Fuzzy Hash: 75317231A08B4295E710EB55E48036DE760FB48BA4FD06137DA8D83799DF7CF5418754
                                                                      Function 00007FF7D0DE769C Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 82threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
                                                                      • String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 2979751695-3676338304
                                                                      • Opcode ID: b0f0e19d2aeef80889ef2fdce9b50f6dd2143cceb1ca970ca2d039745b42c2e3
                                                                      • Instruction ID: 87f114caa919215076dad0fc9686f845ea613784be2fe78ae694a5814fc4c972
                                                                      • Opcode Fuzzy Hash: b0f0e19d2aeef80889ef2fdce9b50f6dd2143cceb1ca970ca2d039745b42c2e3
                                                                      • Instruction Fuzzy Hash: BA317E31B186129AE750EF29E8817AD63A4FB44748FC02537DA4D83B98EF38E514CB64
                                                                      Function 00007FF7D0DC37B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 80COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesErrorFileLast
                                                                      • String ID: Failed to format variable string.$Failed to set variable to file search path.$Failed while searching file search: %ls, for path: %ls$File search: %ls, did not find path: %ls$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                      • API String ID: 1799206407-4254414841
                                                                      • Opcode ID: a41bb36d4f9d47d8d6df555aba33d6efb8da0cdc15a220fbd95cfc4a37b9ecb4
                                                                      • Instruction ID: 290e22e7f36f527a3ca30548425e3cb9946233d7fb80063d8c5edfad5b5c3f92
                                                                      • Opcode Fuzzy Hash: a41bb36d4f9d47d8d6df555aba33d6efb8da0cdc15a220fbd95cfc4a37b9ecb4
                                                                      • Instruction Fuzzy Hash: 81315E31B08B4296EB10AB66E4802AEA760FB48B94FC06137EA4D83799DF7CF5518754
                                                                      Function 00007FF7D0DE77F0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle$ErrorEventLast
                                                                      • String ID: Failed to set begin operation event.$Failed to wait for thread to terminate.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 477349713-3622178965
                                                                      • Opcode ID: ae98eeaf17bd63a620f04e4ae34fc813bbf68f8450895fb3336af60218ff17c0
                                                                      • Instruction ID: f988b910d4b303a77cd888e9cddcc437eb5ce3d531f84748ccde309300cd7acd
                                                                      • Opcode Fuzzy Hash: ae98eeaf17bd63a620f04e4ae34fc813bbf68f8450895fb3336af60218ff17c0
                                                                      • Instruction Fuzzy Hash: F7313826B09A0285EB55BF35D89437DA2A4EF84B44FD1223BC94D877A8DF2CE441C364
                                                                      Function 00007FF7D0E2D330 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 168COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast
                                                                      • String ID: Failed to copy host name.$Failed to copy password.$Failed to copy path.$Failed to copy query string.$Failed to copy user name.$Failed to crack URI.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\uriutil.cpp$h
                                                                      • API String ID: 1452528299-3434687612
                                                                      • Opcode ID: cea0aa5efc1f7c9e1bb249afe66edd9a36e630d0e36dcb0b65151b22cc02fe36
                                                                      • Instruction ID: 7c22603b41b3c2858e4eb8bd67b7c416b42733478665b57e7437eec9230c1fb6
                                                                      • Opcode Fuzzy Hash: cea0aa5efc1f7c9e1bb249afe66edd9a36e630d0e36dcb0b65151b22cc02fe36
                                                                      • Instruction Fuzzy Hash: 83613C25B09B5299E715FB35D8402AEA7A4BB44788FD0103ADE4C87B98DF7CF441CB10
                                                                      Function 00007FF7D0E1B744 Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 141stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrlenW.KERNEL32(?,?,00000000,?,00000001,00000000,?,BundleUpgradeCode,?,00007FF7D0DCD5F2), ref: 00007FF7D0E1B78C
                                                                      • lstrlenW.KERNEL32(?,?,00000000,?,00000001,00000000,?,BundleUpgradeCode,?,00007FF7D0DCD5F2), ref: 00007FF7D0E1B82F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: lstrlen
                                                                      • String ID: BundleUpgradeCode$DWORD Overflow while adding length of string to write REG_MULTI_SZ$Failed to allocate space for string while writing REG_MULTI_SZ$Failed to get total string size in bytes$Failed to set registry value to array of strings (first string of which is): %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp$failed to copy string: %ls
                                                                      • API String ID: 1659193697-1095722736
                                                                      • Opcode ID: 0c8db8c1d647daee6811db65f8cc7edb9aa30ff69f730cd52d0868e6cbdf8dc4
                                                                      • Instruction ID: 19725956989725e6b32b76a4d3bbcf72940484f45414782797e628665fc42717
                                                                      • Opcode Fuzzy Hash: 0c8db8c1d647daee6811db65f8cc7edb9aa30ff69f730cd52d0868e6cbdf8dc4
                                                                      • Instruction Fuzzy Hash: 37519532B1865286E710FB25E48067EA7A5FB88784FD05237DA4D83798DE3CF546C720
                                                                      Function 00007FF7D0DBC44C Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 95stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: lstrlen
                                                                      • String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 1659193697-948137518
                                                                      • Opcode ID: f181f5cfda94b82798c557f91287248f53b5dd61664764472d4e82c33d666d9d
                                                                      • Instruction ID: 9e163919ec2c58c43d8b506e57bb8394465b22f2c41812314a963df52958be70
                                                                      • Opcode Fuzzy Hash: f181f5cfda94b82798c557f91287248f53b5dd61664764472d4e82c33d666d9d
                                                                      • Instruction Fuzzy Hash: CA413221B08742A2EA11FB65A4506BEABA5BF85780FC06133D94D8779DDE6CF501C760
                                                                      Function 00007FF7D0E06790 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                      • String ID: csm$csm$csm
                                                                      • API String ID: 849930591-393685449
                                                                      • Opcode ID: 4a126f0858004de00b91a77098e1360e43e4923f3ec0f1a8572f5c416e274b5d
                                                                      • Instruction ID: 9c4c408795e3f483c6b6e898d916c9020b02388b14d4771a0be872bc53e5a833
                                                                      • Opcode Fuzzy Hash: 4a126f0858004de00b91a77098e1360e43e4923f3ec0f1a8572f5c416e274b5d
                                                                      • Instruction Fuzzy Hash: E5E18272A087418AEB24BB65D4413ADB7A4FB45798FC0613ADE8D67B59CF38F480C760
                                                                      Function 00007FF7D0DF24EC Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: Failed to copy target product code.$Failed to get msp ui options.$Failed to grow array of ordered patches.$Failed to insert execute action.$Failed to plan action for target product.$d:\a\wix4\wix4\src\burn\engine\mspengine.cpp
                                                                      • API String ID: 1825529933-3199010431
                                                                      • Opcode ID: 006059620466686e38a7c9fd1d41e2364172babfd58cf0fbdff7f952d8eb9982
                                                                      • Instruction ID: 346538f3f2f372886ffbd5b9638f583f054ad3b104bf2a935d2c79d895c223f2
                                                                      • Opcode Fuzzy Hash: 006059620466686e38a7c9fd1d41e2364172babfd58cf0fbdff7f952d8eb9982
                                                                      • Instruction Fuzzy Hash: 14A16A72A04B928AEB10DB65D450ABDBBA4FB48B88F819537DE4D9779CDF38E440C710
                                                                      Function 00007FF7D0DC3A28 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 140COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _cwprintf_s_l
                                                                      • String ID: Failed to format component id string.$Failed to format product code string.$Failed to get component path: %d$Failed to set variable.$MsiComponentSearch failed: ID '%ls', HRESULT 0x%x$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                      • API String ID: 2941638530-801477298
                                                                      • Opcode ID: 350c42cbd90b04c8c82ad273313bbf49c97e2b3251a15cd004ff419b6f74c810
                                                                      • Instruction ID: f29d6428afd312f8edfd2c60fea404f84ff3c4c532b31b8513b2ea1aeef29445
                                                                      • Opcode Fuzzy Hash: 350c42cbd90b04c8c82ad273313bbf49c97e2b3251a15cd004ff419b6f74c810
                                                                      • Instruction Fuzzy Hash: 7951C321B086829AEB24FF25D8805BDA661FF48794FD02137EA4D43B9DCF38F9028354
                                                                      Function 00007FF7D0E2532C Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 132registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E24AE4: lstrlenW.KERNEL32(?,?,?,?,?,00007FF7D0E251B3,?,?,?,?,?,?,?,?,?,00007FF7D0DD6BDE), ref: 00007FF7D0E24B23
                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7D0DD6EF8), ref: 00007FF7D0E2550A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Closelstrlen
                                                                      • String ID: Failed to allocate the registry key for dependency "%ls".$Failed to create the dependency registry key "%ls".$Failed to set the %ls registry value to "%ls".$Failed to set the %ls registry value to %d.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp$default
                                                                      • API String ID: 3903209405-1837950187
                                                                      • Opcode ID: b3908cdabd743303d6dbad002227988a35cc7fc4f003525a060f620f80bd6864
                                                                      • Instruction ID: 59fd784d6e7d81904785f648a7bbf018525df3ebe9def70f1af180ec521e9d3a
                                                                      • Opcode Fuzzy Hash: b3908cdabd743303d6dbad002227988a35cc7fc4f003525a060f620f80bd6864
                                                                      • Instruction Fuzzy Hash: 14516D32B18B4285E710BB61E8803AEA3A5BB84788FD0253BEE4D57B5DDF3CE4418750
                                                                      Function 00007FF7D0DE2B54 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 130threadCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateErrorHandleLastThread
                                                                      • String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$Failed to wait for cache thread to complete.$d:\a\wix4\wix4\src\burn\engine\elevation.cpp
                                                                      • API String ID: 747004058-3775864683
                                                                      • Opcode ID: ca1c53fa924775c6f6ee12449f9ceacc72c515e0f1fcd1653ea4ca19c934dd35
                                                                      • Instruction ID: 12a6e4ec5a8bcc7938cffb7f83ef3a04eff026ecf185aad0e7933fb5ad83f9f6
                                                                      • Opcode Fuzzy Hash: ca1c53fa924775c6f6ee12449f9ceacc72c515e0f1fcd1653ea4ca19c934dd35
                                                                      • Instruction Fuzzy Hash: E6514936B08B4189E710EF65E8803ADB3A5F748788F90113AEA8D83B5CDF38E115C754
                                                                      Function 00007FF7D0E25178 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 117registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E24AE4: lstrlenW.KERNEL32(?,?,?,?,?,00007FF7D0E251B3,?,?,?,?,?,?,?,?,?,00007FF7D0DD6BDE), ref: 00007FF7D0E24B23
                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00007FF7D0DD6BDE,?,?,?,?,?,00007FF7D0DD681A), ref: 00007FF7D0E252F4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Closelstrlen
                                                                      • String ID: Failed to allocate the registry key for dependency "%ls".$Failed to get the id for the dependency "%ls".$Failed to get the name for the dependency "%ls".$Failed to get the version for the dependency "%ls".$Failed to open the registry key for the dependency "%ls".$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp
                                                                      • API String ID: 3903209405-4075874421
                                                                      • Opcode ID: 6616bbd3d207f9268811802061da5bacc67caad7e1cc1c494ea4327d1addc9ed
                                                                      • Instruction ID: 88ccc15f2c3f7f666215a9377e3db1a320194a6df6561ee1aa0ccb9dc1a9e001
                                                                      • Opcode Fuzzy Hash: 6616bbd3d207f9268811802061da5bacc67caad7e1cc1c494ea4327d1addc9ed
                                                                      • Instruction Fuzzy Hash: 8941B163B0874686EB10BB61E58017EA2A4FF94B84FD4543BDE1C43799DE3CF8418760
                                                                      Function 00007FF7D0E22528 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 117COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastMove
                                                                      • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp$failed to create directory while moving file: '%ls' to: '%ls'$failed to move file: '%ls' to: '%ls'
                                                                      • API String ID: 55378915-4053860161
                                                                      • Opcode ID: 8a56333aac78ea02363bea58d6479d21a8908410869dbb698a6b8f9587acdc60
                                                                      • Instruction ID: c98a92db3bb7c902af87ae15e4f9c95d45c40fd5e13f33c56c99b9cbcf5702b7
                                                                      • Opcode Fuzzy Hash: 8a56333aac78ea02363bea58d6479d21a8908410869dbb698a6b8f9587acdc60
                                                                      • Instruction Fuzzy Hash: 9F418E22B1874296FB50BB36994023DA295AF84BD0FD4603FDD4E83798DE3CF8518721
                                                                      Function 00007FF7D0E10900 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7D0E10AE4,?,?,00000000,00007FF7D0E0FD27,?,?,?,00007FF7D0E0B769), ref: 00007FF7D0E10A7C
                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7D0E10AE4,?,?,00000000,00007FF7D0E0FD27,?,?,?,00007FF7D0E0B769), ref: 00007FF7D0E10A88
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeLibraryProc
                                                                      • String ID: api-ms-$ext-ms-
                                                                      • API String ID: 3013587201-537541572
                                                                      • Opcode ID: 9729d33b41587ab7f35ee08c5b2844b24fe1ad7c971b0a8f095eaffae6c23831
                                                                      • Instruction ID: 9eecaaf52cfc0c65e0b373fa45e1bb1a0ff14b2630dd6fca3b01d0adccc9097a
                                                                      • Opcode Fuzzy Hash: 9729d33b41587ab7f35ee08c5b2844b24fe1ad7c971b0a8f095eaffae6c23831
                                                                      • Instruction Fuzzy Hash: AE41E422B19B0281FA55FB26A80057DA2A0BF49BA0FC8653BDD1D5778DEE7CF4458331
                                                                      Function 00007FF7D0DB232C Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 111COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to allocate a copy of the source string.$Failed to convert the string case.$Failed to get the length of the string.$Source string is too long: %Iu$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\strutil.cpp
                                                                      • API String ID: 0-2897498883
                                                                      • Opcode ID: 6af81e918d7376661143e580a6c107a6a87637f6b25fbe547b864396dbf8c8cd
                                                                      • Instruction ID: 1ac09cc50e2b1511daafd69b9a2307f1c4765075d22ec3268464f3298d0008fc
                                                                      • Opcode Fuzzy Hash: 6af81e918d7376661143e580a6c107a6a87637f6b25fbe547b864396dbf8c8cd
                                                                      • Instruction Fuzzy Hash: 9741D122B0874296E710BF51A88067EFAA5AB94B90FD0223BC91D47B9DDF3CF5048724
                                                                      Function 00007FF7D0DE9224 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 107registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • RegCloseKey.ADVAPI32(?,?,00000000,?,?,?,?,00007FF7D0DE9567), ref: 00007FF7D0DE9392
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: Failed to build full key path.$Failed to open registry key: %ls.$Failed to read QuietUninstallString.$QuietUninstallString$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$d:\a\wix4\wix4\src\burn\engine\bundlepackageengine.cpp
                                                                      • API String ID: 3535843008-1706903631
                                                                      • Opcode ID: 2b9439b3b14b78849ad5d48e88a30c2fe6a3e6a89a1afee7eaad107850a8e180
                                                                      • Instruction ID: 71e1cac56662ecffb1c366c0b552cccdfe6d6a0db2cdef47b518ecca4cf528e0
                                                                      • Opcode Fuzzy Hash: 2b9439b3b14b78849ad5d48e88a30c2fe6a3e6a89a1afee7eaad107850a8e180
                                                                      • Instruction Fuzzy Hash: B7419E32B0AB4296EB10AF61E4806ADB2A4FB44784FD05137DE9D87B99DF7CE542C710
                                                                      Function 00007FF7D0E221F4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 103fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CopyFileW.KERNEL32(?,?,?,?,-00000002,00000000,00000000,00007FF7D0E223BB), ref: 00007FF7D0E22229
                                                                      • GetLastError.KERNEL32(?,?,?,?,-00000002,00000000,00000000,00007FF7D0E223BB), ref: 00007FF7D0E22237
                                                                      • CopyFileW.KERNEL32(?,?,?,?,-00000002,00000000,00000000,00007FF7D0E223BB), ref: 00007FF7D0E222F1
                                                                      • GetLastError.KERNEL32(?,?,?,?,-00000002,00000000,00000000,00007FF7D0E223BB), ref: 00007FF7D0E222FB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CopyErrorFileLast
                                                                      • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp$failed to copy file: '%ls' to: '%ls'$failed to create directory while copying file: '%ls' to: '%ls'
                                                                      • API String ID: 374144340-3418930266
                                                                      • Opcode ID: 56b12f3c371f34031784fa4cc2fcdf61b4677b6fc3aa8567926891e6ebf0da3d
                                                                      • Instruction ID: 06a4970101fd90de4bad4d308d5d63703b2fc5ee9db7ebdc42186d73cca94a6d
                                                                      • Opcode Fuzzy Hash: 56b12f3c371f34031784fa4cc2fcdf61b4677b6fc3aa8567926891e6ebf0da3d
                                                                      • Instruction Fuzzy Hash: 73415E61B0871292EA20BB76948027DB694BF44B90FC4653FDA4D837A8EF3DF8418764
                                                                      Function 00007FF7D0DD6378 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 100COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: ALL$Failed to add "%ls" to the list of dependencies to ignore.$Failed to add "%ls" to the string dictionary.$Failed to check the dictionary of unique dependencies.$Failed to create the string dictionary.$d:\a\wix4\wix4\src\burn\engine\dependency.cpp
                                                                      • API String ID: 1825529933-461799926
                                                                      • Opcode ID: f6a70afddf6bc7f433e2edca49d94eb57e023312edb37d7a6b9c3fc28c69a44e
                                                                      • Instruction ID: 4b48307b7f10794448e0345aa9d3d08b19b7d7e4ba8022ca51f55c50d801bd69
                                                                      • Opcode Fuzzy Hash: f6a70afddf6bc7f433e2edca49d94eb57e023312edb37d7a6b9c3fc28c69a44e
                                                                      • Instruction Fuzzy Hash: D341A271B0874286F720BB21E4403AEA660BB84B94FC4663BDA4D877D9DF3CF5458760
                                                                      Function 00007FF7D0E27868 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 97registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: An invalid parameter was passed to the function.$Failed to locate and query bundle variable.$Failed to read string shared variable.$Reading bundle variable of type 0x%x not implemented.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp$variables
                                                                      • API String ID: 3535843008-2641142750
                                                                      • Opcode ID: f179bd3d620ea337dc6ae7648bab44f866cb39d89281ff0fab4e64799e5261b4
                                                                      • Instruction ID: 188c1973342e19292952aee45e50d9590fefdf203352595acd45bdc5835f84fb
                                                                      • Opcode Fuzzy Hash: f179bd3d620ea337dc6ae7648bab44f866cb39d89281ff0fab4e64799e5261b4
                                                                      • Instruction Fuzzy Hash: 33419F31B0875286EB10BB21D4946BEA2A1AB84784FD1113BDA8D87799DF3DF941C720
                                                                      Function 00007FF7D0DC38FC Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 80COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _cwprintf_s_l
                                                                      • String ID: Failed to create version from file version.$Failed to format path string.$Failed to get file version.$Failed to set variable.$File search: %ls, did not find path: %ls$d:\a\wix4\wix4\src\burn\engine\search.cpp
                                                                      • API String ID: 2941638530-3858641006
                                                                      • Opcode ID: 3a30915db2c48a586e32f6ed9b0d32fd78c111b923a86346f7d1b8247ef3a0cd
                                                                      • Instruction ID: bb64fd2538a938add1fe32f2f094fc1d0f733acdcc60dc3bf9817be01e81e310
                                                                      • Opcode Fuzzy Hash: 3a30915db2c48a586e32f6ed9b0d32fd78c111b923a86346f7d1b8247ef3a0cd
                                                                      • Instruction Fuzzy Hash: 90319E22B08A5296EB11FF62D4413ADA760EB48798FC02137EA0E87B99DF7CF5418754
                                                                      Function 00007FF7D0E00760 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,00007FF7D0E0142F,?,?,?,?,?,00007FF7D0DE899A), ref: 00007FF7D0E0077F
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00007FF7D0E0142F,?,?,?,?,?,00007FF7D0DE899A), ref: 00007FF7D0E007C0
                                                                      • ReleaseSemaphore.KERNEL32(?,?,?,?,?,00007FF7D0E0142F,?,?,?,?,?,00007FF7D0DE899A), ref: 00007FF7D0E007E7
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00007FF7D0E0142F,?,?,?,?,?,00007FF7D0DE899A), ref: 00007FF7D0E007F1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterErrorLastLeaveReleaseSemaphore
                                                                      • String ID: Failed to enqueue action.$Failed to signal queue semaphore.$d:\a\wix4\wix4\src\burn\engine\externalengine.cpp
                                                                      • API String ID: 540623443-3073591944
                                                                      • Opcode ID: 64961a48ee5c2188e11fef9889a49171b6900b63d59c6242bf9fb24494b36200
                                                                      • Instruction ID: 53c960b3b38656fe56bf3888fc7e65a7e25a2ec017c2dd0a32e6a2fdfc7b370b
                                                                      • Opcode Fuzzy Hash: 64961a48ee5c2188e11fef9889a49171b6900b63d59c6242bf9fb24494b36200
                                                                      • Instruction Fuzzy Hash: D3217A21B0864286E700FF26D48036EA3A5FB88B80FD4903BDA4D837A9DF7CF5458760
                                                                      Function 00007FF7D0E22438 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 60fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
                                                                      • String ID: Failed to delete file: %ls$Failed to remove attributes from file: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                      • API String ID: 3967264933-3778428042
                                                                      • Opcode ID: 1784234101db1dc2e49455ad321c618b1b825b39f8d99023c2e37cfe73bfc7be
                                                                      • Instruction ID: 3b96305363db20f087dcd3ef0430f214a3c2861267995e3308abe04f04d774e5
                                                                      • Opcode Fuzzy Hash: 1784234101db1dc2e49455ad321c618b1b825b39f8d99023c2e37cfe73bfc7be
                                                                      • Instruction Fuzzy Hash: 00218120B0874292E7007BB6E48427EE6A1AF407A0FC0613FD95D837E8EE6CF4048770
                                                                      Function 00007FF7D0E195E8 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 53libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressErrorHandleLastModuleProc
                                                                      • String ID: Failed to check WOW64 process - IsWow64Process2.$IsWow64Process2$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp$kernel32
                                                                      • API String ID: 4275029093-1827600283
                                                                      • Opcode ID: 61359b56e72ec1a02445d8a23ea30af197e097ca23a4187337d9ea88c900ac63
                                                                      • Instruction ID: 00d7e33451cdbc18515d4abc518f0c2c6b5638690b0aad940f3dbc7e9ca148b9
                                                                      • Opcode Fuzzy Hash: 61359b56e72ec1a02445d8a23ea30af197e097ca23a4187337d9ea88c900ac63
                                                                      • Instruction Fuzzy Hash: 6F118421B0875196E710BF66E4801AAF3A0BF88B90FC4113BDA8D83758DF6CF545C724
                                                                      Function 00007FF7D0E1A270 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 38libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0DB1A28: LoadLibraryExW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A58
                                                                        • Part of subcall function 00007FF7D0DB1A28: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A66
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00000000,00007FF7D0DB9613), ref: 00007FF7D0E1A2C8
                                                                      • GetProcAddress.KERNEL32(?,?,?,?,00000000,00007FF7D0DB9613), ref: 00007FF7D0E1A2E3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$ErrorLastLibraryLoad
                                                                      • String ID: AdvApi32.dll$Failed to load AdvApi32.dll$RegDeleteKeyExW$RegGetValueW$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                      • API String ID: 856020675-1672349681
                                                                      • Opcode ID: c85ce38fdfc4f87e5ef05738976b5605533dee84822bdbd8f1f470c84510dcfd
                                                                      • Instruction ID: 0d72ca46224da2a4595b7aec0fbfb3264dd19be393efa2e3dfb40a1dfd28d38f
                                                                      • Opcode Fuzzy Hash: c85ce38fdfc4f87e5ef05738976b5605533dee84822bdbd8f1f470c84510dcfd
                                                                      • Instruction Fuzzy Hash: DB119228A48A1795FA40FB11F9945BDA364EF48744FC07A37D85E82368EF3CB599C720
                                                                      Function 00007FF7D0E285F8 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 202stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,?), ref: 00007FF7D0E2870E
                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,?), ref: 00007FF7D0E2872F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: lstrlen
                                                                      • String ID: Failed to break URL into server and resource parts.$Failed to connect to URL: %ls$Failed to open internet URL: %ls$Failed to send request to URL: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                      • API String ID: 1659193697-573936277
                                                                      • Opcode ID: 6e19d9e7a5cbb421d1c2c5307b88a6b5bce926a522ae4b9e986f48f6518da28c
                                                                      • Instruction ID: 780f5245a4e36e5d09da9494d25aea9090fa9d553cd5afe28ac4f9389fa7e347
                                                                      • Opcode Fuzzy Hash: 6e19d9e7a5cbb421d1c2c5307b88a6b5bce926a522ae4b9e986f48f6518da28c
                                                                      • Instruction Fuzzy Hash: 12815D36B09A5286EB64FF61A5402ADA3A0FB48B84FC4113BDE4D93B98DF3CE505C350
                                                                      Function 00007FF7D0DB9124 Relevance: 12.1, APIs: 8, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle$CriticalDeleteSection
                                                                      • String ID:
                                                                      • API String ID: 2166061224-0
                                                                      • Opcode ID: c166dbbf86232752d0a6f6da6bff20c310b5647220ac60e83a23736501b5ba59
                                                                      • Instruction ID: f44243dd80997a2dd0b4665666ffb4250cbc03be9e3224e3befe5ee593e95ad9
                                                                      • Opcode Fuzzy Hash: c166dbbf86232752d0a6f6da6bff20c310b5647220ac60e83a23736501b5ba59
                                                                      • Instruction Fuzzy Hash: 76712A15A0A582A0FE45FFB1C0617BCA660EF81F58FC82237D91E4A6DE8F5CB4458335
                                                                      Function 00007FF7D0DBA4E0 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 110COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3168844106-1256323647
                                                                      • Opcode ID: 65b1cf21c730bcec377a52bec00012e987b15df618c37247e8e664d92cbaa7ba
                                                                      • Instruction ID: 462fd4b4bbf8223f0d2a50e0107b64af7d9da0bb7f2dfe68c14bc730e929a223
                                                                      • Opcode Fuzzy Hash: 65b1cf21c730bcec377a52bec00012e987b15df618c37247e8e664d92cbaa7ba
                                                                      • Instruction Fuzzy Hash: 1B418F21A18B42A6E720AB16E8407AEABA4BB44B84FC05137DE8C87759DF3DF5458760
                                                                      Function 00007FF7D0E01984 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DE84C5), ref: 00007FF7D0E019BC
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DE84C5), ref: 00007FF7D0E01B1D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: BA requested unknown container with id: %ls$BA requested unknown payload with id: %ls$Engine is active, cannot change engine state.$Failed to set source path for container.$Failed to set source path for payload.$d:\a\wix4\wix4\src\burn\engine\externalengine.cpp
                                                                      • API String ID: 3168844106-1414015681
                                                                      • Opcode ID: 12728bfbfa62a1de040203783b4102649f63744451daea1d2848258fc65b1f99
                                                                      • Instruction ID: e68138c8d573ab4cb67b27add0e99f9226bc780ce42f658cc26c181a75951781
                                                                      • Opcode Fuzzy Hash: 12728bfbfa62a1de040203783b4102649f63744451daea1d2848258fc65b1f99
                                                                      • Instruction Fuzzy Hash: 4D418025B0878295E721BB21E8406AEA2A4FB88B84FD55033DE4C9B79CEF3DF545C750
                                                                      Function 00007FF7D0DB686C Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 95memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$AllocProcess
                                                                      • String ID: Failed to allocate array larger.$Failed to allocate new array.$Failed to get current memory size.$Integer overflow when calculating new block size.$Integer overflow when calculating new element count.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\memutil.cpp
                                                                      • API String ID: 1617791916-4167099675
                                                                      • Opcode ID: a2f9725e89f93331c5c13d81114fbb0b44cb628460378933a860b9ae8ed4a6d2
                                                                      • Instruction ID: 1ef775516e17db07c050ba61959323a1c85e34a79c1e32ec42f9923cf4e48402
                                                                      • Opcode Fuzzy Hash: a2f9725e89f93331c5c13d81114fbb0b44cb628460378933a860b9ae8ed4a6d2
                                                                      • Instruction Fuzzy Hash: F9418F31B08B4296EB10AB02A44067DBAA4FB88B84FD4613BDA4C87799DF7DF9058754
                                                                      Function 00007FF7D0DB685C Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 91memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetProcessHeap.KERNEL32(?,?,?,?,?,?,00000000,00007FF7D0E237B1,?,?,?,?,?,00007FF7D0E24621), ref: 00007FF7D0DB6CAC
                                                                      • HeapAlloc.KERNEL32(?,?,?,?,?,?,00000000,00007FF7D0E237B1,?,?,?,?,?,00007FF7D0E24621), ref: 00007FF7D0DB6CBD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$AllocProcess
                                                                      • String ID: Failed to allocate larger array.$Failed to allocate new array.$Failed to get current memory size.$Integer overflow when calculating new block size.$Integer overflow when calculating new element count.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\memutil.cpp
                                                                      • API String ID: 1617791916-3641055160
                                                                      • Opcode ID: 2e347de48ae5210da34ef6123c449023f60b600317269cd9ec57339e4daf8507
                                                                      • Instruction ID: f41f12e222bc684fae37e1fd4b18f5607851d2b5b1858a4dfaf7ac7b00762579
                                                                      • Opcode Fuzzy Hash: 2e347de48ae5210da34ef6123c449023f60b600317269cd9ec57339e4daf8507
                                                                      • Instruction Fuzzy Hash: E031B021B0864292EB10EB51A44027DBEB5EB88B80FD4A03BD94C8779DEF7CF941C324
                                                                      Function 00007FF7D0DE17C0 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 307synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close$HandleMutexRelease
                                                                      • String ID: ElevatedOnExecuteActionComplete failed.$Failed to save state.$Unexpected elevated message sent to child process, msg: %u$d:\a\wix4\wix4\src\burn\engine\elevation.cpp
                                                                      • API String ID: 2585119886-3943832688
                                                                      • Opcode ID: ffb922df0ff9cc24ae47539712bd65e4019c4a6e29a6c7f79b9ae3f81cd1124c
                                                                      • Instruction ID: 5f7f1bfa8b488b0b31b65d82123aae08ed4ef4977bc36708d8fee1d5e8a786e0
                                                                      • Opcode Fuzzy Hash: ffb922df0ff9cc24ae47539712bd65e4019c4a6e29a6c7f79b9ae3f81cd1124c
                                                                      • Instruction Fuzzy Hash: 82E1307AB08B4286D664EF19D08016DB7A0F749F94B946137DE8D83758CF39F892C760
                                                                      Function 00007FF7D0DBE8D8 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 184COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CompareStringW.KERNEL32(?,?,00000008,00000008,00000000,00000000,?,00007FF7D0DBE5E7,?,?,?,?,?,?,00000000,?), ref: 00007FF7D0DBEA6B
                                                                      • CompareStringW.KERNEL32(?,?,00000008,00000008,00000000,00000000,?,00007FF7D0DBE5E7,?,?,?,?,?,?,00000000,?), ref: 00007FF7D0DBEAD5
                                                                      • CompareStringW.KERNEL32(?,?,00000008,00000008,00000000,00000000,?,00007FF7D0DBE5E7,?,?,?,?,?,?,00000000,?), ref: 00007FF7D0DBEB14
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: Failed to get length of left string: %ls$Failed to get length of right string: %ls$d:\a\wix4\wix4\src\burn\engine\condition.cpp
                                                                      • API String ID: 1825529933-3020116174
                                                                      • Opcode ID: 828d9cac5596a1cb5244e65540a33104c785a6212337f67503ff0c4215d153ee
                                                                      • Instruction ID: fe7f53dc3aa1a1fbb7a3f9c1496fce7294074bb47a4c040cc5e2c2f7c13725b5
                                                                      • Opcode Fuzzy Hash: 828d9cac5596a1cb5244e65540a33104c785a6212337f67503ff0c4215d153ee
                                                                      • Instruction Fuzzy Hash: C9614B22F0C7429AEB647B19A44167EE975BB44B80FD42137ED4D43B89CE3CF5848752
                                                                      Function 00007FF7D0DD2310 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 134sleepCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID: Failed to calculate cache path.$Failed to get %hs package cache root directory.$Failed to get old %hs package cache root directory.$d:\a\wix4\wix4\src\burn\engine\cache.cpp$per-machine$per-user
                                                                      • API String ID: 3472027048-1762823252
                                                                      • Opcode ID: a8642dd887b69f5c125bcb68c35331264a0b67a434779cab1735db4b61c82edd
                                                                      • Instruction ID: 50edfe765ddc346f6159fba9caafee1791bf026755beaaadde8aa3119aaf5424
                                                                      • Opcode Fuzzy Hash: a8642dd887b69f5c125bcb68c35331264a0b67a434779cab1735db4b61c82edd
                                                                      • Instruction Fuzzy Hash: CB518121B08B4282E710AB55E8403BEA6A0FB95B80FD46137EE4D8779DDF3DF5448764
                                                                      Function 00007FF7D0E1B11C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 132COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _invalid_parameter_noinfo
                                                                      • String ID: Error reading wix version registry value due to unexpected data type: %u$Failed to convert registry string to wix version.$Failed to copy QWORD wix version value.$Failed to read wix version registry value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                      • API String ID: 3215553584-1929277467
                                                                      • Opcode ID: 3f5e865de9b2309ef8e9ddfd12c0966e87e208405f892668fdec9245928c6d8d
                                                                      • Instruction ID: dc26c6540c6182cd8e57a069ee3715928d0dfb5233976045879dff59a6fd7e4b
                                                                      • Opcode Fuzzy Hash: 3f5e865de9b2309ef8e9ddfd12c0966e87e208405f892668fdec9245928c6d8d
                                                                      • Instruction Fuzzy Hash: 88518B22F18A2295FB11FB61E4447BDA2A4AB08784FD02137DA0C97B99DF3CF545C761
                                                                      Function 00007FF7D0E288F4 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 130COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0E28778), ref: 00007FF7D0E289E8
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0E28778), ref: 00007FF7D0E28A54
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast
                                                                      • String ID: Failed to add header to HTTP request.$Failed to allocate string for resource URI.$Failed to append query strong to resource from URI.$Failed to open internet request.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                      • API String ID: 1452528299-283382383
                                                                      • Opcode ID: 8de55f3ae9f41a753a187427e9074a637fe2a1917d09737b3883c974e6877e4f
                                                                      • Instruction ID: 3593072560d46a60675159d26fa43679e9f8b87f38c6ba6a7e1956d45b1082c3
                                                                      • Opcode Fuzzy Hash: 8de55f3ae9f41a753a187427e9074a637fe2a1917d09737b3883c974e6877e4f
                                                                      • Instruction Fuzzy Hash: 3C51B125B0974286EB60BF35E59027DA2A4FB84B80FD4613BDA4D83B98DF3CF4418720
                                                                      Function 00007FF7D0E2D1C0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 102COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast
                                                                      • String ID: Failed to allocate memory for value.$Failed to allocate value.$Failed to get query information.$Failed to get size of value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\inetutil.cpp
                                                                      • API String ID: 1452528299-3024109871
                                                                      • Opcode ID: 432a63f09e13db5913904e10d436679de2194ba7f5563b937935c80f7e19b7d6
                                                                      • Instruction ID: 73809f978e003a018d7f2a4b59404a1a651049aa079a6ddca7913dba3c7b0445
                                                                      • Opcode Fuzzy Hash: 432a63f09e13db5913904e10d436679de2194ba7f5563b937935c80f7e19b7d6
                                                                      • Instruction Fuzzy Hash: A8413E22B08B528AEB10FF75D8803ADA264FB44754FD06537EA4D83799EF3CE9458360
                                                                      Function 00007FF7D0DCB728 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 97registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,00000000,?,00007FF7D0DCDE80), ref: 00007FF7D0DCB7E4
                                                                      • RegCloseKey.ADVAPI32(?,?,00000000,?,?,00000000,?,00007FF7D0DCDE80), ref: 00007FF7D0DCB7FA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCompareString
                                                                      • String ID: Failed to format key for update registration.$Failed to remove update registration key: %ls$PackageVersion$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                      • API String ID: 446873843-2063007608
                                                                      • Opcode ID: d6d396d13562225db2789f8fa468a88df21c736f48f4e58ca14962d51bc4915e
                                                                      • Instruction ID: e4aeb1802e233bf3b0847c285ada4c6c667c104e39f8510d977a93ab8a7fa40e
                                                                      • Opcode Fuzzy Hash: d6d396d13562225db2789f8fa468a88df21c736f48f4e58ca14962d51bc4915e
                                                                      • Instruction Fuzzy Hash: 63418472704A4285E710BF26E8805EEA7A4FF44794FD42137EE4D43B58CF38E4958764
                                                                      Function 00007FF7D0DE6C10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 97fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite_invalid_parameter_noinfo
                                                                      • String ID: Failed to write during cabinet extraction.$Unexpected call to CabWrite().$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 3310095896-1065166858
                                                                      • Opcode ID: ead9ef68f29bf91b0e492b5584c8c6c1b7f7d2b7fac38f4e804195d5fd60e6d8
                                                                      • Instruction ID: a557f3b242a08214f54e9be5b4c0d2c159d318918c4e9a234d08a89be0629901
                                                                      • Opcode Fuzzy Hash: ead9ef68f29bf91b0e492b5584c8c6c1b7f7d2b7fac38f4e804195d5fd60e6d8
                                                                      • Instruction Fuzzy Hash: FA417F32A0864186E715BF26E44027EBBA4EB84B80FD4513BDA8D437A9DE3CF441CB60
                                                                      Function 00007FF7D0E05A48 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7D0E05CFA,?,?,?,00007FF7D0E059EC,?,?,00000001,00007FF7D0E05609), ref: 00007FF7D0E05ACD
                                                                      • GetLastError.KERNEL32(?,?,?,00007FF7D0E05CFA,?,?,?,00007FF7D0E059EC,?,?,00000001,00007FF7D0E05609), ref: 00007FF7D0E05ADB
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,00007FF7D0E05CFA,?,?,?,00007FF7D0E059EC,?,?,00000001,00007FF7D0E05609), ref: 00007FF7D0E05B05
                                                                      • FreeLibrary.KERNEL32(?,?,?,00007FF7D0E05CFA,?,?,?,00007FF7D0E059EC,?,?,00000001,00007FF7D0E05609), ref: 00007FF7D0E05B4B
                                                                      • GetProcAddress.KERNEL32(?,?,?,00007FF7D0E05CFA,?,?,?,00007FF7D0E059EC,?,?,00000001,00007FF7D0E05609), ref: 00007FF7D0E05B57
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                      • String ID: api-ms-
                                                                      • API String ID: 2559590344-2084034818
                                                                      • Opcode ID: 08018f21f8617a4dacf9eface6334f904502aebd59fffcb16951ed386b492948
                                                                      • Instruction ID: 2451274628501e7ea02251a0b51fa5e6836e3df0da4a7f9ade273442ff80c539
                                                                      • Opcode Fuzzy Hash: 08018f21f8617a4dacf9eface6334f904502aebd59fffcb16951ed386b492948
                                                                      • Instruction Fuzzy Hash: 1631C822B1A60291EE15BB16A40057EF394BF48B60FD9653BDD2D6B398EF3CF4418760
                                                                      Function 00007FF7D0E02A60 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 86COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _cwprintf_s_l
                                                                      • String ID: Failed to process embedded error message.$Failed to process embedded progress message.$Failed to read progress from buffer.$Unexpected embedded message received from child process, msg: %u$d:\a\wix4\wix4\src\burn\engine\embedded.cpp
                                                                      • API String ID: 2941638530-290268795
                                                                      • Opcode ID: f150b6d17818cf0868cfad16b6f64537d1982fad17cda18cf2ddb128778faed1
                                                                      • Instruction ID: 3e241583c39854ad996adaf7e3604676eb842d126d6d3aebf2a5ef61d39012c4
                                                                      • Opcode Fuzzy Hash: f150b6d17818cf0868cfad16b6f64537d1982fad17cda18cf2ddb128778faed1
                                                                      • Instruction Fuzzy Hash: A3317F32B18A4286E710BF25E4805AEB7A0FB88744FD0513BEA4D57759DF3DE546CB10
                                                                      Function 00007FF7D0E00AA8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 77COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • IsWindow.USER32 ref: 00007FF7D0E00B0D
                                                                        • Part of subcall function 00007FF7D0DB6828: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7D0DB2158,?,?,?,?,?,?,00000000,00007FF7D0DB1F49,?,?,?,00000000), ref: 00007FF7D0DB683C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: HeapProcessWindow
                                                                      • String ID: BA passed NULL hwndParent to Apply.$BA passed invalid hwndParent to Apply.$Failed to alloc BOOTSTRAPPER_ENGINE_ACTION$Failed to enqueue apply action.$d:\a\wix4\wix4\src\burn\engine\externalengine.cpp
                                                                      • API String ID: 3425539833-3904185537
                                                                      • Opcode ID: 71b21d6c9f589a1c8cfd6549867f09887fbbf0d5980dfde79ff30fbf9f77b44a
                                                                      • Instruction ID: 7b312edcfcef396f71779ce2e95cac8963f86e0ab1058301fffab08e0a894ff7
                                                                      • Opcode Fuzzy Hash: 71b21d6c9f589a1c8cfd6549867f09887fbbf0d5980dfde79ff30fbf9f77b44a
                                                                      • Instruction Fuzzy Hash: 7131AD24B0860282EA10FF11E48027EE6A5FF89794FE46137D54C8779DEE3CF5408B60
                                                                      Function 00007FF7D0DD2520 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesErrorFileInitializeLast
                                                                      • String ID: Failed to allocate administrator SID.$Failed to initialize ACL.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 669721577-2625618253
                                                                      • Opcode ID: 8e59cbe473a6e253b4a6c021cd947ae2fa7331b7bef28d00b1e9d5ef92eba84c
                                                                      • Instruction ID: c3c153312049afc77fce3c0be1c0be0613a0b790e31c03508a24a4a38cde72dd
                                                                      • Opcode Fuzzy Hash: 8e59cbe473a6e253b4a6c021cd947ae2fa7331b7bef28d00b1e9d5ef92eba84c
                                                                      • Instruction Fuzzy Hash: BE319E32B1870282F710AF22E48076EA6A1FB94B84FD55136DA4D877A9DF3CF5058B20
                                                                      Function 00007FF7D0DB3250 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 75windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFormatFreeLastLocalMessage
                                                                      • String ID: Failed to allocate string for message.$Failed to format message for error: 0x%x$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\strutil.cpp
                                                                      • API String ID: 1365068426-3351270200
                                                                      • Opcode ID: 17f0db0e33cdc373b52a48f3b47251fb9951c13d4449b801879dc6a0def0b33a
                                                                      • Instruction ID: 63208d18239c35105c8eea18567a3c2ad4f12f8948a692d037beda7f86ad5236
                                                                      • Opcode Fuzzy Hash: 17f0db0e33cdc373b52a48f3b47251fb9951c13d4449b801879dc6a0def0b33a
                                                                      • Instruction Fuzzy Hash: 9D31AF32718B0192E711AF15E8947AE76A1BB88780FD0113BDA4D87789DF3DE905C724
                                                                      Function 00007FF7D0E234C4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 75fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCreateErrorFileHandleLast
                                                                      • String ID: Failed to open file: %ls$Failed to write to file: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                      • API String ID: 2528220319-1719111557
                                                                      • Opcode ID: 99d3e8ec0696c0884044644f8efd2176d13fc7ed8831a43601569a475fb69c97
                                                                      • Instruction ID: f6bfa37aef64b22f671596f1744f202c8a90bafc5bab895963f81eef58cfe197
                                                                      • Opcode Fuzzy Hash: 99d3e8ec0696c0884044644f8efd2176d13fc7ed8831a43601569a475fb69c97
                                                                      • Instruction Fuzzy Hash: AF317032B0864186E710BF36E8442ADB6A1AB84BB0FD4133ADA6D477D9CF3CE505CB50
                                                                      Function 00007FF7D0E18B90 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 69registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: EnableLUA$Failed to open system policy key to detect UAC.$Failed to read registry value to detect UAC.$SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\osutil.cpp
                                                                      • API String ID: 3535843008-1917839530
                                                                      • Opcode ID: ab227e1c5cbeceff8f994714367ef5a57d6a6f502aac8a07237b6a665288bc0c
                                                                      • Instruction ID: dc0e9733bce7ef134f47233995061a32f7e2bd9de83cdab9a9b40c3fec53daae
                                                                      • Opcode Fuzzy Hash: ab227e1c5cbeceff8f994714367ef5a57d6a6f502aac8a07237b6a665288bc0c
                                                                      • Instruction Fuzzy Hash: C321BD62B096028AEB10BB60E5817BEE264EB44740FE41533DA5D827A8DF6CF844C672
                                                                      Function 00007FF7D0E1F5A8 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$AllocFree
                                                                      • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed to allocate bstr for XPath expression in XmlSelectNodes$pixnParent parameter was null in XmlSelectNodes$ppixnChild parameter was null in XmlSelectNodes
                                                                      • API String ID: 344208780-3683195698
                                                                      • Opcode ID: c50f91a02a9ba2c650dd86bb3b8c46904f23a4c66dfbbd1e2e9d3105a309bc45
                                                                      • Instruction ID: c3b16c99515d1e88c23a837e19e48ca1d35205919304819adb6a525c5cf0dbab
                                                                      • Opcode Fuzzy Hash: c50f91a02a9ba2c650dd86bb3b8c46904f23a4c66dfbbd1e2e9d3105a309bc45
                                                                      • Instruction Fuzzy Hash: A621A525B1860292EA10BB16E58017DE7A5AF88B90FD45137C90C837ADDF3CF90587A4
                                                                      Function 00007FF7D0E1F6BC Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 68memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$AllocFree
                                                                      • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed to allocate bstr for XPath expression in XmlSelectSingleNode$pixnParent parameter was null in XmlSelectSingleNode$ppixnChild parameter was null in XmlSelectSingleNode
                                                                      • API String ID: 344208780-1462723567
                                                                      • Opcode ID: 6b157b56f3b9731659039f7257b84d39456d127d90d4d0a58a4fdd0394a5ea7c
                                                                      • Instruction ID: bf79e6563d2437c6deadbd34a95485727da22bd744825fa22065815e6dbf7d75
                                                                      • Opcode Fuzzy Hash: 6b157b56f3b9731659039f7257b84d39456d127d90d4d0a58a4fdd0394a5ea7c
                                                                      • Instruction Fuzzy Hash: 8B21A025B18A0282EB10BB16E88417DE6B5AF88B90FD41137D94D837ADDF3CF906C764
                                                                      Function 00007FF7D0E0E140 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Value$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 2506987500-0
                                                                      • Opcode ID: ceea9ac769fb214935b2432e45667e585b16961fe368f67a92c4c593ab1c1345
                                                                      • Instruction ID: a030285cb1e843bf73ef0fad651f8e9b090edde67664f60a23f2d89f1f395505
                                                                      • Opcode Fuzzy Hash: ceea9ac769fb214935b2432e45667e585b16961fe368f67a92c4c593ab1c1345
                                                                      • Instruction Fuzzy Hash: CB214930E0E24282FA68B7716A4153DE2526F447F0FC4263AE83E1A7DEDE6CB4418231
                                                                      Function 00007FF7D0E1624C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                      • String ID: CONOUT$
                                                                      • API String ID: 3230265001-3130406586
                                                                      • Opcode ID: eaaa479d72015e632d8ee55f5a571fbad3eebd4925cdca1ed9c1269a34c0d8eb
                                                                      • Instruction ID: 068df81946ac7f4ffdc2664155887ddaa275d2110ef9d62df9e007862b376347
                                                                      • Opcode Fuzzy Hash: eaaa479d72015e632d8ee55f5a571fbad3eebd4925cdca1ed9c1269a34c0d8eb
                                                                      • Instruction Fuzzy Hash: 8A116631B18A4186E750BB66F84472DE2A0FB49BE4FC45239D95E477A8CF7CE8448760
                                                                      Function 00007FF7D0E24824 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45comCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFromInstanceProg
                                                                      • String ID: Failed to create instance of Microsoft.Update.AutoUpdate.$Failed to get CLSID for Microsoft.Update.AutoUpdate.$Microsoft.Update.AutoUpdate$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\wuautil.cpp
                                                                      • API String ID: 2151042543-594154128
                                                                      • Opcode ID: ad0ded6dfa0d0fe83d532d465e80f50d1354fc709d76dd964e1c87672f85a841
                                                                      • Instruction ID: 4602c1effd17c71db1375ceef2e9828a461229c6017a082fa8833dbc1e7ae32d
                                                                      • Opcode Fuzzy Hash: ad0ded6dfa0d0fe83d532d465e80f50d1354fc709d76dd964e1c87672f85a841
                                                                      • Instruction Fuzzy Hash: 8B113A31B18B4282EB14AB21E4551AEB3A5FB48784FC01637D65D83758EF3DF545CB60
                                                                      Function 00007FF7D0E18178 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7D0DB99F2), ref: 00007FF7D0E18187
                                                                      • FlushFileBuffers.KERNEL32(?,?,?,?,00000000,00007FF7D0DB99F2), ref: 00007FF7D0E1819F
                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF7D0DB99F2), ref: 00007FF7D0E181A9
                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00007FF7D0DB99F2), ref: 00007FF7D0E1820F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$BuffersEnterErrorFileFlushLastLeave
                                                                      • String ID: Failed to flush log file buffers.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\logutil.cpp
                                                                      • API String ID: 1143292862-3789970458
                                                                      • Opcode ID: c3a2b53d9f415d193179b3a4f2a41519db370e4a7151b46eb95b709d6bdc05f7
                                                                      • Instruction ID: ca67effcd78f7e04e2531cd02b1fc82e7cdedf609f377c2c3eba8657f66b37ab
                                                                      • Opcode Fuzzy Hash: c3a2b53d9f415d193179b3a4f2a41519db370e4a7151b46eb95b709d6bdc05f7
                                                                      • Instruction Fuzzy Hash: 03113335B1860296E704FB25E89457DA260EF54720FC0163BD96E837E8DF2CF5458324
                                                                      Function 00007FF7D0E1AA18 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 147COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to allocate copy of string$Failed to read string array registry value.$Failed to resize array while reading REG_MULTI_SZ value$Tried to read string array, but registry value %ls is of an incorrect type$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                      • API String ID: 0-1394792213
                                                                      • Opcode ID: 2845a2eca8190fc825bdf4c2de5cd817193d5c2a8569c637c2e8d9166d994a2e
                                                                      • Instruction ID: dae4c61172ce0d8f3fea77b6ca55cc5e5f258d56ff475d2adaa4dda4ee0edaf0
                                                                      • Opcode Fuzzy Hash: 2845a2eca8190fc825bdf4c2de5cd817193d5c2a8569c637c2e8d9166d994a2e
                                                                      • Instruction Fuzzy Hash: 52519026B0C65196EB20FB02E4448BEB3A5FB44784FD86177DA5D43758DE39F886C321
                                                                      Function 00007FF7D0E24AE4 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 89stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • lstrlenW.KERNEL32(?,?,?,?,?,00007FF7D0E251B3,?,?,?,?,?,?,?,?,?,00007FF7D0DD6BDE), ref: 00007FF7D0E24B23
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: lstrlen
                                                                      • String ID: Failed to add the string lengths together.$Failed to allocate string for dependency registry root.$Failed to concatenate the dependency key name.$Failed to get string length of dependency name.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\deputil.cpp
                                                                      • API String ID: 1659193697-632153430
                                                                      • Opcode ID: 2cc67852e8f95ee93908093c7b7bbad6886a93b86f74882d23a6ff7b7896c99d
                                                                      • Instruction ID: a5cdc8da671d2aa5ef114b18cce1c230211ad99f514adbf1e134cac501b7dabc
                                                                      • Opcode Fuzzy Hash: 2cc67852e8f95ee93908093c7b7bbad6886a93b86f74882d23a6ff7b7896c99d
                                                                      • Instruction Fuzzy Hash: 0E319CA5B08A4285FA10BB21A88427DE361AB55B90FD4663BD90D57BA9DF3CF5018320
                                                                      Function 00007FF7D0E05408 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                      • String ID: csm$f
                                                                      • API String ID: 2395640692-629598281
                                                                      • Opcode ID: 086aeb89ba7506c75159e1eb5d45745d141201e07396e1855dd07762cfd4d523
                                                                      • Instruction ID: 32edb4fb79dc10d1f7203d8128fec567629bd0cc6823cdab4de667c1dfd16b72
                                                                      • Opcode Fuzzy Hash: 086aeb89ba7506c75159e1eb5d45745d141201e07396e1855dd07762cfd4d523
                                                                      • Instruction Fuzzy Hash: DF51B433A1960286D714FB11E804A6EB796FB41B88FD09432DA5A5378CDF38F841C7A0
                                                                      Function 00007FF7D0DF29EC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 137COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _cwprintf_s_l
                                                                      • String ID: 0x%x: Patch applicability failed for package: %ls$Failed to add target product code to package: %ls$Failed to get possible target product codes.$d:\a\wix4\wix4\src\burn\engine\mspengine.cpp
                                                                      • API String ID: 2941638530-739273070
                                                                      • Opcode ID: be0c9635f98b7da53d35feaf6361db566bd3927b226d5d0e0fe298cbada5012e
                                                                      • Instruction ID: 8be2217f1f6d109b13ba40fe6b54de83475da9923db57613465f7ae488cb2603
                                                                      • Opcode Fuzzy Hash: be0c9635f98b7da53d35feaf6361db566bd3927b226d5d0e0fe298cbada5012e
                                                                      • Instruction Fuzzy Hash: 5E516F62B186829AEB60EF55D4406BDABA0FB44780FC09137DA4D4779DDE3CF5418B20
                                                                      Function 00007FF7D0E2CC0C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 136timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Time$ErrorFileLastSystem
                                                                      • String ID: Failed to convert system time to file time.$Failed to copy time.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\timeutil.cpp
                                                                      • API String ID: 2781989572-3665659033
                                                                      • Opcode ID: 37ad6dff223e53861aa53ec089d9ad7d0eadb7ccd95b032e4f49e84d77445f53
                                                                      • Instruction ID: aac9c1942b2f56701a41b124121248b6247f6e40c4f84946aba6dd0a046f29d1
                                                                      • Opcode Fuzzy Hash: 37ad6dff223e53861aa53ec089d9ad7d0eadb7ccd95b032e4f49e84d77445f53
                                                                      • Instruction Fuzzy Hash: A951D026B1861155F710FB76C8006BEA6A5AF84780FC0A83BDD0D57B9DDE3CF502A760
                                                                      Function 00007FF7D0E1725C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: memcpy_s
                                                                      • String ID: Failed to ensure buffer size.$Failed to get string size.$Failed to write string to buffer: '%hs', error: %d$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\buffutil.cpp
                                                                      • API String ID: 1502251526-3750679403
                                                                      • Opcode ID: 0238bf193b6539d9e9d73b1e8e20575478c8a88195f2f66bdf14cccf388a0edc
                                                                      • Instruction ID: dc9232f1757b2987a33596ac06c714892327196ff30e9262a306c6ca7dd45762
                                                                      • Opcode Fuzzy Hash: 0238bf193b6539d9e9d73b1e8e20575478c8a88195f2f66bdf14cccf388a0edc
                                                                      • Instruction Fuzzy Hash: 4941B171B18B5281EB10BF16A88056DEAA5ABA4BC0FD46137DE8D47B5DDE3CF5018720
                                                                      Function 00007FF7D0E033C8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: EventHeapMutexObjectProcessReleaseSingleWait
                                                                      • String ID: Failed to allocate buffer.$d:\a\wix4\wix4\src\burn\engine\netfxchainer.cpp
                                                                      • API String ID: 3023235355-1881421891
                                                                      • Opcode ID: 556f41dd4f3ca94d5e7a6eee109a7b49bdf945a2b9cc495b3c3d4134c070b406
                                                                      • Instruction ID: ef273af3e9047a0d1557dec53c58e6f6104504c077cc361bec68f71179cb6bc5
                                                                      • Opcode Fuzzy Hash: 556f41dd4f3ca94d5e7a6eee109a7b49bdf945a2b9cc495b3c3d4134c070b406
                                                                      • Instruction Fuzzy Hash: 0341AC32B14B4186DB20EF22E48496DB7A9F788B80BD1513ADE6E47759DF3DE801C710
                                                                      Function 00007FF7D0DD67F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: Failed dependents check on bundle.$Failed to detect provider key bundle id.$d:\a\wix4\wix4\src\burn\engine\dependency.cpp
                                                                      • API String ID: 1825529933-872169753
                                                                      • Opcode ID: 209f9745823d27a06de787e9e286e9e20dd26383dd689a435e27eee22fd124d2
                                                                      • Instruction ID: 741630c999ebec7d8ed8ae4cc5f48eb3f0e491cc721ca277c2c980686a355cbe
                                                                      • Opcode Fuzzy Hash: 209f9745823d27a06de787e9e286e9e20dd26383dd689a435e27eee22fd124d2
                                                                      • Instruction Fuzzy Hash: 0341A136608B4286E724AB21E44016FB7A0F748764FD4123BDAAD437A8DF3CF561CB64
                                                                      Function 00007FF7D0DB7168 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to get full path for: %ls$Failed to get parent directory for path: %ls$Full path was not rooted: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dirutil.cpp
                                                                      • API String ID: 0-281674368
                                                                      • Opcode ID: 6a1ff9a787268e86ce2580ab7aa86bafc4138252a5880f7ff1da44d68e4ee0ca
                                                                      • Instruction ID: a273465857da1f13d04331a57c9b64cf8eee68bd829af49cf498bc0eb13e090d
                                                                      • Opcode Fuzzy Hash: 6a1ff9a787268e86ce2580ab7aa86bafc4138252a5880f7ff1da44d68e4ee0ca
                                                                      • Instruction Fuzzy Hash: 4B316225618B5296EB50AF61E8805BDAB70FB84788FC42137FA4E87B5CDF3CE4418714
                                                                      Function 00007FF7D0E27748 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 85registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E1A674: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,00000000,00007FF7D0E1A66D), ref: 00007FF7D0E1A6C1
                                                                      • RegCloseKey.ADVAPI32 ref: 00007FF7D0E27853
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpen
                                                                      • String ID: Failed to enumerate uninstall key for related bundles.$Failed to open uninstall registry key.$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp
                                                                      • API String ID: 47109696-4270664815
                                                                      • Opcode ID: abfa968a3838170a03bcec5cb91691b2c04fb953a0e53dcfb26725f118cbfae8
                                                                      • Instruction ID: 64e5d40a9f7074dc9fec451200938412efe2c5f4af7283c0b966f30a502972e1
                                                                      • Opcode Fuzzy Hash: abfa968a3838170a03bcec5cb91691b2c04fb953a0e53dcfb26725f118cbfae8
                                                                      • Instruction Fuzzy Hash: 70319231B086628AE724BF71D8447BDA250EF48758FD4223BEA8E46799DF2CF544C264
                                                                      Function 00007FF7D0DCC400 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 84registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: Failed to open registration key.$Failed to read Resume value.$Resume$d:\a\wix4\wix4\src\burn\engine\registration.cpp
                                                                      • API String ID: 3535843008-1502274520
                                                                      • Opcode ID: f976fa11440065c55ac10412ba73a640255b23db32f0d8daa6d743e15ae71288
                                                                      • Instruction ID: cc1dc6cacb27db2da2cae0820ddbca93127ca68c4901567e8a75120437cd296f
                                                                      • Opcode Fuzzy Hash: f976fa11440065c55ac10412ba73a640255b23db32f0d8daa6d743e15ae71288
                                                                      • Instruction Fuzzy Hash: C7318D72A1C60386E714AF54D49437EA6A0EB98740FD4A037CB0D87798EF7DF85087A4
                                                                      Function 00007FF7D0E194B4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastLookupPrivilegeValue
                                                                      • String ID: Failed to get privilege LUID: %ls$Failed to get token privilege information.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp
                                                                      • API String ID: 2626710698-2191672025
                                                                      • Opcode ID: 0f9ad4d970d9446047e9849770d53fd860c90eea085f753fc5579f6452419e5e
                                                                      • Instruction ID: 27dce2a92418e7b02c68eafcd9f4dbd50e813e3c03adc4dd8459d48d78f06876
                                                                      • Opcode Fuzzy Hash: 0f9ad4d970d9446047e9849770d53fd860c90eea085f753fc5579f6452419e5e
                                                                      • Instruction Fuzzy Hash: 3B317A32B087429AEB11AF15E5803ADB7A1EB44B50FC05136DA8D83B99DF7CF841C761
                                                                      Function 00007FF7D0DD11B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 73COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0DB6828: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7D0DB2158,?,?,?,?,?,?,00000000,00007FF7D0DB1F49,?,?,?,00000000), ref: 00007FF7D0DB683C
                                                                      • CreateWellKnownSid.ADVAPI32(?,?,?,?,00000000,00007FF7D0DD22AD), ref: 00007FF7D0DD1237
                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF7D0DD22AD), ref: 00007FF7D0DD1241
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateErrorHeapKnownLastProcessWell
                                                                      • String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 2057720986-3368738088
                                                                      • Opcode ID: 2a7c194cf9e0d63946a12173f8ba8cb6ce4333da95bd6511e095d851b584356c
                                                                      • Instruction ID: d8fdef77175a295c77714413f77b554853bb297c949ad0cfb334cb315786ce0f
                                                                      • Opcode Fuzzy Hash: 2a7c194cf9e0d63946a12173f8ba8cb6ce4333da95bd6511e095d851b584356c
                                                                      • Instruction Fuzzy Hash: 4931A235B08B0296E710BF15A8812AEFAA1FB84B80FC5513BDA4D83759DF3DF5058768
                                                                      Function 00007FF7D0DB17DC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WaitForMultipleObjects.KERNEL32(?,?,?,?,?,?,?,00007FF7D0DE76DD), ref: 00007FF7D0DB17EA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: MultipleObjectsWait
                                                                      • String ID: Abandoned wait for multiple objects, index: %u.$Failed to wait for multiple objects.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp
                                                                      • API String ID: 862713236-4067188417
                                                                      • Opcode ID: d08c2dc520f26964a74738974aea1c32f589d025185e562ae34312eab7a6ab98
                                                                      • Instruction ID: ffa842b7bb0e12f3e3de09760335ee4bdf4a408f7507380b23ab02deaa6a6ce1
                                                                      • Opcode Fuzzy Hash: d08c2dc520f26964a74738974aea1c32f589d025185e562ae34312eab7a6ab98
                                                                      • Instruction Fuzzy Hash: 23318235B08702A7E710AF66D4C03ADA6A1BB94740FE0523BD54E837A9DF3CF9058764
                                                                      Function 00007FF7D0DD5354 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: _cwprintf_s_l
                                                                      • String ID: Failed to combine completed path with engine file name for layout.$Failed to layout bundle from: '%ls' to '%ls'$Layout bundle from: '%ls' to: '%ls'$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 2941638530-2807656380
                                                                      • Opcode ID: 857c775585f62fc161abfb204963deb6b189b046421a73eab6c55891603ddffa
                                                                      • Instruction ID: 46d7b826576557f87feaf27aa0a10d47c80a11fa60fb5ea40d3cb13bbc1afec8
                                                                      • Opcode Fuzzy Hash: 857c775585f62fc161abfb204963deb6b189b046421a73eab6c55891603ddffa
                                                                      • Instruction Fuzzy Hash: F4314332708B8181EB10AB11E4807AEB664FB88BC4FD05137EA8D87B5DDF3DE5418B14
                                                                      Function 00007FF7D0E21538 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FolderPath
                                                                      • String ID: Failed to backslash terminate shell folder path: %ls$Failed to copy shell folder path: %ls$Failed to get folder path for CSIDL: %d$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\shelutil.cpp
                                                                      • API String ID: 1514166925-3657258693
                                                                      • Opcode ID: 60d10c7153b133880202fdfd95280996240e265f9bc5e10635a585a269809676
                                                                      • Instruction ID: 826b555f153078b7059f08445de9ad2218e1934fdb2af82b25e8e1842b4184ad
                                                                      • Opcode Fuzzy Hash: 60d10c7153b133880202fdfd95280996240e265f9bc5e10635a585a269809676
                                                                      • Instruction Fuzzy Hash: C121303671CB5192E720AB21E4956AEB3A4FB88740FC01137DA4D83B59DF3DE5018B50
                                                                      Function 00007FF7D0E29880 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeString
                                                                      • String ID: Already processed this value.$Failed to allocate value.$Failed to get value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp
                                                                      • API String ID: 3341692771-474062544
                                                                      • Opcode ID: af4b3357bd25927f957d1befb003ebcfb3e3c8ab7444a466e72a168a40536013
                                                                      • Instruction ID: 09166a812151bc4654442f79fcd1173a708e8a93de67e90294a4fa8653ac6898
                                                                      • Opcode Fuzzy Hash: af4b3357bd25927f957d1befb003ebcfb3e3c8ab7444a466e72a168a40536013
                                                                      • Instruction Fuzzy Hash: 6921B014B0C64282EA15BB35D58037EE265AF85380FD0253BDA0C8379DDF6DF8018315
                                                                      Function 00007FF7D0E297B0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FreeString
                                                                      • String ID: Already process this datetime value.$Failed to convert value to time.$Failed to get value.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\atomutil.cpp
                                                                      • API String ID: 3341692771-3942955074
                                                                      • Opcode ID: d6328dcb6cac5bb95e5cf575abaa838cd10fe842309121f5116a0d7df6bae635
                                                                      • Instruction ID: 5c9231444e4b71a8f1d13e732711e1120e06a5399518fb45494612533ea8d084
                                                                      • Opcode Fuzzy Hash: d6328dcb6cac5bb95e5cf575abaa838cd10fe842309121f5116a0d7df6bae635
                                                                      • Instruction Fuzzy Hash: E2219A25B0874286EB18BB71E08037EE2A4AB85744FD4653BDA0C8779CDF7CF801C620
                                                                      Function 00007FF7D0DBAA10 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ComputerErrorLastName
                                                                      • String ID: Failed to get computer name.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3560734967-2030565084
                                                                      • Opcode ID: 8772da4d9fa5b3c0437d80693c141d07a0a5f567881ebce9fcb5db7b1c816690
                                                                      • Instruction ID: 4fbd755b4cc6cc460e081c04eb82faeb5d07b2b4c832dde525482b7471f8d63b
                                                                      • Opcode Fuzzy Hash: 8772da4d9fa5b3c0437d80693c141d07a0a5f567881ebce9fcb5db7b1c816690
                                                                      • Instruction Fuzzy Hash: 61118461B2864295F750FB25E4906AEA7A4EB98B40FC06037E94E87769DF2CF544CB20
                                                                      Function 00007FF7D0DB18F4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 45synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ObjectSingleWait
                                                                      • String ID: Abandoned wait for single object.$Failed to wait for single object.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp
                                                                      • API String ID: 24740636-2056904685
                                                                      • Opcode ID: b02d7eb3b48291a575e7f1eeb203afe4133c3a933711ec44571216533d81f05c
                                                                      • Instruction ID: 3358e227499ae833370ef77eded132e6a2b1a37db8b8a2235c28401d44959222
                                                                      • Opcode Fuzzy Hash: b02d7eb3b48291a575e7f1eeb203afe4133c3a933711ec44571216533d81f05c
                                                                      • Instruction Fuzzy Hash: 2A117024B18602D6FB547B2198917BDA6A0AF58700FE0213BC84E877A9DE2CF9488764
                                                                      Function 00007FF7D0DDD380 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeUninitialize
                                                                      • String ID: Failed to initialize COM.$Failed to pump messages in child process.$d:\a\wix4\wix4\src\burn\engine\elevation.cpp
                                                                      • API String ID: 3442037557-3194279326
                                                                      • Opcode ID: 2a2ec3f6f6aa8a75c1a06ce23b38337df34f13b5095af95bb6c8f6563054ed1e
                                                                      • Instruction ID: 5d579525e698c630fc3d1c026867bd65c868db00d7c90357624b375ec72bb284
                                                                      • Opcode Fuzzy Hash: 2a2ec3f6f6aa8a75c1a06ce23b38337df34f13b5095af95bb6c8f6563054ed1e
                                                                      • Instruction Fuzzy Hash: A8112B25B18A4282EB10AB61E48076EA665FB88784FD4113BDA8D83B5DDE3DF5448B24
                                                                      Function 00007FF7D0E0B784 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                      • API String ID: 4061214504-1276376045
                                                                      • Opcode ID: 5265be840e21db70880cc59d7614667791f263de245fb1a15ec7ee3cdf05792b
                                                                      • Instruction ID: b28bb2b1f0398f2a59c63b67c7aa0d2ad43453e9c97d1d54b20af24fe1600787
                                                                      • Opcode Fuzzy Hash: 5265be840e21db70880cc59d7614667791f263de245fb1a15ec7ee3cdf05792b
                                                                      • Instruction Fuzzy Hash: CBF03C21A1860681EA14BB35A45433DE360FF89BA1FD4233BC56D457E8DF2CE445C220
                                                                      Function 00007FF7D0DD332C Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 136COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetLastError.KERNEL32 ref: 00007FF7D0DD34EE
                                                                        • Part of subcall function 00007FF7D0E25E0C: GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00007FF7D0DD3412), ref: 00007FF7D0E25E45
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast
                                                                      • String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$d:\a\wix4\wix4\src\burn\engine\cache.cpp
                                                                      • API String ID: 1452528299-112932794
                                                                      • Opcode ID: 24d6679d64d6024c27e7c6c6bafcb3b50d8235ac8a567648522d7445d89b5877
                                                                      • Instruction ID: 04abdc030a006b1fc5c0d7cb442d991d2ddefbe05d1ae174e88928dac2b506e7
                                                                      • Opcode Fuzzy Hash: 24d6679d64d6024c27e7c6c6bafcb3b50d8235ac8a567648522d7445d89b5877
                                                                      • Instruction Fuzzy Hash: F7517D32B14B028AEB50EF65D4806ADA7A4FB48B98FC46137DE4D93B58DF3CE4518760
                                                                      Function 00007FF7D0E20774 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 81COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: HeapProcess
                                                                      • String ID: %lu.%lu.%lu.%lu$Failed to allocate and format the version string.$Failed to allocate memory for Verutil version from QWORD.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\verutil.cpp
                                                                      • API String ID: 54951025-3295944732
                                                                      • Opcode ID: 9633d0f383244bcbde40bd51c41daad63d31851f17d771de66226f27fbd05766
                                                                      • Instruction ID: 0cf1cbbc5400d9ac2f2cab417edde2a525abe689408b630fdb0595242292d120
                                                                      • Opcode Fuzzy Hash: 9633d0f383244bcbde40bd51c41daad63d31851f17d771de66226f27fbd05766
                                                                      • Instruction Fuzzy Hash: F6317C72A087458AE714EF26F4801AEBBA4FB88784BD4613BDA4D83759DF3CE540CB54
                                                                      Function 00007FF7D0DBC850 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3168844106-1616145386
                                                                      • Opcode ID: c1432041acffda1ce24f51658353c6afcff43e34905e735428815f3fdc33d8e7
                                                                      • Instruction ID: 824254d31a09b684570f62e4f0cba7cb43d912b17faf3bc38f971e541a517363
                                                                      • Opcode Fuzzy Hash: c1432041acffda1ce24f51658353c6afcff43e34905e735428815f3fdc33d8e7
                                                                      • Instruction Fuzzy Hash: 80218B65B08B4296EB00AB12E48026EAB60FB88B84FC4623BDA4D47759CF7CF445C750
                                                                      Function 00007FF7D0E0E380 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF7D0E0A3BB,?,?,00000000,00007FF7D0E0A656,?,?,?,?,?,00007FF7D0E0A5E2), ref: 00007FF7D0E0E39F
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7D0E0A3BB,?,?,00000000,00007FF7D0E0A656,?,?,?,?,?,00007FF7D0E0A5E2), ref: 00007FF7D0E0E3BE
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7D0E0A3BB,?,?,00000000,00007FF7D0E0A656,?,?,?,?,?,00007FF7D0E0A5E2), ref: 00007FF7D0E0E3E6
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7D0E0A3BB,?,?,00000000,00007FF7D0E0A656,?,?,?,?,?,00007FF7D0E0A5E2), ref: 00007FF7D0E0E3F7
                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7D0E0A3BB,?,?,00000000,00007FF7D0E0A656,?,?,?,?,?,00007FF7D0E0A5E2), ref: 00007FF7D0E0E408
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Value
                                                                      • String ID:
                                                                      • API String ID: 3702945584-0
                                                                      • Opcode ID: f302dbae5d0bc6288c9314cf8b6c221561df70a0060d62d4ab23de99c67f51b9
                                                                      • Instruction ID: 4bb08af1ebebc39a6e91bea59cbfa8d928b79d3095c869e8a5014ac5ebbd942c
                                                                      • Opcode Fuzzy Hash: f302dbae5d0bc6288c9314cf8b6c221561df70a0060d62d4ab23de99c67f51b9
                                                                      • Instruction Fuzzy Hash: 24113A20E0D64282FA58B735A54157DA6526F443F0FC4773AE93E2A7DEDE6CB8418231
                                                                      Function 00007FF7D0DBC5F4 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3168844106-1964378859
                                                                      • Opcode ID: 2607b6bd303937cd258ed415a5af3f34781557be8cf994a9684afc9b0ee7b010
                                                                      • Instruction ID: bc31f50489d84e2f48886718fa8e4a26b867c2dd7d131c1903bcd50de713f43a
                                                                      • Opcode Fuzzy Hash: 2607b6bd303937cd258ed415a5af3f34781557be8cf994a9684afc9b0ee7b010
                                                                      • Instruction Fuzzy Hash: 74116D71B08B4296EA10AB12A89476EAB60FB88B84FD46137EA4D47769CF7CF445C710
                                                                      Function 00007FF7D0DBC6C4 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3168844106-1150034902
                                                                      • Opcode ID: 2eb73b23d6ae166411412550206dbc74be1a42241587657663f1bec5297220d1
                                                                      • Instruction ID: 50d52a5bd82e0381bb1a714984ee428b6596020e69faff3acc4db866a1d31734
                                                                      • Opcode Fuzzy Hash: 2eb73b23d6ae166411412550206dbc74be1a42241587657663f1bec5297220d1
                                                                      • Instruction Fuzzy Hash: C6116D71B08B4286EA10BB12A88426EAB60FB84BC4FD46137DA4D47759CF7CF545C720
                                                                      Function 00007FF7D0E0E214 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Value
                                                                      • String ID:
                                                                      • API String ID: 3702945584-0
                                                                      • Opcode ID: 92d4853f9bbdd39c811b8a8b46b0882b8177f75986b6b915a0c50430598f6381
                                                                      • Instruction ID: 2a3c4df089c8556aa7b08475fc031e9c9effb703c6c41d2c62e5ced496f61143
                                                                      • Opcode Fuzzy Hash: 92d4853f9bbdd39c811b8a8b46b0882b8177f75986b6b915a0c50430598f6381
                                                                      • Instruction Fuzzy Hash: 24112710E0D20782F968B371541297D91496F453B4FC83B3BD93E2A3EEDD6CB4419231
                                                                      Function 00007FF7D0DBC794 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3168844106-3684767681
                                                                      • Opcode ID: dcc9417831fc31315e82519a02b7561bb6554119f6288cd935556dffc3b18f1a
                                                                      • Instruction ID: 846b6efb9ba932fe74125d0d9ee4cde8b5b4ba05af8f47911c7b164145f3d970
                                                                      • Opcode Fuzzy Hash: dcc9417831fc31315e82519a02b7561bb6554119f6288cd935556dffc3b18f1a
                                                                      • Instruction Fuzzy Hash: 9D115E65B18B4286E600BB22E84426EAA64FB88BC0FC45136EA4D87759DF7CF545C710
                                                                      Function 00007FF7D0E03250 Relevance: 7.5, APIs: 5, Instructions: 34fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle$FileUnmapView
                                                                      • String ID:
                                                                      • API String ID: 260491571-0
                                                                      • Opcode ID: 1b98caab4a36da19b52b209f3163e47852b678859b0a5da766c622f73ea9f467
                                                                      • Instruction ID: 93c9029f983849d3f37cc8f079726d0835e19f74c2e2a241bb8f1acc2b18f24f
                                                                      • Opcode Fuzzy Hash: 1b98caab4a36da19b52b209f3163e47852b678859b0a5da766c622f73ea9f467
                                                                      • Instruction Fuzzy Hash: 04011E16A0760186FF69FFB1D46533CA264FF44F04FC41536C90E09269CF2CB45482A1
                                                                      Function 00007FF7D0DF99E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: BA aborted detect forward compatible bundle.$Failed to compare bundle version '%ls' to related bundle version '%ls'$d:\a\wix4\wix4\src\burn\engine\detect.cpp
                                                                      • API String ID: 1825529933-3048877371
                                                                      • Opcode ID: 6eba48efc52b45556715fcbf5336127f34b977ecba139ff659b7cfb0c0611162
                                                                      • Instruction ID: 5d3a25d665c83836c65fd4ef0c9b36126dc42954abbfdb939a2b17eda22a0d03
                                                                      • Opcode Fuzzy Hash: 6eba48efc52b45556715fcbf5336127f34b977ecba139ff659b7cfb0c0611162
                                                                      • Instruction Fuzzy Hash: 71515E72A08B818AD720EF26E48499EBBA4F748B94FC1523BDE4D43759CF39E541CB50
                                                                      Function 00007FF7D0DD69E8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CompareStringW.KERNEL32(?,?,00000000,?,?,?,00000000,00007FF7D0DD6999), ref: 00007FF7D0DD6ABC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: Failed to copy provider key for compatible entry.$Failed to get provider information for compatible package: %ls$d:\a\wix4\wix4\src\burn\engine\dependency.cpp
                                                                      • API String ID: 1825529933-4100048506
                                                                      • Opcode ID: be0e3c8f7d0307f0d481b221fb7c5b36c7139339f31f6500cc4cc1c3c4656bb8
                                                                      • Instruction ID: b1d2c408f99fea8ac8bf9931de0cf6655284946f8047f6fbe7eb1beaa4f7ba92
                                                                      • Opcode Fuzzy Hash: be0e3c8f7d0307f0d481b221fb7c5b36c7139339f31f6500cc4cc1c3c4656bb8
                                                                      • Instruction Fuzzy Hash: 2541B232608B8285E721AF11D4407AEB7A4F788B54FD9523BDA8D87798DF38E141C760
                                                                      Function 00007FF7D0E23828 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: Failed to hash the string.$Invalid dictionary - bucket size index is out of range$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dictutil.cpp
                                                                      • API String ID: 1825529933-1798595610
                                                                      • Opcode ID: b21b11f71abef4484a5c858234bd56fe1f08b4f546422d009895f67449168a1c
                                                                      • Instruction ID: 99c48e878e5a0b97ff47abec9fb16a0501fdddcd7e0140d307ec80ad13bbc92c
                                                                      • Opcode Fuzzy Hash: b21b11f71abef4484a5c858234bd56fe1f08b4f546422d009895f67449168a1c
                                                                      • Instruction Fuzzy Hash: 94315F32A0864286E614EB26E48456DF760F788B54FD4423ADA5D8B7A9CF3DF492CB10
                                                                      Function 00007FF7D0DB9B6C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareErrorLastString
                                                                      • String ID: Failed to compare strings.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 1733990998-1974329976
                                                                      • Opcode ID: 6bd9e23a0f252f607766f580b6056a9c2a7cba58589982278e41a9a963869c2a
                                                                      • Instruction ID: 2be88080e20aae0b7ce024a3116092a6dac7060f2f1800146f7aa6c97340fcfe
                                                                      • Opcode Fuzzy Hash: 6bd9e23a0f252f607766f580b6056a9c2a7cba58589982278e41a9a963869c2a
                                                                      • Instruction Fuzzy Hash: 3E319232B08B4286E220AF65E48056DFEA0F784B90FD45237DA5C837A8DE7CF5028754
                                                                      Function 00007FF7D0E268A4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Close
                                                                      • String ID: Failed to open policy key: %ls$Failed to open policy key: %ls, name: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\polcutil.cpp
                                                                      • API String ID: 3535843008-3938230626
                                                                      • Opcode ID: e2d08d6f8460e837ae32afe3428815e134c5d72329e476758dc2b96bcf13e645
                                                                      • Instruction ID: 0854f0251f1d9d56c0c202c6d20043bb5fe1fe3d2be6c97b87c108bb6b6784f6
                                                                      • Opcode Fuzzy Hash: e2d08d6f8460e837ae32afe3428815e134c5d72329e476758dc2b96bcf13e645
                                                                      • Instruction Fuzzy Hash: 7D319E367087428AEB11BF61E48066DB364FB88B90FD4563EDA4D43B58DF38F9958710
                                                                      Function 00007FF7D0DD6BA4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E25178: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00007FF7D0DD6BDE,?,?,?,?,?,00007FF7D0DD681A), ref: 00007FF7D0E252F4
                                                                      • CompareStringW.KERNEL32(?,?,?,?,?,00007FF7D0DD681A,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7D0DD6C37
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCompareString
                                                                      • String ID: Failed to get provider key bundle id.$Failed to initialize provider key bundle id.$d:\a\wix4\wix4\src\burn\engine\dependency.cpp
                                                                      • API String ID: 446873843-357001386
                                                                      • Opcode ID: 2ce8214d63b4d98901bf6a500a6eaf9b472069419e7ebd7b112d9afe072e06ea
                                                                      • Instruction ID: 40cc2bf3def1565cc9ac13d2b98ef261d3d9a1bfece5b63da34576795fbc8668
                                                                      • Opcode Fuzzy Hash: 2ce8214d63b4d98901bf6a500a6eaf9b472069419e7ebd7b112d9afe072e06ea
                                                                      • Instruction Fuzzy Hash: 0D31B431B08B4286E720AF55E4401AEBB60EB44B80FD4513BCB9C47799DF3CF5518760
                                                                      Function 00007FF7D0E282E8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70timeCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E285F8: lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,?), ref: 00007FF7D0E2870E
                                                                        • Part of subcall function 00007FF7D0E285F8: lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,?), ref: 00007FF7D0E2872F
                                                                      • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7D0E29155), ref: 00007FF7D0E283C7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Timelstrlen$FileSystem
                                                                      • String ID: Failed to connect to URL: %ls$HEAD$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\dlutil.cpp
                                                                      • API String ID: 3954044709-1251758901
                                                                      • Opcode ID: 195a85674bb04444b13010bc2e7cc85395699d1c0fcdb0906663edb84740c2e5
                                                                      • Instruction ID: 430fb4969f9fc2fb1a0d908634b41f828d33ed23e40229da552ada8fd09650a4
                                                                      • Opcode Fuzzy Hash: 195a85674bb04444b13010bc2e7cc85395699d1c0fcdb0906663edb84740c2e5
                                                                      • Instruction Fuzzy Hash: 63316D3670DB8289DB50EF21E4941ADB3A4FB88B80FC5113ADA9D87728DF39E854C710
                                                                      Function 00007FF7D0DC9988 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: Failed to copy the property value.$IGNOREDEPENDENCIES$d:\a\wix4\wix4\src\burn\engine\package.cpp
                                                                      • API String ID: 1825529933-2032719239
                                                                      • Opcode ID: 9b1e91d0e1e9e78a51d1ee019eb57819230fd609c34fdec8977cb63bc1e8c448
                                                                      • Instruction ID: 1a3b1494c72a93bc667b07f1d2e1f32a38ffe495aeb59fcc011e7ba93ca94259
                                                                      • Opcode Fuzzy Hash: 9b1e91d0e1e9e78a51d1ee019eb57819230fd609c34fdec8977cb63bc1e8c448
                                                                      • Instruction Fuzzy Hash: F421B532B08A9285E720AF56A44416EE760FB4CBA0FD46237DE5C8779CCF78F5428748
                                                                      Function 00007FF7D0E22858 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • ReadFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00009002), ref: 00007FF7D0E228AB
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00009002), ref: 00007FF7D0E228B5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastRead
                                                                      • String ID: Failed to read data from file handle.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\fileutil.cpp
                                                                      • API String ID: 1948546556-2736598211
                                                                      • Opcode ID: d725aed0b7f6d72eca70223a0333dc4b9cadb5037894a78989eac7f154f13a73
                                                                      • Instruction ID: 664a4d5785704423726afefcd47f0670041e67692022fc874eb46a8e1b5b1560
                                                                      • Opcode Fuzzy Hash: d725aed0b7f6d72eca70223a0333dc4b9cadb5037894a78989eac7f154f13a73
                                                                      • Instruction Fuzzy Hash: 76219221B0875196E724BF76E84426EE6A1BB84BA0FC4163ADA4C43799DF3CF5458720
                                                                      Function 00007FF7D0E24968 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63comCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CoCreateInstance.OLE32(?,?,?,?,00000001,00007FF7D0DCE0C2,?,?,?,?,00000000,00007FF7D0DDA4E2,?,?,?,?), ref: 00007FF7D0E2499D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CreateInstance
                                                                      • String ID: Failed to determine if restart is required from WUA.$Failed to get WUA system information interface.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\wuautil.cpp
                                                                      • API String ID: 542301482-1328814180
                                                                      • Opcode ID: 59eae9c7c5fe21a7a78a1bb16b4690735996a0d81e72b8434b532837b6b8951d
                                                                      • Instruction ID: 607d6e42ae58cf536eccb0d675737db7b6ac66d6a519cbea7a234d7509de1dc4
                                                                      • Opcode Fuzzy Hash: 59eae9c7c5fe21a7a78a1bb16b4690735996a0d81e72b8434b532837b6b8951d
                                                                      • Instruction Fuzzy Hash: 1C215976B08A0282EB10BF25E88446EF365EB88B90BD05137DA4D83768EF3DF945C710
                                                                      Function 00007FF7D0E032C8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62synchronizationCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • WaitForSingleObject.KERNEL32(?,?,?,?,?,00007FF7D0E03604), ref: 00007FF7D0E032F6
                                                                      • ReleaseMutex.KERNEL32(?,?,?,?,?,00007FF7D0E03604), ref: 00007FF7D0E033A5
                                                                        • Part of subcall function 00007FF7D0DB6828: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7D0DB2158,?,?,?,?,?,?,00000000,00007FF7D0DB1F49,?,?,?,00000000), ref: 00007FF7D0DB683C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: HeapMutexObjectProcessReleaseSingleWait
                                                                      • String ID: Failed to allocate memory for message data$d:\a\wix4\wix4\src\burn\engine\netfxchainer.cpp
                                                                      • API String ID: 1927941271-954368992
                                                                      • Opcode ID: c654562947861c8fe8a31c9448c68e3616df2fbd3b986bb2c51ff1e735ed6fea
                                                                      • Instruction ID: 33e153e913294af740d3cb3b9317bcd4c31ea656ed80b703092da61d90538bf8
                                                                      • Opcode Fuzzy Hash: c654562947861c8fe8a31c9448c68e3616df2fbd3b986bb2c51ff1e735ed6fea
                                                                      • Instruction Fuzzy Hash: C8214876704B5082E710EF22E48026DBBA1FB88B80F809636DB5D43B99DF39E411CB40
                                                                      Function 00007FF7D0E1B4F8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E1A674: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,00000000,00007FF7D0E1A66D), ref: 00007FF7D0E1A6C1
                                                                      • RegCloseKey.ADVAPI32 ref: 00007FF7D0E1B5D8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpen
                                                                      • String ID: Failed to open key: %ls$Failed to read value type: %ls/@%ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                      • API String ID: 47109696-3852982929
                                                                      • Opcode ID: 7e0f4dc421d206c0b62ae5bae23aba5848e9f73f7f7c3a181bc54c62559296f1
                                                                      • Instruction ID: 543eb08259925a7a009163e586a23c476ea99396ed42d4f68144af7b43022483
                                                                      • Opcode Fuzzy Hash: 7e0f4dc421d206c0b62ae5bae23aba5848e9f73f7f7c3a181bc54c62559296f1
                                                                      • Instruction Fuzzy Hash: 25216F31B0874282E710AB01F48527EB7A6FB84790FD41236EA8D47B99DF3DE541C720
                                                                      Function 00007FF7D0E1A564 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E1A674: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,00000000,00007FF7D0E1A66D), ref: 00007FF7D0E1A6C1
                                                                      • RegCloseKey.ADVAPI32 ref: 00007FF7D0E1A642
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpen
                                                                      • String ID: Failed to open key: %ls$Failed to read value: %ls/@%ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\regutil.cpp
                                                                      • API String ID: 47109696-2566192520
                                                                      • Opcode ID: 3b130d45959f5c6743606b870a15f0967d14906804007f36e1cfbab80d00caa5
                                                                      • Instruction ID: 2a4b09629ff3bac1ab88017890b89988149b6962e7fc5f6bb912f8648f733e58
                                                                      • Opcode Fuzzy Hash: 3b130d45959f5c6743606b870a15f0967d14906804007f36e1cfbab80d00caa5
                                                                      • Instruction Fuzzy Hash: 8A212E31B1874185E711AB02F4842BDB6A4EB44790FD4123BDA4D47B59DE3DE951C760
                                                                      Function 00007FF7D0DFF2BC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E22798: FindFirstFileW.KERNEL32 ref: 00007FF7D0E227DE
                                                                        • Part of subcall function 00007FF7D0E22798: FindClose.KERNEL32 ref: 00007FF7D0E227ED
                                                                      • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,00007FF7D0DFBD3B,?,?,?,?,00000000,00000000,?,00007FF7D0DFECC6), ref: 00007FF7D0DFF2FE
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF7D0DFBD3B,?,?,?,?,00000000,00000000,?,00007FF7D0DFECC6), ref: 00007FF7D0DFF308
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$AttributesCloseErrorFirstLast
                                                                      • String ID: Failed to clear readonly bit on payload desusertion path: %ls$d:\a\wix4\wix4\src\burn\engine\apply.cpp
                                                                      • API String ID: 1980345056-600630982
                                                                      • Opcode ID: 307c8b9bc2cc2462c9feeea8b47fff988392d13b030302f8740b76046eb824d5
                                                                      • Instruction ID: 3a988369edac36a8f9d7aa3c3c054bebc2e42bd2aae530ae9b5d4bf0ab7b7e5d
                                                                      • Opcode Fuzzy Hash: 307c8b9bc2cc2462c9feeea8b47fff988392d13b030302f8740b76046eb824d5
                                                                      • Instruction Fuzzy Hash: A5119631B0879286E710BB66A88056EFAA4AF84B90FD0513BD94D8379CDF7CF8408760
                                                                      Function 00007FF7D0DB1A28 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50libraryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0DB14AC: GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB14C6
                                                                        • Part of subcall function 00007FF7D0DB14AC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB14D4
                                                                      • LoadLibraryExW.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A58
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7D0DB11A9), ref: 00007FF7D0DB1A66
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$HandleLibraryLoadModule
                                                                      • String ID: Failed to get load library with LOAD_LIBRARY_SEARCH_SYSTEM32.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\apputil.cpp
                                                                      • API String ID: 4252302101-2751505537
                                                                      • Opcode ID: 83034c4a4e8bcee9975a57f8d36ca1f4b0ebed67d0253e011435dd6f2dcc5b4e
                                                                      • Instruction ID: 2754bb167b5bfc3f05810063fefd56d588e56f7f35e2447d71a8371820cc3585
                                                                      • Opcode Fuzzy Hash: 83034c4a4e8bcee9975a57f8d36ca1f4b0ebed67d0253e011435dd6f2dcc5b4e
                                                                      • Instruction Fuzzy Hash: 4611C425B18A42D2E754BF27E88067EE6A0BF48790FD4503BDA4D83769DE3CF8168714
                                                                      Function 00007FF7D0E1E764 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47memoryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$AllocFree
                                                                      • String ID: d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed SysAllocString
                                                                      • API String ID: 344208780-608482133
                                                                      • Opcode ID: f0480deedfbd0f0703d6dd9f65a9d56f3cbef12a1d339df6ab43f0eb338fe897
                                                                      • Instruction ID: 4f07a3e130f5dd404858481f1ba20843148f67a56c21643bf4848a9db2c6d1fb
                                                                      • Opcode Fuzzy Hash: f0480deedfbd0f0703d6dd9f65a9d56f3cbef12a1d339df6ab43f0eb338fe897
                                                                      • Instruction Fuzzy Hash: 53116D25B0864292EA14FB16E5441BDA661AF88B80FD45537DA4D43BA9DF2CF5428720
                                                                      Function 00007FF7D0DBB3D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentErrorLastLookupPrivilegeProcessValue
                                                                      • String ID: Failed to check if process token has privilege: %ls.$Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3865200005-2747678004
                                                                      • Opcode ID: 1be94d98c973188314bce5df5c29b0b9420840484a4c192c0a51e56afc0ed3c2
                                                                      • Instruction ID: 2956ac235f71ed4d8d89faae10d94bed6c4d789768e566af39cf1a72c271c945
                                                                      • Opcode Fuzzy Hash: 1be94d98c973188314bce5df5c29b0b9420840484a4c192c0a51e56afc0ed3c2
                                                                      • Instruction Fuzzy Hash: 44111F21B08B8291E710AB52E44066AEA64FB44B95FC05137EA8D83B5EDF6CE1058750
                                                                      Function 00007FF7D0E1EBE8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$FreeVariant$AllocClearInit
                                                                      • String ID: Failed to treat attribute value as UInt64.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp$failed XmlGetAttribute
                                                                      • API String ID: 3379191133-2593243594
                                                                      • Opcode ID: 24fb8b51524fbd48fe49afd5168f834fd92e66430c35c9853acb812b665ea9ad
                                                                      • Instruction ID: 34858109982ea3534c6d3a451b3dad09c56fb08ac9aea0a307f59a035c26312b
                                                                      • Opcode Fuzzy Hash: 24fb8b51524fbd48fe49afd5168f834fd92e66430c35c9853acb812b665ea9ad
                                                                      • Instruction Fuzzy Hash: 41115E32A18B8292E751BB11E4803BEE660EB84344FC05037E68D467A9EF7CF545C761
                                                                      Function 00007FF7D0DBBB4C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareString
                                                                      • String ID: Attempted to insert variable with reserved prefix: %ls$Wix$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 1825529933-1731131246
                                                                      • Opcode ID: c4ebaf3f134c960fffac2839e879aef0a1ff163f95f75e3a2223c38f3c693756
                                                                      • Instruction ID: 42172abff139dc55b590b69b028f6df758fad93dd52fcbc8530d926bac8d822c
                                                                      • Opcode Fuzzy Hash: c4ebaf3f134c960fffac2839e879aef0a1ff163f95f75e3a2223c38f3c693756
                                                                      • Instruction Fuzzy Hash: 2311A331B0875081E710AB12E88056EBAA4BB48BD0FD05137DA4C4775DDF7DE9458754
                                                                      Function 00007FF7D0DC9384 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressErrorFreeLastLibraryProc
                                                                      • String ID: BootstrapperApplicationDestroy
                                                                      • API String ID: 1144718084-3186005537
                                                                      • Opcode ID: 8040c1b8992b840429c8a18cfd7bbb8d9c305637a9c14a98cd9402716d6c778d
                                                                      • Instruction ID: 36a59db246832e75a09b954ecf871c826e11ae2de6b3fd7d0e39272cfaa55750
                                                                      • Opcode Fuzzy Hash: 8040c1b8992b840429c8a18cfd7bbb8d9c305637a9c14a98cd9402716d6c778d
                                                                      • Instruction Fuzzy Hash: 2D012532618642C6DB40AF65E58422DF2B0FF48B44FC0613BE64E8665CEF7CE855C750
                                                                      Function 00007FF7D0DC32FC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: AddressErrorFreeLastLibraryProc
                                                                      • String ID: BundleExtensionDestroy
                                                                      • API String ID: 1144718084-3206861012
                                                                      • Opcode ID: 834f6dbf132107654f54383a4784ef038e404e45486db7456822bee6f463f941
                                                                      • Instruction ID: fc876d54fc3b2fccf7e0a64640ec8565b3b3bde6c511cc7798359b5b378c00b4
                                                                      • Opcode Fuzzy Hash: 834f6dbf132107654f54383a4784ef038e404e45486db7456822bee6f463f941
                                                                      • Instruction Fuzzy Hash: B701FA32A19A81C5EB01BF62E84036DA660FB48B84FD8653AD65E42758CF3CF451C764
                                                                      Function 00007FF7D0E1FBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareErrorLastOrdinalString
                                                                      • String ID: Failed to compare version substrings$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\verutil.cpp
                                                                      • API String ID: 2427233125-1336685116
                                                                      • Opcode ID: a46b2e7e6de096f37cefd72f0997d9898b3c9f76baf121ba437a20af3c6ad0f0
                                                                      • Instruction ID: fb62e11f06f4bb40f729d9f6e13bf2d46f8f0f3191deb85f5f7e5b1344d1e642
                                                                      • Opcode Fuzzy Hash: a46b2e7e6de096f37cefd72f0997d9898b3c9f76baf121ba437a20af3c6ad0f0
                                                                      • Instruction Fuzzy Hash: 36018C35A0874296E710BF66E4801EEF370FB88340FD0553ADA4D83B58EF3CE9158AA4
                                                                      Function 00007FF7D0DE6570 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetEvent.KERNEL32(?,?,?,?,00000000,00007FF7D0DE791A,?,?,?,?,00000000,00007FF7D0DC1526), ref: 00007FF7D0DE657D
                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF7D0DE791A,?,?,?,?,00000000,00007FF7D0DC1526), ref: 00007FF7D0DE6587
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorEventLast
                                                                      • String ID: Failed to set begin operation event.$d:\a\wix4\wix4\src\burn\engine\cabextract.cpp
                                                                      • API String ID: 3848097054-3005980414
                                                                      • Opcode ID: a7294b9593fcab44abb805d8fe2cba3e8d723f3810056adfe15ffc8dbc12cdf7
                                                                      • Instruction ID: e9eb4bfa990c705a4e508a6adcd1adec0903c65dbd45ba35e9a17cd588d94fb5
                                                                      • Opcode Fuzzy Hash: a7294b9593fcab44abb805d8fe2cba3e8d723f3810056adfe15ffc8dbc12cdf7
                                                                      • Instruction Fuzzy Hash: CA018660B1870296E710BF75E8806BEA7A0AF44740FC0213BDD4EC77A9DE2CF5059724
                                                                      Function 00007FF7D0E14698 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7D0E14683,00000000), ref: 00007FF7D0E147B4
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF7D0E14683,00000000), ref: 00007FF7D0E1483F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleErrorLastMode
                                                                      • String ID:
                                                                      • API String ID: 953036326-0
                                                                      • Opcode ID: 9b93c8684649af2708d4c6c5d59f2dd9f1a1ee6e4cfe314bb53aca832c78c319
                                                                      • Instruction ID: f6e4ca77d2a14112169761246813d7c5df55483c1298f003dbef8080b2b5acc3
                                                                      • Opcode Fuzzy Hash: 9b93c8684649af2708d4c6c5d59f2dd9f1a1ee6e4cfe314bb53aca832c78c319
                                                                      • Instruction Fuzzy Hash: EF9107A2E1865285F754BF2594402BDABA0AB41B88FD4227BDE0E5378CCF38F481C731
                                                                      Function 00007FF7D0E2162C Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseErrorHandleLast
                                                                      • String ID: ShellExecEx failed with return code: %d$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\shelutil.cpp
                                                                      • API String ID: 918212764-2133313566
                                                                      • Opcode ID: e69d4f336506fcaea0130c40c91e290d7fdbec3ace6dceecfb2f055259f037db
                                                                      • Instruction ID: 5ace0198c49942d9d58fe04be669e6e4ffea053fee33e605f3de2c73f6d4cd3b
                                                                      • Opcode Fuzzy Hash: e69d4f336506fcaea0130c40c91e290d7fdbec3ace6dceecfb2f055259f037db
                                                                      • Instruction Fuzzy Hash: ED417936B15B018AEB10EF75A8406ACB3A5FB98B84F95113ADE0D83B58DF38E516C350
                                                                      Function 00007FF7D0DBED00 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ConditionMask$InfoVerifyVersion
                                                                      • String ID:
                                                                      • API String ID: 2793162063-0
                                                                      • Opcode ID: 93381d09bc8d8afa91eff1c7c4c70641bbbc40b357af6dc7c88ff613c1632a68
                                                                      • Instruction ID: deb5dbac803fa170a000d560fa48241d2b115785255548805e7acd5272a871ce
                                                                      • Opcode Fuzzy Hash: 93381d09bc8d8afa91eff1c7c4c70641bbbc40b357af6dc7c88ff613c1632a68
                                                                      • Instruction Fuzzy Hash: B2116F376086408AD720EF35E8407AEB3A0FB88759F81623AEE4D47758EB38E5458B50
                                                                      Function 00007FF7D0E1F9C8 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDeviceFromMonitorReleaseWindow
                                                                      • String ID:
                                                                      • API String ID: 3025816165-0
                                                                      • Opcode ID: 537782f4e1d6144869bcda12abebfeda48a37dfdd724fe5aee1dd4c78c77b47f
                                                                      • Instruction ID: 0961c870b1b0d937ff2e147306c44c21ef76a0482fb29df189ff384564507384
                                                                      • Opcode Fuzzy Hash: 537782f4e1d6144869bcda12abebfeda48a37dfdd724fe5aee1dd4c78c77b47f
                                                                      • Instruction Fuzzy Hash: 7011F965A0964282EB04BB26E54433DE7A0EF44F90FD8557ACA4D0776CDF3CF4458761
                                                                      Function 00007FF7D0DBD7A0 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID: Failed to get visibility of variable: %ls$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 3168844106-1405185440
                                                                      • Opcode ID: 3157d9cadce27a172ff07b2d371a0fb2d835f1df5e09024e0b736305642b4d71
                                                                      • Instruction ID: 05dcee6d3371af4ed65bd94f797ae67688ab89bdec23fc8149eee7d75457dbb7
                                                                      • Opcode Fuzzy Hash: 3157d9cadce27a172ff07b2d371a0fb2d835f1df5e09024e0b736305642b4d71
                                                                      • Instruction Fuzzy Hash: D6116A72A08B428AE700AF12E48026EBB60FB98F90FC45136DA4D43758DF7CF545C754
                                                                      Function 00007FF7D0DB8250 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterErrorEventLastLeave
                                                                      • String ID:
                                                                      • API String ID: 2851136515-0
                                                                      • Opcode ID: c562eb490bc41f483973d55a8e6c4b438559ecbcf11e53de4dd64529f6b988b5
                                                                      • Instruction ID: 959ad425b8054d43a27225685d3577822023b3f3eba8d632581ab3fe1c61a1ba
                                                                      • Opcode Fuzzy Hash: c562eb490bc41f483973d55a8e6c4b438559ecbcf11e53de4dd64529f6b988b5
                                                                      • Instruction Fuzzy Hash: 8EF08C21B0890392EB00BB37A98453EE360EF48BC0BD46036DA1E87B58DE2CF4948720
                                                                      Function 00007FF7D0E14408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastWrite
                                                                      • String ID: U
                                                                      • API String ID: 442123175-4171548499
                                                                      • Opcode ID: 241ae4cb15b864cda83524f68f3b7dc5ff12d7398406e8703363b57b10766c99
                                                                      • Instruction ID: de279647dd6dba9cce68e11eda6a75e7af3fe543f5d60f08e5a9a3a0dd3ef020
                                                                      • Opcode Fuzzy Hash: 241ae4cb15b864cda83524f68f3b7dc5ff12d7398406e8703363b57b10766c99
                                                                      • Instruction Fuzzy Hash: 2641B362718A8182DB20AF25E4443ADB761FB88794FD45136EE4D87B9CEF3CE441C760
                                                                      Function 00007FF7D0DB6A88 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: Failed to resize array while inserting items$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\memutil.cpp
                                                                      • API String ID: 0-1811546269
                                                                      • Opcode ID: 4be7cf8174e700e5bc5530272efb160985bc23961f7636974a7a8089b92097b6
                                                                      • Instruction ID: 7cfa59550718309fac29aaaac3fed13f924275d12f04e28177cc6d9485cc0655
                                                                      • Opcode Fuzzy Hash: 4be7cf8174e700e5bc5530272efb160985bc23961f7636974a7a8089b92097b6
                                                                      • Instruction Fuzzy Hash: FC31B165B0864292EA14BF56A9011ADFAB0BF84BC4FC86037DE9C57B99CE3CF4418754
                                                                      Function 00007FF7D0E27648 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71registryCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E1A674: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,00000000,00007FF7D0E1A66D), ref: 00007FF7D0E1A6C1
                                                                      • RegCloseKey.ADVAPI32 ref: 00007FF7D0E27728
                                                                      Strings
                                                                      • Failed to open uninstall key for potential related bundle: %ls, xrefs: 00007FF7D0E276B0
                                                                      • d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp, xrefs: 00007FF7D0E276C1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseOpen
                                                                      • String ID: Failed to open uninstall key for potential related bundle: %ls$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\butil.cpp
                                                                      • API String ID: 47109696-3466351475
                                                                      • Opcode ID: 43c684ff03948c721dc28f214240550a10515e6c4d13b73b4854f953ffc7e857
                                                                      • Instruction ID: db1cc21c97ed792946fd561ec8ce1992131541bde82e7e2868a1ad9db92b92ef
                                                                      • Opcode Fuzzy Hash: 43c684ff03948c721dc28f214240550a10515e6c4d13b73b4854f953ffc7e857
                                                                      • Instruction Fuzzy Hash: D0317A36B14A519AE710EF72E8406ADB7B0F748B88F845136EE4D93B18DF38E511CB10
                                                                      Function 00007FF7D0DE586C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45windowCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: Message$ErrorFormatFreeLastLocal
                                                                      • String ID: Failed to allocate string to display error message$d:\a\wix4\wix4\src\burn\engine\splashscreen.cpp
                                                                      • API String ID: 2195691534-719764090
                                                                      • Opcode ID: 09451a68cb9bba779cb9ec40a3cf89021201b6ca1d4afd7175b65764d0b6e864
                                                                      • Instruction ID: 8e2e64761359ba1e42dd6310f7b66f7d07e7d8dcbd6f0fa89497c6e0f6232d2c
                                                                      • Opcode Fuzzy Hash: 09451a68cb9bba779cb9ec40a3cf89021201b6ca1d4afd7175b65764d0b6e864
                                                                      • Instruction Fuzzy Hash: 9511C231F0865182E714AB65E48066EA760FB48BC0FE05237DA8D83B5DDF3DF9418710
                                                                      Function 00007FF7D0E07B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFileHeaderRaise
                                                                      • String ID: csm
                                                                      • API String ID: 2573137834-1018135373
                                                                      • Opcode ID: 33685d265f18f302895d31be890ce439fb936af17bf90ed9ce04ed39f9a25812
                                                                      • Instruction ID: 01fff7d19f9167e275b6f43f3e57d97ed7e85dcb38b9c60ff9d81104c15e3c0a
                                                                      • Opcode Fuzzy Hash: 33685d265f18f302895d31be890ce439fb936af17bf90ed9ce04ed39f9a25812
                                                                      • Instruction Fuzzy Hash: 2F112B32A08B8182EB10AF25E44026DB7A5FB88B84F985235DE8C07768DF3CE551CB10
                                                                      Function 00007FF7D0E1EB44 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: String$FreeVariant$AllocClearInit
                                                                      • String ID: Failed to get value from attribute.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\xmlutil.cpp
                                                                      • API String ID: 3379191133-973041108
                                                                      • Opcode ID: abda76aac6fe4fb346143f1f73a1c7a5ff247e3ec43a760062d91b64d9bb026e
                                                                      • Instruction ID: a023214c7c5b4196c2615a0115b21cd6a237a3b2e92f3972fceb45d5c1527b31
                                                                      • Opcode Fuzzy Hash: abda76aac6fe4fb346143f1f73a1c7a5ff247e3ec43a760062d91b64d9bb026e
                                                                      • Instruction Fuzzy Hash: 85118226B1CB4186E720BF11E4847ADB260FB84740FC45436EA4E43759DF7CE545C761
                                                                      Function 00007FF7D0DB93CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40stringCOMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CompareStringlstrlen
                                                                      • String ID: burn.clean.room
                                                                      • API String ID: 1433953587-3055529264
                                                                      • Opcode ID: ad14d0f9418f693a815ad40dc2e2055b593c211d88fb7df31a6088137c986642
                                                                      • Instruction ID: a1c7833b477c2940792f691763fa6ac6c8f4efb9490eda58b42ba8f6bb29fd80
                                                                      • Opcode Fuzzy Hash: ad14d0f9418f693a815ad40dc2e2055b593c211d88fb7df31a6088137c986642
                                                                      • Instruction Fuzzy Hash: F2015735A1869292E310BF25F44013DEAA0FB59B94FD0143BDA5C83B98DF6CF9568720
                                                                      Function 00007FF7D0DBB5A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: InfoNativeSystem
                                                                      • String ID: Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 1721193555-2731189036
                                                                      • Opcode ID: 51651b8b99521edf3b2065d24b1c0972709de01fabf245201aaf872e11e5ed41
                                                                      • Instruction ID: f5bfc8c6c2712535bf921b23e6425ae3a3967a6c323272de4a12d3af3536ea5d
                                                                      • Opcode Fuzzy Hash: 51651b8b99521edf3b2065d24b1c0972709de01fabf245201aaf872e11e5ed41
                                                                      • Instruction Fuzzy Hash: 0D016172628A8192D750AB11F4805AEF7A0FB84B94FD05136EA8D87B5DEF3CE954CB10
                                                                      Function 00007FF7D0E196BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                        • Part of subcall function 00007FF7D0E192C0: OpenProcessToken.ADVAPI32(?,00007FF7D0E196E2), ref: 00007FF7D0E192EA
                                                                        • Part of subcall function 00007FF7D0E192C0: GetLastError.KERNEL32 ref: 00007FF7D0E192F4
                                                                        • Part of subcall function 00007FF7D0E192C0: CloseHandle.KERNEL32 ref: 00007FF7D0E19495
                                                                      • IsWellKnownSid.ADVAPI32 ref: 00007FF7D0E19720
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseErrorHandleKnownLastOpenProcessTokenWell
                                                                      • String ID: Failed to get TokenUser from process token.$d:\a\wix4\wix4\src\libs\dutil\wixtoolset.dutil\procutil.cpp
                                                                      • API String ID: 3112027504-95618751
                                                                      • Opcode ID: c0fb00d49a4fb78e57319cd994e959f9190896fe42b74e644aeaab94d7c369e2
                                                                      • Instruction ID: e5748821faebed870fb3060e2390232c3d1c3c8c107e62a6ce763f649683f9c6
                                                                      • Opcode Fuzzy Hash: c0fb00d49a4fb78e57319cd994e959f9190896fe42b74e644aeaab94d7c369e2
                                                                      • Instruction Fuzzy Hash: E801DE36A08A0282EB10BF11E4002ADFBA0EF84B90FD84033DA8C43769CF3CE945C721
                                                                      Function 00007FF7D0DBA7D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: DefaultLangUser
                                                                      • String ID: Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 768647712-2731189036
                                                                      • Opcode ID: 487de733fae6fef32328cc5a54f210b864faeda92fa39184569585251416f309
                                                                      • Instruction ID: 5df7a60cd44acbe1a03a3b81259d0f1166ca0ffdfcaffda5745f2261a724b764
                                                                      • Opcode Fuzzy Hash: 487de733fae6fef32328cc5a54f210b864faeda92fa39184569585251416f309
                                                                      • Instruction Fuzzy Hash: FFE09224B0869292FB10BB21E8806BAD760AB58751FC45037DD8D877AAEE3CF1598720
                                                                      Function 00007FF7D0DBA770 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: DefaultLangSystem
                                                                      • String ID: Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 706401283-2731189036
                                                                      • Opcode ID: ebfd84084d59ec19a3c0dd7174503bd49dfbc01ee25f5b5bd8c4fd50321b90ed
                                                                      • Instruction ID: dbe5c56f2419a8ed890abaef0a6eebc5c87ac8064e2d388508acd1d5da78ff5c
                                                                      • Opcode Fuzzy Hash: ebfd84084d59ec19a3c0dd7174503bd49dfbc01ee25f5b5bd8c4fd50321b90ed
                                                                      • Instruction Fuzzy Hash: F9E09224B1868291FB14FB21E8406BAD660AF98741FC41137DD8D877AADE3CF1598720
                                                                      Function 00007FF7D0DBA830 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: DefaultLanguageUser
                                                                      • String ID: Failed to set variant value.$d:\a\wix4\wix4\src\burn\engine\variable.cpp
                                                                      • API String ID: 95929093-2731189036
                                                                      • Opcode ID: 5f210d7b2d89e8e477a15f0564f887c0e2e7e443ad61579b0c31903b7815b04c
                                                                      • Instruction ID: 725092848914e856db0dea901e6983b7f1ace266cd5a75dd408fb7d9297b715f
                                                                      • Opcode Fuzzy Hash: 5f210d7b2d89e8e477a15f0564f887c0e2e7e443ad61579b0c31903b7815b04c
                                                                      • Instruction Fuzzy Hash: 66E09224B08A9291FB10BB21E8406BAE660AB58741FC41037DD8D877AADE3CF159CB60
                                                                      Function 00007FF7D0DD028C Relevance: 5.0, APIs: 4, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • CloseHandle.KERNEL32(?,?,?,00007FF7D0DB91E3,?,?,00000000,00007FF7D0DB9AC8), ref: 00007FF7D0DD02A6
                                                                      • CloseHandle.KERNEL32(?,?,?,00007FF7D0DB91E3,?,?,00000000,00007FF7D0DB9AC8), ref: 00007FF7D0DD02B9
                                                                      • CloseHandle.KERNEL32(?,?,?,00007FF7D0DB91E3,?,?,00000000,00007FF7D0DB9AC8), ref: 00007FF7D0DD02CC
                                                                      • CloseHandle.KERNEL32(?,?,?,00007FF7D0DB91E3,?,?,00000000,00007FF7D0DB9AC8), ref: 00007FF7D0DD02DF
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1700049363.00007FF7D0DB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D0DB0000, based on PE: true
                                                                      • Associated: 00000000.00000002.1699972182.00007FF7D0DB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700243184.00007FF7D0E2F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700341469.00007FF7D0E66000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E69000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.1700375093.00007FF7D0E70000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_7ff7d0db0000_VmjvNTbD5J.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle
                                                                      • String ID:
                                                                      • API String ID: 2962429428-0
                                                                      • Opcode ID: 248a4677ca020e95ef84e429e29d9649a36739842d52bb2f7058107c3b1b520b
                                                                      • Instruction ID: 47842f6893fd54a194b62c9de1d05296231f116bfb41b6308c5097df30b643c5
                                                                      • Opcode Fuzzy Hash: 248a4677ca020e95ef84e429e29d9649a36739842d52bb2f7058107c3b1b520b
                                                                      • Instruction Fuzzy Hash: 80113D32506B0181EB14AF71D55433CA6B4FF94FA8F956336CA1D066D8CF38E89082A4