Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
random.exe

Overview

General Information

Sample name:random.exe
Analysis ID:1522878
MD5:0bdc931dfbf405332ba87054d9096a2e
SHA1:1ecc8bb8d214b720247664d0393aa8ec10a23703
SHA256:2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6
Tags:exe
Infos:

Detection

Credential Flusher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of debugger detection
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • random.exe (PID: 5064 cmdline: "C:\Users\user\Desktop\random.exe" MD5: 0BDC931DFBF405332BA87054D9096A2E)
    • chrome.exe (PID: 5232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6680 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 8068 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 8076 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: random.exe PID: 5064JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: random.exeReversingLabs: Detection: 36%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
    Machine Learning detection for sample
    Source: random.exeJoe Sandbox ML: detected
    Source: random.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:59896 version: TLS 1.2
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_002ADBBE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B68EE FindFirstFileW,FindClose,0_2_002B68EE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_002B698F
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_002AD076
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_002AD3A9
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_002B9642
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_002B979D
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_002B9B2B
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_002B5C97
    Source: global trafficTCP traffic: 192.168.2.4:59894 -> 162.159.36.2:53
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 162.159.36.2
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002BCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_002BCE44
    Source: global trafficHTTP traffic detected: GET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1Host: www.youtube.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
    Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1425405937&timestamp=1727717825856 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=518=lesMq93QOdyBHSS9vKZYHr61R838TtwYnb53UIjW7MHgUNzAQa_20dDAahryNUu3FCWLcfreFlf2Hi6YYMrR7Qhvo8cIHrQLDDWISpxJZTftxYbWLydDtut7xpBFuL6Jtwu_fCB5amAbvVYIsSL71ldKZ_2oJ792CzsFLW33MBDI67-V9D4
    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=EPMS9PtKV5L8tAt&MD=nFPxbtaW HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=EPMS9PtKV5L8tAt&MD=nFPxbtaW HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: chromecache_77.3.drString found in binary or memory: _.iq(p)+"/familylink/privacy/notice/embedded?langCountry="+_.iq(p);break;case "PuZJUb":a+="https://www.youtube.com/t/terms?chromeless=1&hl="+_.iq(m);break;case "fxTQxb":a+="https://youtube.com/t/terms?gl="+_.iq(_.rq(c))+"&hl="+_.iq(d)+"&override_hl=1"+(f?"&linkless=1":"");break;case "prAmvd":a+="https://www.google.com/intl/"+_.iq(m)+"/chromebook/termsofservice.html?languageCode="+_.iq(d)+"&regionCode="+_.iq(c);break;case "NfnTze":a+="https://policies.google.com/privacy/google-partners"+(f?"/embedded": equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: accounts.youtube.com
    Source: global trafficDNS traffic detected: DNS query: play.google.com
    Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 519sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-Type: application/x-www-form-urlencoded;charset=UTF-8sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"X-Goog-AuthUser: 0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://accounts.google.comX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: chromecache_82.3.drString found in binary or memory: https://accounts.google.com
    Source: chromecache_82.3.drString found in binary or memory: https://accounts.google.com/TOS?loc=
    Source: chromecache_86.3.drString found in binary or memory: https://apis.google.com/js/api.js
    Source: chromecache_82.3.drString found in binary or memory: https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage
    Source: chromecache_77.3.drString found in binary or memory: https://families.google.com/intl/
    Source: chromecache_86.3.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/drive_2020q4/v10/192px.svg
    Source: chromecache_86.3.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/gmail_2020q4/v10/web-48dp/logo_gmail_2020q4_color_2x_web_
    Source: chromecache_86.3.drString found in binary or memory: https://fonts.gstatic.com/s/i/productlogos/maps/v7/192px.svg
    Source: chromecache_82.3.drString found in binary or memory: https://g.co/recover
    Source: chromecache_77.3.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: chromecache_82.3.drString found in binary or memory: https://play.google.com/work/enroll?identifier=
    Source: chromecache_77.3.drString found in binary or memory: https://play.google/intl/
    Source: chromecache_77.3.drString found in binary or memory: https://policies.google.com/privacy
    Source: chromecache_77.3.drString found in binary or memory: https://policies.google.com/privacy/additional
    Source: chromecache_77.3.drString found in binary or memory: https://policies.google.com/privacy/google-partners
    Source: chromecache_77.3.drString found in binary or memory: https://policies.google.com/technologies/cookies
    Source: chromecache_77.3.drString found in binary or memory: https://policies.google.com/technologies/location-data
    Source: chromecache_77.3.drString found in binary or memory: https://policies.google.com/terms
    Source: chromecache_77.3.drString found in binary or memory: https://policies.google.com/terms/location
    Source: chromecache_77.3.drString found in binary or memory: https://policies.google.com/terms/service-specific
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-email-pin.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-password.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-or-voice-pin.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-sms-pin.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/account-recovery-stop-go-landing-page_1x.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/animation/
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_device.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/ble_pin.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_1x.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_2x.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/contacts_backup_sync_darkmode_1x.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/continue_on_your_phone.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_phone_number_verification.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_silent_tap_yes_darkmode.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/device_prompt_tap_yes_darkmode.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kid_success_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_dark_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_updated_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidfork_who_will_use_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_not_ready.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignin_stick_around_dark_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_account_darkmode_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_child_privacy_darkmode_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_created.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_double_device_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_full_house.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_link_accounts_darkmode_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_app_decision_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_parent_supervision_darkmode_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_respect_others_darkmode_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_single_device_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/kidsignup_stop.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/personalization_reminders.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/phone_number_sign_in_2x.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/return_to_desktop_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_ios_center.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_laptop.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_nfc_discovered_darkmode.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/security_key_phone.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_ios.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_googleapp_pulldown.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/signin_tapyes.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/smart_lock_2x.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/usb_key.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/web_and_app_activity.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/who_will_be_using_this_device.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/embedded/you_tube_history.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/feature_not_available_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/gmail_ios_authzen.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/paaskey.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_challenge_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_cross_device_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_error_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_enrollment_reauth_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkey_success_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/passkeyerror_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/red_globe_light.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/screenlock.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_ipad.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_nfc.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_iphone_usb.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_key_phone.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/security_keys.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/marc/success_checkmark_2_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/loading_spinner_gm.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/progress_spinner_color_20dp_4x.gif
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/accounts/ui/success-gm-default_2x.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/apps/signup/resources/custom-email-address.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/images/hpp/shield_security_checkup_green_2x_web_96dp.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_dark_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/account_setup_chapter_v1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_dark_v1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/device_setup_chapter_v1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_dark_v1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/chaptering/parental_control_chapter_v1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_accountslinked_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_childneedshelp_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/conversion/conversion_nextstepsforparents_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_allset_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_apps_devices_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_areyousurekid_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_birthdayemail_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_choose_apps_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_confirmation.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_exploremore_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_intro_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacy_terms_a18_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_privacyterms_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_review_settings_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_safe_search_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_unchanged_a18_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_success_update_a18_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_a18_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervision_choice_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/graduation/graduation_supervisiongrad_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_0.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/guardianlinking/linking_complete_dark_0.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/ads_personalization_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/confirmation_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/eligibility_error_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/fork_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/intro_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/personal_results_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/minormodeexit/safe_search_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/check_notifications_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_installing_family_link_dark_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_location_sharing_dark_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_parental_controls_dark_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/kid_watch_set_up_school_time_dark_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/location_sharing_enabled_dark_3.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/parent_sign_in_prologue_dark_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_complete_dark_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_contacts_dark_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_boy_dark_1.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/set_up_family_link_girl_dark_2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_dark_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/onboarding/ulp_continue_without_gmail_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/all_set_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/are_you_sure_parent_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/content_restriction_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/error_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/how_controls_work_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/next_steps_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/setup_controls_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_parent_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teensupervisionreview/who_teen_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/teentoadultgraduation/supervision_choice_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/kid_setup_parent_escalation_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/send_email_confirmation_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulp_appblock/success_sent_email_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/images/ulpupgrade/kidprofileupgrade_all_set_darkmode.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/all_set_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/almost_done_kids_space_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_tablet_v2_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/devices_connected_v2_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/emailinstallfamilylink_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/familylinkinstalling_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_dark_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/hand_over_device_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/linking_accounts_v2_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/locationsetup_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_email_v2_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/manage_parental_controls_v2_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/open_family_link_v2_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/parents_help_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/set_up_kids_space_dark.png
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setupcontrol_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuplocation_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/setuptimelimits_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/supervision_ready_v2_dark.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess.svg
    Source: chromecache_86.3.drString found in binary or memory: https://ssl.gstatic.com/kids/onboarding/illustrations/youtubeaccess_dark.svg
    Source: chromecache_82.3.drString found in binary or memory: https://support.google.com/accounts?hl=
    Source: chromecache_77.3.drString found in binary or memory: https://support.google.com/accounts?p=new-si-ui
    Source: chromecache_82.3.drString found in binary or memory: https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072
    Source: chromecache_86.3.drString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
    Source: chromecache_82.3.drString found in binary or memory: https://www.google.com
    Source: chromecache_77.3.drString found in binary or memory: https://www.google.com/intl/
    Source: chromecache_86.3.drString found in binary or memory: https://www.gstatic.com/accounts/speedbump/authzen_optin_illustration.gif
    Source: chromecache_86.3.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/chrome_48dp.png
    Source: chromecache_86.3.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/googleg_48dp.png
    Source: chromecache_86.3.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/gsa_48dp.png
    Source: chromecache_86.3.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/play_prism_48dp.png
    Source: chromecache_86.3.drString found in binary or memory: https://www.gstatic.com/images/branding/product/2x/youtube_48dp.png
    Source: chromecache_77.3.drString found in binary or memory: https://www.gstatic.com/images/branding/productlogos/googleg/v6/36px.svg
    Source: chromecache_77.3.drString found in binary or memory: https://www.youtube.com/t/terms?chromeless=1&hl=
    Source: random.exe, 00000000.00000002.2905759663.0000000001B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: random.exe, 00000000.00000002.2905759663.0000000001B69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdb7
    Source: random.exe, 00000000.00000002.2906979534.0000000004517000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdeos
    Source: chromecache_77.3.drString found in binary or memory: https://youtube.com/t/terms?gl=
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59906
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59902
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59905
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59904
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59898 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59901
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59896 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59896
    Source: unknownNetwork traffic detected: HTTP traffic on port 59904 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59906 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 59902 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59898
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59905 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 59901 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49744 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49773 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:59896 version: TLS 1.2
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_002BEAFF
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002BED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_002BED6A
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002BEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_002BEAFF
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002AAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_002AAA57
    Source: random.exe, 00000000.00000002.2906826735.00000000040E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _WINAPI_GETRAWINPUTDATAmemstr_867f3119-2
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002D9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_002D9576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: random.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: random.exe, 00000000.00000000.1654192845.0000000000302000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_da93df1e-f
    Source: random.exe, 00000000.00000000.1654192845.0000000000302000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_19f4f324-3
    Source: random.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c934ac9c-2
    Source: random.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_3229a276-2
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002AD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_002AD5EB
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_002A1201
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002AE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_002AE8F6
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0024BF400_2_0024BF40
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002480600_2_00248060
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B20460_2_002B2046
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002A82980_2_002A8298
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0027E4FF0_2_0027E4FF
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0027676B0_2_0027676B
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002D48730_2_002D4873
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026CAA00_2_0026CAA0
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0024CAF00_2_0024CAF0
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025CC390_2_0025CC39
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00276DD90_2_00276DD9
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025D0650_2_0025D065
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025B1190_2_0025B119
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002491C00_2_002491C0
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002613940_2_00261394
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002617060_2_00261706
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026781B0_2_0026781B
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002479200_2_00247920
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025997D0_2_0025997D
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002619B00_2_002619B0
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00267A4A0_2_00267A4A
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00261C770_2_00261C77
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00267CA70_2_00267CA7
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002CBE440_2_002CBE44
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00279EEE0_2_00279EEE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00261F320_2_00261F32
    Source: C:\Users\user\Desktop\random.exeCode function: String function: 0025F9F2 appears 31 times
    Source: C:\Users\user\Desktop\random.exeCode function: String function: 00260A30 appears 46 times
    Source: random.exe, 00000000.00000002.2906409857.0000000003F97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Comments|CompanyName|FileDescription|FileVersion|InternalName|LegalCopyright|LegalTrademarks|OriginalFilename|ProductName|ProductVersion|PrivateBuild|SpecialBuildrrorH vs random.exe
    Source: random.exe, 00000000.00000002.2906409857.0000000003F97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Comments|CompanyName|FileDescription|FileVersion|InternalName|LegalCopyright|LegalTrademarks|OriginalFilename|ProductName|ProductVersion|PrivateBuild|SpecialBuildhs;pt vs random.exe
    Source: random.exe, 00000000.00000002.2905180537.0000000001888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FV_ORIGINALFILENAMEg vs random.exe
    Source: random.exe, 00000000.00000002.2905180537.0000000001888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTF8 vs random.exe
    Source: random.exe, 00000000.00000002.2905180537.0000000001888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FV_ORIGINALFILENAMEl vs random.exe
    Source: random.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal76.troj.evad.winEXE@29/32@13/8
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B37B5 GetLastError,FormatMessageW,0_2_002B37B5
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002A10BF AdjustTokenPrivileges,CloseHandle,0_2_002A10BF
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002A16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_002A16C3
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_002B51CD
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002CA67C CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_002CA67C
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_002B648E
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002442A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_002442A2
    Source: random.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\random.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\random.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: random.exeReversingLabs: Detection: 36%
    Source: unknownProcess created: C:\Users\user\Desktop\random.exe "C:\Users\user\Desktop\random.exe"
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: edputil.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: windows.staterepositoryps.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: appresolver.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: bcp47langs.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: slc.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: sppc.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: onecorecommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\Desktop\random.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: random.exeStatic file information: File size 1167360 > 1048576
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: random.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: random.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002442DE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00260A76 push ecx; ret 0_2_00260A89
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0025F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0025F98E
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002D1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_002D1C41
    Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\random.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-94872
    Source: C:\Users\user\Desktop\random.exeWindow / User API: threadDelayed 6662Jump to behavior
    Source: C:\Users\user\Desktop\random.exeAPI coverage: 3.4 %
    Source: C:\Users\user\Desktop\random.exe TID: 2996Thread sleep time: -66620s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\random.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\random.exeThread sleep count: Count: 6662 delay: -10Jump to behavior
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002ADBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_002ADBBE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B68EE FindFirstFileW,FindClose,0_2_002B68EE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_002B698F
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002AD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_002AD076
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002AD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_002AD3A9
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_002B9642
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_002B979D
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_002B9B2B
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_002B5C97
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002442DE
    Source: random.exe, 00000000.00000002.2905180537.0000000001888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
    Source: random.exe, 00000000.00000002.2905180537.0000000001888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
    Source: random.exe, 00000000.00000002.2906979534.0000000004517000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42

    Anti Debugging

    barindex
    Found API chain indicative of debugger detection
    Source: C:\Users\user\Desktop\random.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_0-94821
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002BEAA2 BlockInput,0_2_002BEAA2
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00272622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00272622
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002442DE
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00264CE8 mov eax, dword ptr fs:[00000030h]0_2_00264CE8
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_002A0B62
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00272622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00272622
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0026083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0026083F
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002609D5 SetUnhandledExceptionFilter,0_2_002609D5
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00260C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00260C21
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002A1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_002A1201
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00282BA5 SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00282BA5
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002AB226 SendInput,keybd_event,0_2_002AB226
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002C22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_002C22DA
    Source: C:\Users\user\Desktop\random.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002A0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_002A0B62
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002A1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_002A1663
    Source: random.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: random.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00260698 cpuid 0_2_00260698
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002B8195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_002B8195
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0029D27A GetUserNameW,0_2_0029D27A
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0027BB6F _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_0027BB6F
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002442DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_002442DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: random.exe PID: 5064, type: MEMORYSTR
    Source: random.exeBinary or memory string: WIN_81
    Source: random.exe, 00000000.00000002.2905180537.0000000001888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_XP
    Source: random.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: random.exeBinary or memory string: WIN_XPe
    Source: random.exeBinary or memory string: WIN_VISTA
    Source: random.exeBinary or memory string: WIN_7
    Source: random.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: random.exe PID: 5064, type: MEMORYSTR
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002C1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_002C1204
    Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002C1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_002C1806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Native API    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		1
    Disable or Modify Tools    		31
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault AccountsScheduled Task/Job2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol31
    Input Capture    		11
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
    Valid Accounts    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
    Access Token Manipulation    		1
    DLL Side-Loading    		NTDS15
    System Information Discovery    		Distributed Component Object ModelInput Capture4
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
    Process Injection    		2
    Valid Accounts    		LSA Secrets221
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
    Virtualization/Sandbox Evasion    		Cached Domain Credentials22
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
    Access Token Manipulation    		DCSync2
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
    Process Injection    		Proc Filesystem11
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    random.exe37%ReversingLabsWin32.Trojan.Generic
    random.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://play.google/intl/0%URL Reputationsafe
    https://families.google.com/intl/0%URL Reputationsafe
    https://policies.google.com/technologies/location-data0%URL Reputationsafe
    https://apis.google.com/js/api.js0%URL Reputationsafe
    https://policies.google.com/privacy/google-partners0%URL Reputationsafe
    https://policies.google.com/terms/service-specific0%URL Reputationsafe
    https://g.co/recover0%URL Reputationsafe
    https://policies.google.com/privacy/additional0%URL Reputationsafe
    https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=32850720%URL Reputationsafe
    https://policies.google.com/technologies/cookies0%URL Reputationsafe
    https://policies.google.com/terms0%URL Reputationsafe
    https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=0%URL Reputationsafe
    https://support.google.com/accounts?hl=0%URL Reputationsafe
    https://policies.google.com/privacy0%URL Reputationsafe
    https://support.google.com/accounts?p=new-si-ui0%URL Reputationsafe
    https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessage0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    youtube-ui.l.google.com
    		142.250.186.110
    		truefalse
      		unknown
      www3.l.google.com
      		142.250.185.206
      		truefalse
        		unknown
        play.google.com
        		142.250.186.46
        		truefalse
          		unknown
          www.google.com
          		142.250.186.36
          		truefalse
            		unknown
            youtube.com
            		142.250.185.142
            		truefalse
              		unknown
              accounts.youtube.com
              		unknown
              		unknownfalse
                		unknown
                www.youtube.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://play.google.com/log?format=json&hasfast=true&authuser=0false
                    		unknown
                    https://www.google.com/favicon.icofalse
                      		unknown
                      https://play.google.com/log?hasfast=true&authuser=0&format=jsonfalse
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://play.google/intl/chromecache_77.3.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://families.google.com/intl/chromecache_77.3.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://youtube.com/t/terms?gl=chromecache_77.3.drfalse
                          		unknown
                          https://policies.google.com/technologies/location-datachromecache_77.3.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/intl/chromecache_77.3.drfalse
                            		unknown
                            https://apis.google.com/js/api.jschromecache_86.3.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://policies.google.com/privacy/google-partnerschromecache_77.3.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://play.google.com/work/enroll?identifier=chromecache_82.3.drfalse
                              		unknown
                              https://policies.google.com/terms/service-specificchromecache_77.3.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://g.co/recoverchromecache_82.3.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://policies.google.com/privacy/additionalchromecache_77.3.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://support.google.com/websearch/answer/4358949?hl=ko&ref_topic=3285072chromecache_82.3.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://policies.google.com/technologies/cookieschromecache_77.3.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://policies.google.com/termschromecache_77.3.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=chromecache_86.3.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.google.comchromecache_82.3.drfalse
                                		unknown
                                https://play.google.com/log?format=json&hasfast=truechromecache_77.3.drfalse
                                  		unknown
                                  https://www.youtube.com/t/terms?chromeless=1&hl=chromecache_77.3.drfalse
                                    		unknown
                                    https://support.google.com/accounts?hl=chromecache_82.3.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://policies.google.com/terms/locationchromecache_77.3.drfalse
                                      		unknown
                                      https://policies.google.com/privacychromecache_77.3.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://support.google.com/accounts?p=new-si-uichromecache_77.3.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://apis.google.com/js/rpc:shindig_random.js?onload=credentialservice.postMessagechromecache_82.3.drfalse
                                      • URL Reputation: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      142.250.186.46
                                      		play.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      142.250.185.206
                                      		www3.l.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      142.250.186.36
                                      		www.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      216.58.206.46
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      239.255.255.250
                                      		unknownReserved
                                      		unknownunknownfalse
                                      142.250.186.110
                                      		youtube-ui.l.google.comUnited States
                                      		15169GOOGLEUSfalse

                                      Private

                                      IP
                                      192.168.2.4
                                      192.168.2.23

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1522878
                                      Start date and time:2024-09-30 19:36:05 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 4m 32s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:10
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:random.exe
                                      Detection:MAL
                                      Classification:mal76.troj.evad.winEXE@29/32@13/8
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HCA Information:
                                      • Successful, ratio: 98%
                                      • Number of executed functions: 45
                                      • Number of non-executed functions: 310
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 142.250.185.174, 64.233.184.84, 142.250.185.142, 142.250.185.67, 34.104.35.123, 66.102.1.84, 142.250.185.163, 216.58.206.67, 216.58.206.74, 142.250.186.42, 142.250.185.170, 142.250.184.202, 142.250.185.106, 142.250.181.234, 216.58.206.42, 142.250.184.234, 172.217.18.10, 172.217.16.202, 216.58.212.170, 142.250.186.74, 142.250.185.234, 142.250.186.170, 142.250.185.138, 142.250.185.202, 142.250.185.74, 172.217.23.106, 93.184.221.240, 192.229.221.95, 142.250.185.131, 74.125.133.84, 172.217.18.14
                                      • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • VT rate limit hit for: random.exe

                                      Simulations

                                      Behavior and APIs

                                      No simulations

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      239.255.255.250Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                        https://targetemissionservices.ezofficeinventory.com/users/sign_inGet hashmaliciousUnknownBrowse
                                          BX7yRz7XqF.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                            jKSjtQ8W7O.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                              U7TJ7Rq13y.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                Sv6eQZzG0Z.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                  http://oiut-hbhgvgcvgcfcfcxbh.s3-website.us-east-2.amazonaws.com/Get hashmaliciousHTMLPhisherBrowse
                                                    https://mafanikiosacco-my.sharepoint.com/:f:/p/info/EgPH1s54501Ki8NU-gutZLABOsAyZ-dhIPJaM6vWEXJqUQ?e=PJpX12Get hashmaliciousHTMLPhisherBrowse
                                                      https://myworkspace183015a0ec.myclickfunnels.com/reviewdoc--96b32?preview=trueGet hashmaliciousUnknownBrowse
                                                        https://mandrillapp.com/track/click/30481271/www.doku.com?p=eyJzIjoibU5DZVhaM2w5MjJrQzZUaXptdlBXY2VNN2VnIiwidiI6MSwicCI6IntcInVcIjozMDQ4MTI3MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL3d3dy5kb2t1LmNvbVxcXC91XFxcL01PMjI3cXdcIixcImlkXCI6XCIxZjY5Nzc3NzBlZjU0NTg3OThmOTMwN2YyMzc5Y2VlOFwiLFwidXJsX2lkc1wiOltcImZiY2Y5N2U4ZWY0YzlkODk1Y2MxMGM4Y2YzYTdkZjc5YzU2NzU4MTlcIl19In0Get hashmaliciousUnknownBrowse

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          youtube.comhttp://clone-of-spotify.freewebhostmost.com/Get hashmaliciousUnknownBrowse
                                                          • 142.250.184.206

                                                          ASNs

                                                          No context

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          28a2c9bd18a11de089ef85a160da29e4Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27
                                                          BX7yRz7XqF.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27
                                                          jKSjtQ8W7O.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27
                                                          U7TJ7Rq13y.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27
                                                          Sv6eQZzG0Z.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27
                                                          https://mafanikiosacco-my.sharepoint.com/:f:/p/info/EgPH1s54501Ki8NU-gutZLABOsAyZ-dhIPJaM6vWEXJqUQ?e=PJpX12Get hashmaliciousHTMLPhisherBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27
                                                          https://myworkspace183015a0ec.myclickfunnels.com/reviewdoc--96b32?preview=trueGet hashmaliciousUnknownBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27
                                                          http://servicesnaustraliagov.info/adminGet hashmaliciousUnknownBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27
                                                          https://serrespec.weebly.com/tc2000-stock-charting-software.htmlGet hashmaliciousUnknownBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27
                                                          https://formacionadieste.com.de/Vrvz/Get hashmaliciousHTMLPhisherBrowse
                                                          • 4.245.163.56
                                                          • 184.28.90.27

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          Chrome Cache Entry: 73

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:HTML document, ASCII text, with very long lines (681)
                                                          Category:downloaded
                                                          Size (bytes):4070
                                                          Entropy (8bit):5.362700670482359
                                                          Encrypted:false
                                                          SSDEEP:96:GUpT+TmXtdW1qsHFcn7t7CnyWYvNTcLaQOw:lpT+qXW1PFcn7tGnyWY1TGb
                                                          MD5:ED368A20CB303C0E7C6A3E6E43C2E14F
                                                          SHA1:429A5C538B45221F80405163D1F87912DD73C05A
                                                          SHA-256:93BA77AD4B11E0A70C0D36576F0DF24E27F50001EA02BAA6D357E034532D97F2
                                                          SHA-512:DE74BBADE910475DD245FFEFD4E1FD10137DE710B1C920D33BA52554911496E1339EF3C1F6D9D315CBC98A60ABE5687A3E7D8BEE483708E18D25722E794BDBE9
                                                          Malicious:false
                                                          Reputation:moderate, very likely benign file
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZfAoz,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe"
                                                          Preview:"use strict";_F_installCss(".N7rBcd{overflow-x:auto}sentinel{}");.this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.zg(_.dqa);._.k("sOXFj");.var ou=function(a){_.X.call(this,a.Fa)};_.J(ou,_.X);ou.Ba=_.X.Ba;ou.prototype.aa=function(a){return a()};_.iu(_.cqa,ou);._.l();._.k("oGtAuc");._.oya=new _.uf(_.dqa);._.l();._.k("q0xTif");.var iza=function(a){var b=function(d){_.Zn(d)&&(_.Zn(d).Gc=null,_.yu(d,null));d.XyHi9&&(d.XyHi9=null)};b(a);a=a.querySelectorAll("[c-wiz]");for(var c=0;c<a.length;c++)b(a[c])},Ku=function(a){_.et.call(this,a.Fa);this.Qa=this.dom=null;if(this.Vk()){var b=_.Jm(this.Mg(),[_.Om,_.Nm]);b=_.ri([b[_.Om],b[_.Nm]]).then(function(c){this.Qa=c[0];this.dom=c[1]},null,this);_.cu(this,b)}this.Ra=a.Xl.Hda};_.J(Ku,_.et);Ku.Ba=function(){return{Xl:{Hda:function(a){return _.Ye(a)}}}};Ku.prototype.yp=function(a){return this.Ra.yp(a)};.Ku.prototype.getData=function(a){return this.Ra.getData(a)};Ku.prototype.vp=function(){_.Ft(this.d

                                                          Chrome Cache Entry: 74

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (1694)
                                                          Category:downloaded
                                                          Size (bytes):32499
                                                          Entropy (8bit):5.361345284201954
                                                          Encrypted:false
                                                          SSDEEP:768:mLX1O+aL6fgyIiREM4RKmh90toLoTswtF3ATcbDR6kIsnJd9DPyMv/FI:U2M4oltoLoTswtFoc/tIsnXFLI
                                                          MD5:D5C3FB8EAE24AB7E40009338B5078496
                                                          SHA1:5638BF5986A6445A88CD79A9B690B744B126BEC2
                                                          SHA-256:597C14D360D690BCFDC2B8D315E6BB8879AEF33DE6C30D274743079BDB63C6B0
                                                          SHA-512:6AE434850D473BEF15AA694AB4862596982CDDA6BD3991991D3ADD8F4A5F61DFBF8756D0DA98B72EF083909D68CF7B6B148A6488E9381F92FBF15CCB20176A0E
                                                          Malicious:false
                                                          Reputation:moderate, very likely benign file
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{.var qua=function(a,b){this.da=a;this.ea=b;if(!c){var c=new _.gp("//www.google.com/images/cleardot.gif");_.rp(c)}this.ka=c};_.h=qua.prototype;_.h.Vc=null;_.h.QY=1E4;_.h.Iz=!1;_.h.TP=0;_.h.qJ=null;_.h.DU=null;_.h.setTimeout=function(a){this.QY=a};_.h.start=function(){if(this.Iz)throw Error("dc");this.Iz=!0;this.TP=0;rua(this)};_.h.stop=function(){sua(this);this.Iz=!1};.var rua=function(a){a.TP++;navigator!==null&&"onLine"in navigator&&!navigator.onLine?_.om((0,_.eg)(a.JG,a,!1),0):(a.aa=new Image,a.aa.onload=(0,_.eg)(a.Xia,a),a.aa.onerror=(0,_.eg)(a.Wia,a),a.aa.onabort=(0,_.eg)(a.Via,a),a.qJ=_.om(a.Yia,a.QY,a),a.aa.src=String(a.ka))};_.h=qua.prototype;_.h.Xia=function(){this.JG(!0)};_.h.Wia=function(){this.JG(!1)};_.h.Via=function(){this.JG(!1)};_.h.Yia=function(){this.JG(!1)};._.h.JG=function(a){sua(this);a?(this.Iz=!1,this.da.call(this.ea,!0)):this.TP<=0?rua(this):(this.Iz=!1,

                                                          Chrome Cache Entry: 75

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (755)
                                                          Category:downloaded
                                                          Size (bytes):1416
                                                          Entropy (8bit):5.299417038163051
                                                          Encrypted:false
                                                          SSDEEP:24:kMYD7JqrxsNL90YIzFK/Hb5eNhz1uktdDuvKKKGbLZ99GbSSF/ZR8OkdnprGJ:o7JopFN+ASCKKGbF99GbSS3RY7rw
                                                          MD5:6AEAE74D22F7C2D9658B057EA5D85069
                                                          SHA1:2F4644F53FB4E8EC4AFD49A31C55853F062D284C
                                                          SHA-256:EBFE7B5A1020808B9A02667ECC0E7E460643CBDE84F0B9C410C70A91C9726667
                                                          SHA-512:C43F067D649CBC3091B9878715F718E47CD753C860EBEB20CD387C325640C2EF3CA9556D0689852CEF667C8E83BF42568BEF33C8A92BC07FDB91CB7EA608162D
                                                          Malicious:false
                                                          Reputation:moderate, very likely benign file
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("P6sQOc");.var MZa=!!(_.Nh[1]&16);var OZa=function(a,b,c,d,e){this.ea=a;this.ta=b;this.ka=c;this.Ca=d;this.Ga=e;this.aa=0;this.da=NZa(this)},PZa=function(a){var b={};_.Ma(a.hS(),function(e){b[e]=!0});var c=a.WR(),d=a.cS();return new OZa(a.XO(),c.aa()*1E3,a.oR(),d.aa()*1E3,b)},NZa=function(a){return Math.random()*Math.min(a.ta*Math.pow(a.ka,a.aa),a.Ca)},HG=function(a,b){return a.aa>=a.ea?!1:b!=null?!!a.Ga[b]:!0};var IG=function(a){_.X.call(this,a.Fa);this.da=a.Ea.mV;this.ea=a.Ea.metadata;a=a.Ea.lga;this.fetch=a.fetch.bind(a)};_.J(IG,_.X);IG.Ba=function(){return{Ea:{mV:_.KZa,metadata:_.HZa,lga:_.AZa}}};IG.prototype.aa=function(a,b){if(this.ea.getType(a.Md())!==1)return _.Vm(a);var c=this.da.JU;return(c=c?PZa(c):null)&&HG(c)?_.mya(a,QZa(this,a,b,c)):_.Vm(a)};.var QZa=function(a,b,c,d){return c.then(function(e){return e},function(e){if(MZa)if(e instanceof _.qf){if(!e.status||

                                                          Chrome Cache Entry: 76

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                          Category:downloaded
                                                          Size (bytes):5430
                                                          Entropy (8bit):3.6534652184263736
                                                          Encrypted:false
                                                          SSDEEP:48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
                                                          MD5:F3418A443E7D841097C714D69EC4BCB8
                                                          SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                                                          SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                                                          SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                                                          Malicious:false
                                                          URL:https://www.google.com/favicon.ico
                                                          Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                                                          Chrome Cache Entry: 77

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (3190)
                                                          Category:downloaded
                                                          Size (bytes):339369
                                                          Entropy (8bit):5.533022690974177
                                                          Encrypted:false
                                                          SSDEEP:3072:9hFx8tVGv15Iyr4t4s2GvgHVTYDh+rvVvurtVEWzcLmLyszIm8j2kzU:9NlvE+zTYDh+rvh8cLMijFg
                                                          MD5:FF16B667178352EFDF164CE3F16A8F55
                                                          SHA1:E9B1BC661337502E31306B5E7AE37D93C0551455
                                                          SHA-256:625EC33FBA1BFF3734490AC15C8430CDB5850E9159B80F607E093BB73B7F243B
                                                          SHA-512:F197393CB05F94BCEDA0FE3176842E09CFCFC2348DE22C9815DD8369D5D333038E8F93F426994482E2E9731A859FA9B6B6062BAD4AA3BFD3C0730281C4CCADB9
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI"
                                                          Preview:"use strict";_F_installCss(".EE6QGf{border-bottom-style:solid;border-bottom-width:1px;padding:16px;width:100%;z-index:6;background:#fff;background:var(--gm3-sys-color-surface-container-lowest,#fff);border-color:#c4c7c5;border-color:var(--gm3-sys-color-outline-variant,#c4c7c5);display:block;position:relative}.EE6QGf~.S7xv8,.EE6QGf~.gfM9Zd{padding-top:inherit}@media (min-width:600px){.EE6QGf{align-items:center;display:flex;left:0;position:fixed;top:0}.EE6QGf~.S7xv8,.EE6QGf~.gfM9Zd{padding-top:150px}}@media (min-width:600px) and (orientation:landscape){.EE6QGf{display:block;position:relative}.EE6QGf~.S7xv8,.EE6QGf~.gfM9Zd{padding-top:inherit}}@media (min-width:960px) and (orientation:landscape){.EE6QGf{align-items:center;display:flex;left:0;position:fixed;top:0}.EE6QGf~.S7xv8,.EE6QGf~.gfM9Zd{padding-top:150px}}.PZB4Lc{display:flex;width:100%}.YLIzab{font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1rem;font-weight:500;letter-spacing:0rem;line-height:1

                                                          Chrome Cache Entry: 78

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (683)
                                                          Category:downloaded
                                                          Size (bytes):3131
                                                          Entropy (8bit):5.3750044852869046
                                                          Encrypted:false
                                                          SSDEEP:48:o7zfN/cD498xdg+Y5jNQ8js6npwk0OmNAEZbpMzR4EQBcW5QcHj9KWfGAeFKRrw:oCD9dA5jOEGh+EFqR4rhqUhzff9w
                                                          MD5:39693D34EE3D1829DBB1627C4FC6687B
                                                          SHA1:A03303C2F027F3749B48D5134D1F8FB3E495C6E9
                                                          SHA-256:03B0C1B4E402E0BCF75D530DD9085B25357EEFD09E238453DE1F3A042542C076
                                                          SHA-512:AC0749EDC33DA0EC0E40470388DD797B6528AD08B8FAC1C2AC42F85198131052BA1B533E90409D35DA237607E8B07D591FA6BA580B6A90B0D0AB2282A01F7585
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("ZwDk9d");.var bA=function(a){_.X.call(this,a.Fa)};_.J(bA,_.X);bA.Ba=_.X.Ba;bA.prototype.wR=function(a){return _.af(this,{Wa:{HS:_.ol}}).then(function(b){var c=window._wjdd,d=window._wjdc;return!c&&d?new _.oi(function(e){window._wjdc=function(f){d(f);e(PJa(f,b,a))}}):PJa(c,b,a)})};var PJa=function(a,b,c){return(a=a&&a[c])?a:b.Wa.HS.wR(c)};.bA.prototype.aa=function(a,b){var c=_.csa(b).Gj;if(c.startsWith("$")){var d=_.jm.get(a);_.xq[b]&&(d||(d={},_.jm.set(a,d)),d[c]=_.xq[b],delete _.xq[b],_.yq--);if(d)if(a=d[c])b=_.ef(a);else throw Error("Jb`"+b);else b=null}else b=null;return b};_.iu(_.Mfa,bA);._.l();._.k("SNUn3");._.OJa=new _.uf(_.Ag);._.l();._.k("RMhBfe");.var QJa=function(a){var b=_.wq(a);return b?new _.oi(function(c,d){var e=function(){b=_.wq(a);var f=_.Tfa(a,b);f?c(f.getAttribute("jsdata")):window.document.readyState=="complete"?(f=["Unable to find deferred jsdata wit

                                                          Chrome Cache Entry: 79

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
                                                          Category:downloaded
                                                          Size (bytes):52280
                                                          Entropy (8bit):7.995413196679271
                                                          Encrypted:true
                                                          SSDEEP:1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
                                                          MD5:F61F0D4D0F968D5BBA39A84C76277E1A
                                                          SHA1:AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
                                                          SHA-256:57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
                                                          SHA-512:6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
                                                          Malicious:false
                                                          URL:https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
                                                          Preview:wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.*',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.|*(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.5*1w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e*......71.?.7.ORv.?...l...G|.P...|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....|..D.d..

                                                          Chrome Cache Entry: 80

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (468)
                                                          Category:downloaded
                                                          Size (bytes):1858
                                                          Entropy (8bit):5.253939888205379
                                                          Encrypted:false
                                                          SSDEEP:48:o7BNJfeFb8L3A6FHqIy5Z+d70OCzSfvi/3fM/r8ZQzRrw:oFuILhFHrVCz0vLZz9w
                                                          MD5:10FF6F99E3228E96AFD6E2C30EF97C0A
                                                          SHA1:4AE3DCB8D1F5A0C302D5BAD9DFF5050A7A5E8130
                                                          SHA-256:95E5546E1C7F311D07BB5050CC456A973E43BCC4777BA6014757376016537679
                                                          SHA-512:116C0B1CAC98A27044100005545AB66BE5F4801D75DC259093A9F145B3A4ACD8DC1C360AF525F6DC8421CD54B675A78023D2ED8B57F5946A3969543758C673C9
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("iAskyc");._.$Z=function(a){_.X.call(this,a.Fa);this.window=a.Ea.window.get();this.Mc=a.Ea.Mc};_.J(_.$Z,_.X);_.$Z.Ba=function(){return{Ea:{window:_.lu,Mc:_.vE}}};_.$Z.prototype.Mo=function(){};_.$Z.prototype.addEncryptionRecoveryMethod=function(){};_.a_=function(a){return(a==null?void 0:a.Go)||function(){}};_.b_=function(a){return(a==null?void 0:a.N2)||function(){}};_.OOb=function(a){return(a==null?void 0:a.Mp)||function(){}};._.POb=function(a){return new Map(Array.from(a,function(b){var c=_.n(b);b=c.next().value;c=c.next().value;return[b,c.map(function(d){return{epoch:d.epoch,key:new Uint8Array(d.key)}})]}))};_.QOb=function(a){setTimeout(function(){throw a;},0)};_.$Z.prototype.WN=function(){return!0};_.iu(_.Dn,_.$Z);._.l();._.k("ziXSP");.var t_=function(a){_.$Z.call(this,a.Fa)};_.J(t_,_.$Z);t_.Ba=_.$Z.Ba;t_.prototype.Mo=function(a,b,c){var d;if((d=this.window.chrome)==nu

                                                          Chrome Cache Entry: 81

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (3346)
                                                          Category:downloaded
                                                          Size (bytes):22827
                                                          Entropy (8bit):5.420322672717721
                                                          Encrypted:false
                                                          SSDEEP:384:/jqdWXWfyA20UUjDE8BSUxDJs16KHvSN34kaHaN+587SaXD2mLR0H:/jqdWXAUUjDE84Wi6KPSKjHaN+58+0J2
                                                          MD5:2B29741A316862EE788996DD29116DD5
                                                          SHA1:9D5551916D4452E977C39B8D69CF88DF2AAA462B
                                                          SHA-256:62955C853976B722EFBB4C116A10DB3FF54580EDD7495D280177550B8F4289AB
                                                          SHA-512:6E37C3258F07F29909763728DADE0CD40A3602D55D9099F78B37756926FCF2A50008B82876B518FEAF3E56617F0F7D1D37A73C346A99A58E6AD8BCD6689E9B15
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.pu.prototype.da=_.ca(38,function(){return _.vj(this,3)});_.Vy=function(a,b){this.key=a;this.defaultValue=!1;this.flagName=b};_.Vy.prototype.ctor=function(a){return typeof a==="boolean"?a:this.defaultValue};_.Wy=function(){this.ka=!0;var a=_.Bj(_.jk(_.Fe("TSDtV",window),_.pya),_.pu,1,_.uj())[0];if(a){var b={};for(var c=_.n(_.Bj(a,_.qya,2,_.uj())),d=c.next();!d.done;d=c.next()){d=d.value;var e=_.Nj(d,1).toString();switch(_.xj(d,_.qu)){case 3:b[e]=_.Lj(d,_.pj(d,_.qu,3));break;case 2:b[e]=_.Nj(d,_.pj(d,_.qu,2));break;case 4:b[e]=_.Oj(d,_.pj(d,_.qu,4));break;case 5:b[e]=_.L(d,_.pj(d,_.qu,5));break;case 6:b[e]=_.Sj(d,_.kf,6,_.qu);break;default:throw Error("id`"+_.xj(d,_.qu));}}}else b={};this.ea=b;this.token=.a?a.da():null};_.Wy.prototype.aa=function(a){if(!this.ka||a.key in this.ea)a=a.ctor(this.ea[a.key]);else if(_.Fe("nQyAE",window)){var b=_.sya(a.flagName);if(b===null)a=a.def

                                                          Chrome Cache Entry: 82

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (2544)
                                                          Category:downloaded
                                                          Size (bytes):358292
                                                          Entropy (8bit):5.622523467644739
                                                          Encrypted:false
                                                          SSDEEP:3072:sy/lJpABa9hEP2iyjV5ygVLdh3YB4qyhLD6Crjyp3Sm5pnrjtuo0MpLEKusgI8sw:TyTNoygVWyhoDAMpL5gI8seqfhP3p+L
                                                          MD5:14049A4F8FB34A2FA52A0358C72B2F2E
                                                          SHA1:680985BDBE3FA830B31A9F02D40AFE925C12E70E
                                                          SHA-256:56C112F31C6F61735FE5EBD188AD0928406F04454AFEC139297328D3EE6540B4
                                                          SHA-512:5637742A7E2936540D957BA8A09991478EF0D4C28A3DA92D5260C7D5DA7BFD20811AFA26C0B53DD88D4A536B3C40A21ACA3310EFC17508A1C806B76ACB320631
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,EFQ78c,EIOG1e,GwYlN,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,y5vRwf,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc"
                                                          Preview:"use strict";_F_installCss(".r4WGQb{position:relative}.Dl08I>:first-child{margin-top:0}.Dl08I>:last-child{margin-bottom:0}.IzwVE{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-family:\"Google Sans\",roboto,\"Noto Sans Myanmar UI\",arial,sans-serif;font-size:1.25rem;font-weight:400;letter-spacing:0rem;line-height:1.2}.l5PPKe{color:#1f1f1f;color:var(--gm3-sys-color-on-surface,#1f1f1f);font-size:1rem}.l5PPKe .dMNVAe{margin:0;padding:0}.l5PPKe>:first-child{margin-top:0;padding-top:0}.l5PPKe>:last-child{margin-bottom:0;padding-bottom:0}.Dl08I{margin:0;padding:0;position:relative}.Dl08I>.SmR8:only-child{padding-top:1px}.Dl08I>.SmR8:only-child::before{top:0}.Dl08I>.SmR8:not(first-child){padding-bottom:1px}.Dl08I>.SmR8::after{bottom:0}.Dl08I>.SmR8:only-child::before,.Dl08I>.SmR8::after{border-bottom:1px solid #c4c7c5;border-bottom:1px solid var(--gm3-sys-color-outline-variant,#c4c7c5);content:\"\";height:0;left:0;position:absolute;width:100%}.aZvCDf{margin-top:8px;margin-left

                                                          Chrome Cache Entry: 83

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:downloaded
                                                          Size (bytes):84
                                                          Entropy (8bit):4.875266466142591
                                                          Encrypted:false
                                                          SSDEEP:3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ
                                                          MD5:87B6333E98B7620EA1FF98D1A837A39E
                                                          SHA1:105DE6815B0885357DE1414BFC0D77FCC9E924EF
                                                          SHA-256:DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA
                                                          SHA-512:867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994
                                                          Malicious:false
                                                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto
                                                          Preview:Cj0KBw0ZARP6GgAKKQ3oIX6GGgQISxgCKhwIClIYCg5AIS4jJF8qLSY/Ky8lLBABGP////8PCgcN05ioBxoA

                                                          Chrome Cache Entry: 84

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (569)
                                                          Category:downloaded
                                                          Size (bytes):3471
                                                          Entropy (8bit):5.5174491302699495
                                                          Encrypted:false
                                                          SSDEEP:96:ojAmjTJ/fJgpIcB7Fd2tilGBEMO/A6VxV08w:vUTJpgDJXM0ApJ
                                                          MD5:2D999C87DD54C7FE6400D267C33FBB23
                                                          SHA1:414C3A329C2760325EDBACBD7A221D7F8DBFEEE8
                                                          SHA-256:76D55A1AFC1D39CB04D60EB04E45A538A0E75EE2871561C84CC89B1C13596BCC
                                                          SHA-512:72D923BB71DD147139962FF8E2BD0E336E0F6409C212AC2F25387D0F3B4FC9365F5A6D40E2980BB1065534888362C97D6B7663E362D29166B5915D2A9DA7D238
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,iAskyc,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("Wt6vjf");.var Txa=function(){var a=_.Ke();return _.L(a,1)},Tt=function(a){this.Da=_.t(a,0,Tt.messageId)};_.J(Tt,_.w);Tt.prototype.Ha=function(){return _.Hj(this,1)};Tt.prototype.Va=function(a){return _.Yj(this,1,a)};Tt.messageId="f.bo";var Ut=function(){_.km.call(this)};_.J(Ut,_.km);Ut.prototype.ud=function(){this.jT=!1;Uxa(this);_.km.prototype.ud.call(this)};Ut.prototype.aa=function(){Vxa(this);if(this.hC)return Wxa(this),!1;if(!this.sV)return Vt(this),!0;this.dispatchEvent("p");if(!this.fP)return Vt(this),!0;this.jM?(this.dispatchEvent("r"),Vt(this)):Wxa(this);return!1};.var Xxa=function(a){var b=new _.gp(a.z4);a.WP!=null&&_.Mn(b,"authuser",a.WP);return b},Wxa=function(a){a.hC=!0;var b=Xxa(a),c="rt=r&f_uid="+_.sk(a.fP);_.fn(b,(0,_.eg)(a.ea,a),"POST",c)};.Ut.prototype.ea=function(a){a=a.target;Vxa(this);if(_.jn(a)){this.RJ=0;if(this.jM)this.hC=!1,this.dispatchEvent("r")

                                                          Chrome Cache Entry: 85

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (522)
                                                          Category:downloaded
                                                          Size (bytes):5049
                                                          Entropy (8bit):5.317800104741948
                                                          Encrypted:false
                                                          SSDEEP:96:oHX9gPiPrfnHhsB0TR6kg1oDPJzLmM18Vh1z2fEZ54TZtnqj6w:EtEAr6BmPZtOeEvW/ncP
                                                          MD5:CE53EF566B68CCF2D62FA044CFB0D138
                                                          SHA1:F48EC60289F2B55E8B388601206888F8295B1EB1
                                                          SHA-256:E6CC5114D92811D5DE0663266D4B63F367834AFA0FC3BAFA54F707038C59D010
                                                          SHA-512:20B434881DE971E263669E6096C01665D4D35B0FBFF47D312A4A442645EE962A8CE6AD7E68246D4EE9691BD30D9B1DDCF7059226492E1B58CD3191B63B001E4D
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,iAskyc,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.$Ma=_.y("wg1P6b",[_.OA,_.Fn,_.Rn]);._.k("wg1P6b");.var M5a;M5a=_.oh(["aria-"]);._.mJ=function(a){_.Y.call(this,a.Fa);this.Ja=this.ta=this.aa=this.viewportElement=this.La=null;this.Tc=a.Ea.qf;this.ab=a.Ea.focus;this.Lc=a.Ea.Lc;this.ea=this.Ei();a=-1*parseInt(_.Fo(this.Ei().el(),"marginTop")||"0",10);var b=parseInt(_.Fo(this.Ei().el(),"marginBottom")||"0",10);this.Ta={top:a,right:0,bottom:b,left:0};a=_.gf(this.getData("isMenuDynamic"),!1);b=_.gf(this.getData("isMenuHoisted"),!1);this.Ga=a?1:b?2:0;this.ka=!1;this.Ca=1;this.Ga!==1&&(this.aa=this.Sa("U0exHf").children().Sc(0),_.fu(this,.N5a(this,this.aa.el())));_.mF(this.oa())&&(a=this.oa().el(),b=this.De.bind(this),a.__soy_skip_handler=b)};_.J(_.mJ,_.Y);_.mJ.Ba=function(){return{Ea:{qf:_.SE,focus:_.BE,Lc:_.mu}}};_.mJ.prototype.pF=function(a){var b=a.source;this.La=b;var c;((c=a.data)==null?0:c.Jy)?(a=a.data.Jy,this.Ca=a==="MOUS

                                                          Chrome Cache Entry: 86

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (553)
                                                          Category:downloaded
                                                          Size (bytes):603951
                                                          Entropy (8bit):5.789949489744101
                                                          Encrypted:false
                                                          SSDEEP:3072:x0pApkygA62bwwdnO2YflNYhFGOizdGj008PpVVM96C5bMEPQUhts6FV8eKqtVAT:xlgNmwwdnOsF98oNGuQRAYqXsI1+
                                                          MD5:036BC6CEC1912EAA63C716C2A7494AFC
                                                          SHA1:C32891F55B0D7A86DCE1BDBB7B84DB21C2A09F4F
                                                          SHA-256:1A6181C3DFAEE5919CE57152DCFFCDC4B151C5FB2969CFD62168C1711FF202CF
                                                          SHA-512:0AAA2285D109114921B5FD8A15F9A3D1F218AF8C61054B3925965E6753F8A49B45798326EA986C4A6B6180B6C36292A4652E2BA730C7505684DAAA4B5C314675
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGsNipZrCRRMFQh1-tVmHSsIDzQTA/m=_b,_tp"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x286081c4, 0x20469860, 0x1ce13c40, 0x51407a0, 0x1908, 0x0, 0x1b400000, 0x19a00000, 0x0, ]);./*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT.*/./*. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var baa,daa,Na,Ua,gaa,iaa,lb,qaa,xaa,Daa,Iaa,Laa,Mb,Maa,Rb,Vb,Wb,Naa,Oaa,Xb,Paa,Qaa,Raa,ac,Waa,Yaa,ic,jc,kc,cba,dba,hba,kba,mba,nba,rba,uba,oba,tba,sba,qba,pba,vba,zba,Dba,Eba,Bba,Kc,Lc,Hba,Jba,Nba,Oba,Pba,Qba,Mba,Rba,Tba,gd,Vba,Wba,Yba,$ba,Zba,bca,cca,dca,eca,gca,fca,ica,jca,kca,lca,oca,r

                                                          Chrome Cache Entry: 87

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (533)
                                                          Category:downloaded
                                                          Size (bytes):9210
                                                          Entropy (8bit):5.3872171131917925
                                                          Encrypted:false
                                                          SSDEEP:192:FK/pAzN7GZ068Hqhqu6DQaVapzYjgKItwdiwUsYRTi1j1t9bRl9:FqI7GZ04dRYjghtgisYYbt9ll9
                                                          MD5:AB70454DE18E1CE16E61EAC290FC304D
                                                          SHA1:68532B5E8B262D7E14B8F4507AA69A61146B3C18
                                                          SHA-256:B32D746867CC4FA21FD39437502F401D952D0A3E8DC708DFB7D58B85F256C0F1
                                                          SHA-512:A123C517380BEF0B47F23A5A6E1D16650FE39D9C701F9FA5ADD79294973C118E8EA3A7BA32CB63C3DFC0CE0F843FB86BFFCAA2AAE987629E7DFF84F176DEBB98
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.gNa=_.y("SD8Jgb",[]);._.QX=function(a,b){if(typeof b==="string")a.Nc(b);else if(b instanceof _.Ip&&b.ia&&b.ia===_.B)b=_.$a(b.ww()),a.empty().append(b);else if(b instanceof _.Wa)b=_.$a(b),a.empty().append(b);else if(b instanceof Node)a.empty().append(b);else throw Error("Vf");};_.RX=function(a){var b=_.Lo(a,"[jsslot]");if(b.size()>0)return b;b=new _.Jo([_.Qk("span")]);_.Mo(b,"jsslot","");a.empty().append(b);return b};_.TKb=function(a){return a===null||typeof a==="string"&&_.Ki(a)};._.k("SD8Jgb");._.WX=function(a){_.Y.call(this,a.Fa);this.Ua=a.controller.Ua;this.kd=a.controllers.kd[0]||null;this.header=a.controller.header;this.nav=a.controller.nav;var b;(b=this.oa().find("button:not([type])").el())==null||b.setAttribute("type","button")};_.J(_.WX,_.Y);_.WX.Ba=function(){return{controller:{Ua:{jsname:"n7vHCb",ctor:_.hv},header:{jsname:"tJHJj",ctor:_.hv},nav:{jsname:"DH6Rkf",ct

                                                          Chrome Cache Entry: 88

                                                          Download File
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines (395)
                                                          Category:downloaded
                                                          Size (bytes):1652
                                                          Entropy (8bit):5.296387798840289
                                                          Encrypted:false
                                                          SSDEEP:48:o7YNJvl3WlDQENrpB3stYCIgMxILNH/wf7DVTBpdQrw:o5fpB8iDwYlGw
                                                          MD5:F18EA2D35027D6173E2864B5863CB6E3
                                                          SHA1:1979174E786593DAFD2B23084F26332AB929216C
                                                          SHA-256:547E151C2D842255451D651B749239B28DED9F803B524A77BD1E14D878BDAF58
                                                          SHA-512:A031A439A99BCA557951A75234766033145E7D05E8453A4FE9BC0EA091E49BA59AF1479850D1E896B2D114575A80CCE111A787E7EEA9A7F288C78AD325436C18
                                                          Malicious:false
                                                          URL:"https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=xUdipf,OTA3Ae,A1yn5d,fKUV3e,aurFic,Ug7Xab,NwH0H,OmgaI,gychg,w9hDv,EEDORb,Mlhmy,ZfAoz,kWgXee,ovKuLd,yDVVkb,ebZ3mb,ZDZcre,A7fCU"
                                                          Preview:"use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi||{};(function(_){var window=this;.try{._.k("w9hDv");._.zg(_.Kla);_.$z=function(a){_.X.call(this,a.Fa);this.aa=a.Wa.cache};_.J(_.$z,_.X);_.$z.Ba=function(){return{Wa:{cache:_.Zs}}};_.$z.prototype.execute=function(a){_.Gb(a,function(b){var c;_.df(b)&&(c=b.eb.jc(b.jb));c&&this.aa.oG(c)},this);return{}};_.iu(_.Qla,_.$z);._.l();._.k("lOO0Vd");._.HZa=new _.uf(_.Km);._.l();._.k("ZDZcre");.var ZG=function(a){_.X.call(this,a.Fa);this.Nl=a.Ea.Nl;this.G3=a.Ea.metadata;this.aa=a.Ea.Ws};_.J(ZG,_.X);ZG.Ba=function(){return{Ea:{Nl:_.DG,metadata:_.HZa,Ws:_.AG}}};ZG.prototype.execute=function(a){var b=this;a=this.aa.create(a);return _.Gb(a,function(c){var d=b.G3.getType(c.Md())===2?b.Nl.Pb(c):b.Nl.fetch(c);return _.Jl(c,_.EG)?d.then(function(e){return _.Jd(e)}):d},this)};_.iu(_.Vla,ZG);._.l();._.k("K5nYTd");._.GZa=new _.uf(_.Rla);._.l();._.k("sP4Vbe");.._.l();._.k("kMFpHd");.._.l();._.k("A7fCU");.var GG=function(a){_.X.call(this,a

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Entropy (8bit):7.036739026906009
                                                          TrID:
                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                          • DOS Executable Generic (2002/1) 0.02%
                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                          File name:random.exe
                                                          File size:1'167'360 bytes
                                                          MD5:0bdc931dfbf405332ba87054d9096a2e
                                                          SHA1:1ecc8bb8d214b720247664d0393aa8ec10a23703
                                                          SHA256:2fcdae5044ee1a1de287ee38c60e09e13b1a478d3d6e662218daf492888661b6
                                                          SHA512:06d5e10900fd959c14f0cf8eeaae30cdb9d8b95894dfa0109b2dc22e416ac9bc62af6389b03b5c087827a9ce064f28996984f0e8a12b2cfd0f3e80d28422044c
                                                          SSDEEP:24576:WqDEvCTbMWu7rQYlBQcBiT6rprG8ar42+b+HdiJUK:WTvC/MTQYxsWR7ar42+b+HoJU
                                                          TLSH:0145CF027391C062FF9B92734F5AF6115BBC69260123E61F13981DBABE701B1563E7A3
                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                          File Icon

                                                          Icon Hash:aaf3e3e3938382a0

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x420577
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x66FADFB2 [Mon Sep 30 17:28:18 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:5
                                                          OS Version Minor:1
                                                          File Version Major:5
                                                          File Version Minor:1
                                                          Subsystem Version Major:5
                                                          Subsystem Version Minor:1
                                                          Import Hash:948cc502fe9226992dce9417f952fce3

                                                          Entrypoint Preview

                                                          Instruction
                                                          call 00007FB348714373h
                                                          jmp 00007FB348713C7Fh
                                                          push ebp
                                                          mov ebp, esp
                                                          push esi
                                                          push dword ptr [ebp+08h]
                                                          mov esi, ecx
                                                          call 00007FB348713E5Dh
                                                          mov dword ptr [esi], 0049FDF0h
                                                          mov eax, esi
                                                          pop esi
                                                          pop ebp
                                                          retn 0004h
                                                          and dword ptr [ecx+04h], 00000000h
                                                          mov eax, ecx
                                                          and dword ptr [ecx+08h], 00000000h
                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                          mov dword ptr [ecx], 0049FDF0h
                                                          ret
                                                          push ebp
                                                          mov ebp, esp
                                                          push esi
                                                          push dword ptr [ebp+08h]
                                                          mov esi, ecx
                                                          call 00007FB348713E2Ah
                                                          mov dword ptr [esi], 0049FE0Ch
                                                          mov eax, esi
                                                          pop esi
                                                          pop ebp
                                                          retn 0004h
                                                          and dword ptr [ecx+04h], 00000000h
                                                          mov eax, ecx
                                                          and dword ptr [ecx+08h], 00000000h
                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                          mov dword ptr [ecx], 0049FE0Ch
                                                          ret
                                                          push ebp
                                                          mov ebp, esp
                                                          push esi
                                                          mov esi, ecx
                                                          lea eax, dword ptr [esi+04h]
                                                          mov dword ptr [esi], 0049FDD0h
                                                          and dword ptr [eax], 00000000h
                                                          and dword ptr [eax+04h], 00000000h
                                                          push eax
                                                          mov eax, dword ptr [ebp+08h]
                                                          add eax, 04h
                                                          push eax
                                                          call 00007FB348716A1Dh
                                                          pop ecx
                                                          pop ecx
                                                          mov eax, esi
                                                          pop esi
                                                          pop ebp
                                                          retn 0004h
                                                          lea eax, dword ptr [ecx+04h]
                                                          mov dword ptr [ecx], 0049FDD0h
                                                          push eax
                                                          call 00007FB348716A68h
                                                          pop ecx
                                                          ret
                                                          push ebp
                                                          mov ebp, esp
                                                          push esi
                                                          mov esi, ecx
                                                          lea eax, dword ptr [esi+04h]
                                                          mov dword ptr [esi], 0049FDD0h
                                                          push eax
                                                          call 00007FB348716A51h
                                                          test byte ptr [ebp+08h], 00000001h
                                                          pop ecx

                                                          Rich Headers

                                                          Programming Language:
                                                          • [ C ] VS2008 SP1 build 30729
                                                          • [IMP] VS2008 SP1 build 30729

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x46464.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x11b0000x7594.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                          .rsrc0xd40000x464640x4660047157db3d5815542eb65e0d595ab3683False0.9059655306394316data7.844925039098665IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0x11b0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                          RT_RCDATA0xdc7b80x3d72cdata1.0003416874592757
                                                          RT_GROUP_ICON0x119ee40x76dataEnglishGreat Britain0.6610169491525424
                                                          RT_GROUP_ICON0x119f5c0x14dataEnglishGreat Britain1.25
                                                          RT_GROUP_ICON0x119f700x14dataEnglishGreat Britain1.15
                                                          RT_GROUP_ICON0x119f840x14dataEnglishGreat Britain1.25
                                                          RT_VERSION0x119f980xdcdataEnglishGreat Britain0.6181818181818182
                                                          RT_MANIFEST0x11a0740x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                          Imports

                                                          DLLImport
                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                          PSAPI.DLLGetProcessMemoryInfo
                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                          UxTheme.dllIsThemeActive
                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                          Possible Origin

                                                          Language of compilation systemCountry where language is spokenMap
                                                          EnglishGreat Britain

                                                          Network Behavior

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Sep 30, 2024 19:36:58.566787958 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:58.566853046 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:58.566967964 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:58.568201065 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:58.568238020 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:58.734863997 CEST49675443192.168.2.4173.222.162.32
                                                          Sep 30, 2024 19:36:59.202059031 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:59.202593088 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.202635050 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:59.203056097 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:59.203166962 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.203779936 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:59.203856945 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.204858065 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.204916000 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:59.205053091 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.247431040 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:59.250540018 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.250556946 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:59.297380924 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.503381968 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:59.503468037 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:36:59.503467083 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.503509045 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.505274057 CEST49737443192.168.2.4142.250.186.110
                                                          Sep 30, 2024 19:36:59.505306959 CEST44349737142.250.186.110192.168.2.4
                                                          Sep 30, 2024 19:37:00.712497950 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:00.712547064 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:00.712608099 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:00.712886095 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:00.712896109 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:01.348527908 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:01.348741055 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:01.348752975 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:01.349587917 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:01.349647999 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:01.350744009 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:01.350785017 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:01.391105890 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:01.391113043 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:01.437977076 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:02.235161066 CEST49744443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:02.235191107 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:02.235275030 CEST49744443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:02.237400055 CEST49744443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:02.237411976 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:02.877563953 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:02.877630949 CEST49744443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:02.880048990 CEST49744443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:02.880065918 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:02.880287886 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:02.924676895 CEST49744443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:02.967401981 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.161181927 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.161243916 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.161293030 CEST49744443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:03.161334038 CEST49744443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:03.161354065 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.161365032 CEST49744443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:03.161372900 CEST44349744184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.191953897 CEST49746443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:03.192038059 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.192114115 CEST49746443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:03.192369938 CEST49746443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:03.192403078 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.854496002 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.854588032 CEST49746443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:03.855727911 CEST49746443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:03.855756044 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.856667042 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:03.857786894 CEST49746443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:03.903402090 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:04.153852940 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:04.153995037 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:04.154273033 CEST49746443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:04.164216995 CEST49746443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:04.164266109 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:04.164294958 CEST49746443192.168.2.4184.28.90.27
                                                          Sep 30, 2024 19:37:04.164310932 CEST44349746184.28.90.27192.168.2.4
                                                          Sep 30, 2024 19:37:07.096534967 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:07.096571922 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:07.096736908 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:07.096905947 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:07.096915960 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:07.738738060 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:07.738981009 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:07.738996983 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:07.739572048 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:07.739644051 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:07.740582943 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:07.740643024 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:07.741480112 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:07.741561890 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:07.741693974 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:07.787446976 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:07.790926933 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:07.790946007 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:07.837251902 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.057713985 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.057874918 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.057959080 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.057991982 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.058449030 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.058501959 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.058511972 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.058690071 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.063311100 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.063376904 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.069489002 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.069561005 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.069639921 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.069685936 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.075934887 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.076005936 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.082175970 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.082250118 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.082314014 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.082361937 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.144238949 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.144289017 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.144299984 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.144340992 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.144377947 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.147321939 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.147406101 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.153367043 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.153428078 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.153532982 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.153579950 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.159802914 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.159861088 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.166058064 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.166115999 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.166230917 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.172584057 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.173490047 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.173501968 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.178694963 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.178760052 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.178770065 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.178910017 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.178963900 CEST44349758142.250.185.206192.168.2.4
                                                          Sep 30, 2024 19:37:08.179121017 CEST49758443192.168.2.4142.250.185.206
                                                          Sep 30, 2024 19:37:08.203808069 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:08.203845978 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:08.203897953 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:08.204193115 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:08.204205036 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:08.355253935 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:08.355334044 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:08.355412960 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:08.355664015 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:08.355680943 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:08.927040100 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:08.971713066 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.019126892 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.060704947 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.060718060 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.060888052 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.060910940 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.061368942 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.061431885 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.062068939 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.062118053 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.062266111 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.062338114 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.064212084 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.064294100 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.064789057 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.064860106 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.070831060 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.070842028 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.075439930 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.075644016 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.077555895 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.077574968 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.119877100 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.119968891 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.561839104 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.562010050 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.562083006 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.562510967 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.562510967 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.562555075 CEST44349762142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.562724113 CEST49762443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.562855005 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.562927008 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.563024044 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.563544989 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.563577890 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.563651085 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.564181089 CEST49764443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.564198971 CEST44349764142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.565998077 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.566013098 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.566744089 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.566771030 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:09.566833973 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.567567110 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:09.567579985 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.211692095 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.212728024 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.212759018 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.213181019 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.213258028 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.213881969 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.213948965 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.214133978 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.214193106 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.214287996 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.214298010 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.214332104 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.217387915 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.220602989 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.220614910 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.220971107 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.221045971 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.221721888 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.221784115 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.221904039 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.221959114 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.222023964 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.222052097 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.222057104 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.255410910 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.259057999 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.274708986 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.433073997 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.433199883 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.433249950 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.434451103 CEST49767443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.434475899 CEST44349767142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.438868046 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.440418959 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.440608025 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.441550016 CEST49766443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:10.441569090 CEST44349766142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:10.552443027 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:10.599410057 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:10.820683956 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:10.820835114 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:10.820869923 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:10.820899963 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:10.820913076 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:10.820955038 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:10.821315050 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:10.821526051 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:10.821577072 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:10.822105885 CEST49741443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:37:10.822119951 CEST44349741142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:37:11.907093048 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:11.907133102 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:11.907282114 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:11.908343077 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:11.908356905 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:13.688220978 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:13.688280106 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:13.697797060 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:13.697808027 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:13.698024988 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:13.747140884 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:14.491247892 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:14.535407066 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.750343084 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.750359058 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.750365019 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.750425100 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.750485897 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:14.750494003 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.750516891 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.750528097 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:14.750618935 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:14.751395941 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.751486063 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:14.751491070 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.751590967 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:14.751638889 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:15.451148987 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:15.451173067 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:15.451186895 CEST49773443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:15.451193094 CEST443497734.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:15.561145067 CEST49779443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:15.561184883 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:15.561270952 CEST49779443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:15.561641932 CEST49779443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:15.561655998 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:16.233412981 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:16.234311104 CEST49779443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:16.234324932 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:16.234698057 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:16.235058069 CEST49779443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:16.235117912 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:16.235238075 CEST49779443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:16.235285997 CEST49779443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:16.235291958 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:16.558821917 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:16.559658051 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:16.559782028 CEST49779443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:16.560698986 CEST49779443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:16.560714006 CEST44349779142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:17.343883991 CEST804972384.201.210.20192.168.2.4
                                                          Sep 30, 2024 19:37:17.344016075 CEST4972380192.168.2.484.201.210.20
                                                          Sep 30, 2024 19:37:17.344086885 CEST4972380192.168.2.484.201.210.20
                                                          Sep 30, 2024 19:37:17.348834038 CEST804972384.201.210.20192.168.2.4
                                                          Sep 30, 2024 19:37:32.205710888 CEST804972484.201.210.20192.168.2.4
                                                          Sep 30, 2024 19:37:32.205840111 CEST4972480192.168.2.484.201.210.20
                                                          Sep 30, 2024 19:37:32.205879927 CEST4972480192.168.2.484.201.210.20
                                                          Sep 30, 2024 19:37:32.213176012 CEST804972484.201.210.20192.168.2.4
                                                          Sep 30, 2024 19:37:39.181242943 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.181281090 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.181344986 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.181752920 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.181766033 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.183437109 CEST49783443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.183558941 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.183634043 CEST49783443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.183840036 CEST49783443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.183880091 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.606209993 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.606295109 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.606380939 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.606950045 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.606986046 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.843636036 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.843890905 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.843918085 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.844428062 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.844698906 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.844851971 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.844857931 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.844870090 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.844909906 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.898544073 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.954865932 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.955197096 CEST49783443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.955256939 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.955585003 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.955981970 CEST49783443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.956058979 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:39.956160069 CEST49783443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.956197023 CEST49783443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:39.956211090 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.145647049 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.146303892 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.146349907 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.146471977 CEST49782443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.146491051 CEST44349782142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.259041071 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.259516001 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.259583950 CEST49783443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.259936094 CEST49783443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.259968042 CEST44349783142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.431502104 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.432096958 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.432142973 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.432466030 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.432518005 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.433056116 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.433106899 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.433820963 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.433880091 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.434401989 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.434425116 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.434484959 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.475439072 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.476658106 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.834379911 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.834484100 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:40.834654093 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.834929943 CEST49784443192.168.2.4142.250.186.46
                                                          Sep 30, 2024 19:37:40.834980011 CEST44349784142.250.186.46192.168.2.4
                                                          Sep 30, 2024 19:37:41.990608931 CEST5989453192.168.2.4162.159.36.2
                                                          Sep 30, 2024 19:37:41.995553017 CEST5359894162.159.36.2192.168.2.4
                                                          Sep 30, 2024 19:37:41.995639086 CEST5989453192.168.2.4162.159.36.2
                                                          Sep 30, 2024 19:37:42.001877069 CEST5359894162.159.36.2192.168.2.4
                                                          Sep 30, 2024 19:37:42.598314047 CEST5989453192.168.2.4162.159.36.2
                                                          Sep 30, 2024 19:37:42.603566885 CEST5359894162.159.36.2192.168.2.4
                                                          Sep 30, 2024 19:37:42.603632927 CEST5989453192.168.2.4162.159.36.2
                                                          Sep 30, 2024 19:37:42.672612906 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:42.672641993 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:42.672699928 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:42.673122883 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:42.673136950 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.448352098 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.448448896 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.452114105 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.452125072 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.452528954 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.460316896 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.503397942 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.770145893 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.770211935 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.770373106 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.770487070 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.770487070 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.770509958 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.770572901 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.770657063 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.770704985 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.770729065 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.770735979 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.770762920 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.771352053 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.771418095 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.775652885 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.775671959 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:37:43.775680065 CEST59896443192.168.2.44.245.163.56
                                                          Sep 30, 2024 19:37:43.775688887 CEST443598964.245.163.56192.168.2.4
                                                          Sep 30, 2024 19:38:00.759568930 CEST59898443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:38:00.759659052 CEST44359898142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:38:00.759738922 CEST59898443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:38:00.759955883 CEST59898443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:38:00.759989977 CEST44359898142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:38:01.412523985 CEST44359898142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:38:01.412915945 CEST59898443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:38:01.412966967 CEST44359898142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:38:01.414062977 CEST44359898142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:38:01.414392948 CEST59898443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:38:01.414580107 CEST44359898142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:38:01.461261034 CEST59898443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:38:10.938003063 CEST59901443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:10.938035965 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:10.938100100 CEST59901443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:10.938353062 CEST59901443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:10.938364983 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.156344891 CEST59902443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.156369925 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.156511068 CEST59902443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.156817913 CEST59902443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.156830072 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.322571039 CEST44359898142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:38:11.322738886 CEST44359898142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:38:11.322813988 CEST59898443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:38:11.588980913 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.589257956 CEST59901443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.589273930 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.589585066 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.589881897 CEST59901443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.589935064 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.590034962 CEST59901443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.590049982 CEST59901443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.590058088 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.796701908 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.796960115 CEST59902443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.796974897 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.797285080 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.797557116 CEST59902443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.797607899 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.797689915 CEST59902443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.797741890 CEST59902443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.797745943 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.893100977 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.893341064 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:11.893552065 CEST59901443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.893696070 CEST59901443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:11.893707037 CEST44359901216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:12.104501009 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:12.104584932 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:12.104650021 CEST59902443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:12.105273008 CEST59902443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:12.105283022 CEST44359902216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:25.244780064 CEST59898443192.168.2.4142.250.186.36
                                                          Sep 30, 2024 19:38:25.244848967 CEST44359898142.250.186.36192.168.2.4
                                                          Sep 30, 2024 19:38:42.901465893 CEST59904443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:42.901563883 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:42.901645899 CEST59904443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:42.901905060 CEST59904443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:42.901942015 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.487658978 CEST59905443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:43.487771988 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.487894058 CEST59905443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:43.488123894 CEST59905443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:43.488159895 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.541572094 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.546724081 CEST59904443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:43.546766996 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.548051119 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.549629927 CEST59904443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:43.550088882 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.552393913 CEST59904443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:43.552433968 CEST59904443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:43.552464962 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.841984034 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.842295885 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:43.842355967 CEST59904443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:43.842497110 CEST59904443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:43.842540979 CEST44359904216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:44.235629082 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:44.235876083 CEST59905443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:44.235915899 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:44.236236095 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:44.236500978 CEST59905443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:44.236567974 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:44.236639023 CEST59905443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:44.236675024 CEST59905443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:44.236685991 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:44.535628080 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:44.536683083 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:38:44.536798000 CEST59905443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:44.537077904 CEST59905443192.168.2.4216.58.206.46
                                                          Sep 30, 2024 19:38:44.537115097 CEST44359905216.58.206.46192.168.2.4
                                                          Sep 30, 2024 19:39:00.822439909 CEST59906443192.168.2.4216.58.212.164
                                                          Sep 30, 2024 19:39:00.822474957 CEST44359906216.58.212.164192.168.2.4
                                                          Sep 30, 2024 19:39:00.822549105 CEST59906443192.168.2.4216.58.212.164
                                                          Sep 30, 2024 19:39:00.822753906 CEST59906443192.168.2.4216.58.212.164
                                                          Sep 30, 2024 19:39:00.822765112 CEST44359906216.58.212.164192.168.2.4
                                                          Sep 30, 2024 19:39:01.477412939 CEST44359906216.58.212.164192.168.2.4
                                                          Sep 30, 2024 19:39:01.528495073 CEST59906443192.168.2.4216.58.212.164

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Sep 30, 2024 19:36:56.438812017 CEST5184753192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:36:56.446250916 CEST53518471.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:36:57.612812996 CEST53540651.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:36:58.553240061 CEST6369053192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:36:58.553644896 CEST5940853192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:36:58.561028004 CEST53636901.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:36:58.563170910 CEST53594081.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:36:58.634902000 CEST53591471.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:36:59.513734102 CEST53522231.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:00.704502106 CEST5021453192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:37:00.704659939 CEST5875953192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:37:00.711564064 CEST53502141.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:00.711601019 CEST53587591.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:03.852627993 CEST53592111.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:07.084955931 CEST5526753192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:37:07.085741043 CEST5803753192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:37:07.093256950 CEST53552671.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:07.095429897 CEST53580371.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:08.194075108 CEST6324353192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:37:08.194600105 CEST6138153192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:37:08.202886105 CEST53632431.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:08.203308105 CEST53613811.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:09.570276976 CEST53654881.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:15.721709013 CEST53631831.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:17.866669893 CEST138138192.168.2.4192.168.2.255
                                                          Sep 30, 2024 19:37:34.485192060 CEST53497101.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:41.959000111 CEST5358998162.159.36.2192.168.2.4
                                                          Sep 30, 2024 19:37:42.632702112 CEST53653551.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:56.492672920 CEST53560021.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:37:57.486800909 CEST53640051.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:38:05.565524101 CEST53563171.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:38:10.916691065 CEST5422653192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:38:10.916835070 CEST5948153192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:38:10.937393904 CEST53594811.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:38:10.937525034 CEST53542261.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:38:25.253309965 CEST53581791.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:39:00.813798904 CEST6300653192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:39:00.814141035 CEST5169853192.168.2.41.1.1.1
                                                          Sep 30, 2024 19:39:00.821614981 CEST53630061.1.1.1192.168.2.4
                                                          Sep 30, 2024 19:39:00.821655035 CEST53516981.1.1.1192.168.2.4

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Sep 30, 2024 19:36:56.438812017 CEST192.168.2.41.1.1.10x1a2eStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.553240061 CEST192.168.2.41.1.1.10x22b0Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.553644896 CEST192.168.2.41.1.1.10xc4f5Standard query (0)www.youtube.com65IN (0x0001)false
                                                          Sep 30, 2024 19:37:00.704502106 CEST192.168.2.41.1.1.10x9ebeStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:37:00.704659939 CEST192.168.2.41.1.1.10xc4f2Standard query (0)www.google.com65IN (0x0001)false
                                                          Sep 30, 2024 19:37:07.084955931 CEST192.168.2.41.1.1.10xfeeStandard query (0)accounts.youtube.comA (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:37:07.085741043 CEST192.168.2.41.1.1.10xdac6Standard query (0)accounts.youtube.com65IN (0x0001)false
                                                          Sep 30, 2024 19:37:08.194075108 CEST192.168.2.41.1.1.10xad52Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:37:08.194600105 CEST192.168.2.41.1.1.10xb9dbStandard query (0)play.google.com65IN (0x0001)false
                                                          Sep 30, 2024 19:38:10.916691065 CEST192.168.2.41.1.1.10x5571Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:38:10.916835070 CEST192.168.2.41.1.1.10xdb5Standard query (0)play.google.com65IN (0x0001)false
                                                          Sep 30, 2024 19:39:00.813798904 CEST192.168.2.41.1.1.10xaba1Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:39:00.814141035 CEST192.168.2.41.1.1.10x47eaStandard query (0)www.google.com65IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Sep 30, 2024 19:36:56.446250916 CEST1.1.1.1192.168.2.40x1a2eNo error (0)youtube.com142.250.185.142A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com172.217.18.110A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.561028004 CEST1.1.1.1192.168.2.40x22b0No error (0)youtube-ui.l.google.com216.58.212.142A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.563170910 CEST1.1.1.1192.168.2.40xc4f5No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                          Sep 30, 2024 19:36:58.563170910 CEST1.1.1.1192.168.2.40xc4f5No error (0)youtube-ui.l.google.com65IN (0x0001)false
                                                          Sep 30, 2024 19:37:00.711564064 CEST1.1.1.1192.168.2.40x9ebeNo error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:37:00.711601019 CEST1.1.1.1192.168.2.40xc4f2No error (0)www.google.com65IN (0x0001)false
                                                          Sep 30, 2024 19:37:07.093256950 CEST1.1.1.1192.168.2.40xfeeNo error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                          Sep 30, 2024 19:37:07.093256950 CEST1.1.1.1192.168.2.40xfeeNo error (0)www3.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:37:07.095429897 CEST1.1.1.1192.168.2.40xdac6No error (0)accounts.youtube.comwww3.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                          Sep 30, 2024 19:37:08.202886105 CEST1.1.1.1192.168.2.40xad52No error (0)play.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:38:10.937525034 CEST1.1.1.1192.168.2.40x5571No error (0)play.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:39:00.821614981 CEST1.1.1.1192.168.2.40xaba1No error (0)www.google.com216.58.212.164A (IP address)IN (0x0001)false
                                                          Sep 30, 2024 19:39:00.821655035 CEST1.1.1.1192.168.2.40x47eaNo error (0)www.google.com65IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • www.youtube.com
                                                          • fs.microsoft.com
                                                          • https:
                                                            • accounts.youtube.com
                                                            • play.google.com
                                                            • www.google.com
                                                          • slscr.update.microsoft.com

                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.449737142.250.186.1104436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:36:59 UTC869OUTGET /account?=https%3A%2F%2Faccounts.google.com%2Fv3%2Fsignin%2Fchallenge%2Fpwd HTTP/1.1
                                                          Host: www.youtube.com
                                                          Connection: keep-alive
                                                          Upgrade-Insecure-Requests: 1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: none
                                                          Sec-Fetch-Mode: navigate
                                                          Sec-Fetch-User: ?1
                                                          Sec-Fetch-Dest: document
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          2024-09-30 17:36:59 UTC2634INHTTP/1.1 303 See Other
                                                          Content-Type: application/binary
                                                          X-Content-Type-Options: nosniff
                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                          Pragma: no-cache
                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                          Date: Mon, 30 Sep 2024 17:36:59 GMT
                                                          Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%253F%253Dhttps%25253A%25252F%25252Faccounts.google.com%25252Fv3%25252Fsignin%25252Fchallenge%25252Fpwd%26feature%3Dredirect_login&hl=en
                                                          Strict-Transport-Security: max-age=31536000
                                                          X-Frame-Options: SAMEORIGIN
                                                          Content-Security-Policy: require-trusted-types-for 'script'
                                                          Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                          Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                          Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main"
                                                          P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
                                                          Server: ESF
                                                          Content-Length: 0
                                                          X-XSS-Protection: 0
                                                          Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Mon, 30-Sep-2024 18:06:59 GMT; Path=/; Secure; HttpOnly
                                                          Set-Cookie: YSC=R2_L4-l9pfQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                          Set-Cookie: VISITOR_INFO1_LIVE=tIYGBed6Xmk; Domain=.youtube.com; Expires=Sat, 29-Mar-2025 17:36:59 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                          Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgVQ%3D%3D; Domain=.youtube.com; Expires=Sat, 29-Mar-2025 17:36:59 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Connection: close


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.449744184.28.90.27443
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:02 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Accept: */*
                                                          Accept-Encoding: identity
                                                          User-Agent: Microsoft BITS/7.8
                                                          Host: fs.microsoft.com
                                                          2024-09-30 17:37:03 UTC467INHTTP/1.1 200 OK
                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                          Content-Type: application/octet-stream
                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                          Server: ECAcc (lpl/EF06)
                                                          X-CID: 11
                                                          X-Ms-ApiVersion: Distribute 1.2
                                                          X-Ms-Region: prod-neu-z1
                                                          Cache-Control: public, max-age=256127
                                                          Date: Mon, 30 Sep 2024 17:37:03 GMT
                                                          Connection: close
                                                          X-CID: 2


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.449746184.28.90.27443
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:03 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Accept: */*
                                                          Accept-Encoding: identity
                                                          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                          Range: bytes=0-2147483646
                                                          User-Agent: Microsoft BITS/7.8
                                                          Host: fs.microsoft.com
                                                          2024-09-30 17:37:04 UTC515INHTTP/1.1 200 OK
                                                          ApiVersion: Distribute 1.1
                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                          Content-Type: application/octet-stream
                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                          Server: ECAcc (lpl/EF06)
                                                          X-CID: 11
                                                          X-Ms-ApiVersion: Distribute 1.2
                                                          X-Ms-Region: prod-weu-z1
                                                          Cache-Control: public, max-age=256070
                                                          Date: Mon, 30 Sep 2024 17:37:04 GMT
                                                          Content-Length: 55
                                                          Connection: close
                                                          X-CID: 2
                                                          2024-09-30 17:37:04 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.449758142.250.185.2064436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:07 UTC1236OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=1425405937&timestamp=1727717825856 HTTP/1.1
                                                          Host: accounts.youtube.com
                                                          Connection: keep-alive
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-arch: "x86"
                                                          sec-ch-ua-platform: "Windows"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          Upgrade-Insecure-Requests: 1
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: cross-site
                                                          Sec-Fetch-Mode: navigate
                                                          Sec-Fetch-User: ?1
                                                          Sec-Fetch-Dest: iframe
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          2024-09-30 17:37:08 UTC1969INHTTP/1.1 200 OK
                                                          Content-Type: text/html; charset=utf-8
                                                          X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                          Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                          Content-Security-Policy: script-src 'report-sample' 'nonce--lh_sWukDd3OvZpLXY3AwQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                          Pragma: no-cache
                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                          Date: Mon, 30 Sep 2024 17:37:07 GMT
                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                          Cross-Origin-Opener-Policy: same-origin
                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw05BikPj6kkkNiJ3SZ7AGAHHSv_OsBUB8ufsS63UgVu25xGoMxEUSV1gbgFiIh-Pw4dfb2QQWHO46zKykl5RfGJ-ZkppXkllSmZKfm5iZl5yfn52ZWlycWlSWWhRvZGBkYmBpZKRnYBFfYAAA4T0thg"
                                                          Server: ESF
                                                          X-XSS-Protection: 0
                                                          X-Content-Type-Options: nosniff
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 37 36 32 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 2d 6c 68 5f 73 57 75 6b 44 64 33 4f 76 5a 70 4c 58 59 33 41 77 51 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                          Data Ascii: 7620<html><head><script nonce="-lh_sWukDd3OvZpLXY3AwQ">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 0a 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28
                                                          Data Ascii: Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s*(?:\\(
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 74 63 68 28 74 79 70 65 6f 66 20 61 29 7b 63 61 73 65 20 22 6e 75 6d 62 65 72 22 3a 72 65 74 75 72 6e 20 69 73 46 69 6e 69 74 65 28 61 29 3f 61 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 69 67 69 6e 74 22 3a 72 65 74 75 72 6e 28 41 61 3f 0a 61 3e 3d 42 61 26 26 61 3c 3d 43 61 3a 61 5b 30 5d 3d 3d 3d 22 2d 22 3f 75 61 28 61 2c 44 61 29 3a 75 61 28 61 2c 45 61 29 29 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 43 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 46 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e
                                                          Data Ascii: tch(typeof a){case "number":return isFinite(a)?a:String(a);case "bigint":return(Aa?a>=Ba&&a<=Ca:a[0]==="-"?ua(a,Da):ua(a,Ea))?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(C(a))return}else if(Fa&&a!=null&&a in
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 51 61 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 43 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 41 28 64 29 29 66 6f 72 28 76 61 72 20 65 20 69 6e 20 64 29 7b 76 61 72 20 66 3d 64 5b 65 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 66 29 26 26 0a 52 61 28 66 2c 61 29 7d 65 6c 73 65 20 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 64 29 26 26 52 61 28 64 2c 61 29 7d 61 3d 45 3f 61 2e 43 3a 4d 61 28 61 2e 43 2c 50 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 65 3d 21 45 3b 69 66 28 62 3d 61 2e 6c 65 6e 67 74 68 29 7b 64 3d 61 5b 62 2d
                                                          Data Ascii: {var b;if(a&&(b=Qa)!=null&&b.has(a)&&(b=a.C))for(var c=0;c<b.length;c++){var d=b[c];if(c===b.length-1&&A(d))for(var e in d){var f=d[e];Array.isArray(f)&&Ra(f,a)}else Array.isArray(d)&&Ra(d,a)}a=E?a.C:Ma(a.C,Pa,void 0,void 0,!1);e=!E;if(b=a.length){d=a[b-
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 6f 6c 2e 69 74 65 72 61 74 6f 72 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 61 3d 53 79 6d 62 6f 6c 28 22 63 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 41 72 72 61 79 20 49 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 41 72 72 61 79 20 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 20 49 6e 74 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 57 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65
                                                          Data Ascii: ol.iterator",function(a){if(a)return a;a=Symbol("c");for(var b="Array Int8Array Uint8Array Uint8ClampedArray Int16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=Wa[b[c]];typeof d==="function"&&type
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 74 68 69 73 2e 67 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6b 29 7b 6b 3d 48 28 6b 29 3b 66 6f 72 28 76 61 72 20 6c 3b 21 28 6c 3d 6b 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6c 3d 6c 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6c 5b 30 5d 2c 6c 5b 31 5d 29 7d 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 69 66 28 21 63 28 6b 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 49 28 6b 2c 66 29 29
                                                          Data Ascii: );e("freeze");e("preventExtensions");e("seal");var h=0,g=function(k){this.g=(h+=Math.random()+1).toString();if(k){k=H(k);for(var l;!(l=k.next()).done;)l=l.value,this.set(l[0],l[1])}};g.prototype.set=function(k,l){if(!c(k))throw Error("i");d(k);if(!I(k,f))
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 75 72 6e 20 67 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 66 6f 72 28 76 61 72 20 6c 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 0a 6d 2e 76 61 6c 75 65 2c 67 2e 63 61 6c 6c 28 6b 2c 6d 5b 31 5d 2c 6d 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20 6c 3d 6b 26 26 74 79 70 65 6f 66 20 6b 3b 6c 3d 3d 22 6f 62 6a 65 63 74 22 7c 7c 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29
                                                          Data Ascii: urn g.value})};c.prototype.forEach=function(g,k){for(var l=this.entries(),m;!(m=l.next()).done;)m=m.value,g.call(k,m[1],m[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(g,k){var l=k&&typeof k;l=="object"||l=="function"?b.has(k)
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 76 61 72 20 66 62 3d 66 62 7c 7c 7b 7d 2c 71 3d 74 68 69 73 7c 7c 73 65 6c 66 2c 67 62 3d 71 2e 5f 46 5f 74 6f 67 67 6c 65 73 7c 7c 5b 5d 2c 68 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 66 6f 72 28 76 61 72 20 62 3d 71 2c 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 69 66 28 62 3d 62 5b 61 5b 63 5d 5d 2c 62 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 72 65 74 75 72 6e 20 62 7d 2c 69 62 3d 22 63 6c 6f 73 75 72 65 5f 75 69 64 5f 22 2b 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 31 45
                                                          Data Ascii: on(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});var fb=fb||{},q=this||self,gb=q._F_toggles||[],hb=function(a){a=a.split(".");for(var b=q,c=0;c<a.length;c++)if(b=b[a[c]],b==null)return null;return b},ib="closure_uid_"+(Math.random()*1E
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 74 65 78 74 5f 5f 39 38 34 33 38 32 3d 7b 7d 29 3b 61 2e 5f 5f 63 6c 6f 73 75 72 65 5f 5f 65 72 72 6f 72 5f 5f 63 6f 6e 74 65 78 74 5f 5f 39 38 34 33 38 32 2e 73 65 76 65 72 69 74 79 3d 62 7d 3b 76 61 72 20 71 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 63 7c 7c 71 3b 76 61 72 20 64 3d 63 2e 6f 6e 65 72 72 6f 72 2c 65 3d 21 21 62 3b 63 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 68 2c 67 2c 6b 2c 6c 29 7b 64 26 26 64 28 66 2c 68 2c 67 2c 6b 2c 6c 29 3b 61 28 7b 6d 65 73 73 61 67 65 3a 66 2c 66 69 6c 65 4e 61 6d 65 3a 68 2c 6c 69 6e 65 3a 67 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 67 2c 63 61 3a 6b 2c 65 72 72 6f 72 3a 6c 7d 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 74 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68
                                                          Data Ascii: text__984382={});a.__closure__error__context__984382.severity=b};var qb=function(a,b,c){c=c||q;var d=c.onerror,e=!!b;c.onerror=function(f,h,g,k,l){d&&d(f,h,g,k,l);a({message:f,fileName:h,line:g,lineNumber:g,ca:k,error:l});return e}},tb=function(a){var b=h
                                                          2024-09-30 17:37:08 UTC1969INData Raw: 22 6e 75 6d 62 65 72 22 3a 66 3d 53 74 72 69 6e 67 28 66 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 66 3d 66 3f 22 74 72 75 65 22 3a 22 66 61 6c 73 65 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 66 3d 28 66 3d 73 62 28 66 29 29 3f 66 3a 22 5b 66 6e 5d 22 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 66 3d 0a 74 79 70 65 6f 66 20 66 7d 66 2e 6c 65 6e 67 74 68 3e 34 30 26 26 28 66 3d 66 2e 73 6c 69 63 65 28 30 2c 34 30 29 2b 22 2e 2e 2e 22 29 3b 63 2e 70 75 73 68 28 66 29 7d 62 2e 70 75 73 68 28 61 29 3b 63 2e 70 75 73 68 28 22 29 5c 6e 22 29 3b 74 72 79 7b 63 2e 70 75 73 68 28 77 62 28 61 2e 63 61 6c 6c 65 72 2c 62 29 29 7d 63 61 74 63 68 28 68 29 7b 63 2e 70 75 73 68 28 22 5b 65 78 63 65 70 74 69 6f 6e
                                                          Data Ascii: "number":f=String(f);break;case "boolean":f=f?"true":"false";break;case "function":f=(f=sb(f))?f:"[fn]";break;default:f=typeof f}f.length>40&&(f=f.slice(0,40)+"...");c.push(f)}b.push(a);c.push(")\n");try{c.push(wb(a.caller,b))}catch(h){c.push("[exception


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          4192.168.2.449764142.250.186.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:09 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Accept: */*
                                                          Access-Control-Request-Method: POST
                                                          Access-Control-Request-Headers: x-goog-authuser
                                                          Origin: https://accounts.google.com
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          2024-09-30 17:37:09 UTC520INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                          Access-Control-Max-Age: 86400
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:37:09 GMT
                                                          Server: Playlog
                                                          Content-Length: 0
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Connection: close


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          5192.168.2.449762142.250.186.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:09 UTC549OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Accept: */*
                                                          Access-Control-Request-Method: POST
                                                          Access-Control-Request-Headers: x-goog-authuser
                                                          Origin: https://accounts.google.com
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          2024-09-30 17:37:09 UTC520INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                          Access-Control-Max-Age: 86400
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:37:09 GMT
                                                          Server: Playlog
                                                          Content-Length: 0
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Connection: close


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          6192.168.2.449767142.250.186.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:10 UTC1124OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 519
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          X-Goog-AuthUser: 0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          2024-09-30 17:37:10 UTC519OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 37 31 37 38 32 37 30 35 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"30",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727717827057",null,null,null
                                                          2024-09-30 17:37:10 UTC932INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Set-Cookie: NID=518=oByKNh6mm-B5kNLO3wkmDOWyUQduu8C6i-GpVowV9q7nfgDmNyjl_kPTPdhQLX677OFt2EGjuK3o7aRq2r_m2HZAdiiNfkDD8f9KtDnlvJuRBXPFZa8reucSzd_H6oY-H4ZWFsp7ypdaca41Kj8aY6Gptaklsxfl-U0SnBZyH7_9H43pHQ; expires=Tue, 01-Apr-2025 17:37:10 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:37:10 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Expires: Mon, 30 Sep 2024 17:37:10 GMT
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:37:10 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:37:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          7192.168.2.449766142.250.186.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:10 UTC1124OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 519
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          X-Goog-AuthUser: 0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          2024-09-30 17:37:10 UTC519OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 37 31 37 38 32 36 39 37 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"30",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727717826972",null,null,null
                                                          2024-09-30 17:37:10 UTC933INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Set-Cookie: NID=518=lesMq93QOdyBHSS9vKZYHr61R838TtwYnb53UIjW7MHgUNzAQa_20dDAahryNUu3FCWLcfreFlf2Hi6YYMrR7Qhvo8cIHrQLDDWISpxJZTftxYbWLydDtut7xpBFuL6Jtwu_fCB5amAbvVYIsSL71ldKZ_2oJ792CzsFLW33MBDI67-V9D4; expires=Tue, 01-Apr-2025 17:37:10 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:37:10 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Expires: Mon, 30 Sep 2024 17:37:10 GMT
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:37:10 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:37:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          8192.168.2.449741142.250.186.364436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:10 UTC1214OUTGET /favicon.ico HTTP/1.1
                                                          Host: www.google.com
                                                          Connection: keep-alive
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: no-cors
                                                          Sec-Fetch-Dest: image
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Cookie: NID=518=lesMq93QOdyBHSS9vKZYHr61R838TtwYnb53UIjW7MHgUNzAQa_20dDAahryNUu3FCWLcfreFlf2Hi6YYMrR7Qhvo8cIHrQLDDWISpxJZTftxYbWLydDtut7xpBFuL6Jtwu_fCB5amAbvVYIsSL71ldKZ_2oJ792CzsFLW33MBDI67-V9D4
                                                          2024-09-30 17:37:10 UTC705INHTTP/1.1 200 OK
                                                          Accept-Ranges: bytes
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                          Content-Length: 5430
                                                          X-Content-Type-Options: nosniff
                                                          Server: sffe
                                                          X-XSS-Protection: 0
                                                          Date: Mon, 30 Sep 2024 17:00:09 GMT
                                                          Expires: Tue, 08 Oct 2024 17:00:09 GMT
                                                          Cache-Control: public, max-age=691200
                                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                          Content-Type: image/x-icon
                                                          Vary: Accept-Encoding
                                                          Age: 2221
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Connection: close
                                                          2024-09-30 17:37:10 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                          Data Ascii: h& ( 0.v]X:X:rY
                                                          2024-09-30 17:37:10 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                          Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                          2024-09-30 17:37:10 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                          Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                          2024-09-30 17:37:10 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                          Data Ascii: BBBBBBF!4I
                                                          2024-09-30 17:37:10 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                          Data Ascii: $'


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          9192.168.2.4497734.245.163.56443
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:14 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=EPMS9PtKV5L8tAt&MD=nFPxbtaW HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Accept: */*
                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                          Host: slscr.update.microsoft.com
                                                          2024-09-30 17:37:14 UTC560INHTTP/1.1 200 OK
                                                          Cache-Control: no-cache
                                                          Pragma: no-cache
                                                          Content-Type: application/octet-stream
                                                          Expires: -1
                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                          MS-CorrelationId: f96e5d2c-dbf3-4ca5-9a40-a7bf3617a300
                                                          MS-RequestId: 884d8989-b30b-45a2-af01-21e5f8a01d73
                                                          MS-CV: iMDdtr1PnkOUN8sP.0
                                                          X-Microsoft-SLSClientCache: 2880
                                                          Content-Disposition: attachment; filename=environment.cab
                                                          X-Content-Type-Options: nosniff
                                                          Date: Mon, 30 Sep 2024 17:37:14 GMT
                                                          Connection: close
                                                          Content-Length: 24490
                                                          2024-09-30 17:37:14 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                          2024-09-30 17:37:14 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          10192.168.2.449779142.250.186.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:16 UTC1299OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 1221
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          Content-Type: text/plain;charset=UTF-8
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          X-Goog-AuthUser: 0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Cookie: NID=518=lesMq93QOdyBHSS9vKZYHr61R838TtwYnb53UIjW7MHgUNzAQa_20dDAahryNUu3FCWLcfreFlf2Hi6YYMrR7Qhvo8cIHrQLDDWISpxJZTftxYbWLydDtut7xpBFuL6Jtwu_fCB5amAbvVYIsSL71ldKZ_2oJ792CzsFLW33MBDI67-V9D4
                                                          2024-09-30 17:37:16 UTC1221OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 37 37 31 37 38 32 34 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1727717824000",null,null,null,
                                                          2024-09-30 17:37:16 UTC941INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Set-Cookie: NID=518=0DOdV74vTP2Vl7Dy8mt66IM7hJqbaKBqJdskS79ifTbayHydQTp_nOPJBMZd2pYVmK5_KIZhLuNsWoQ834MjFeN2snZqwYh9rYyDJWweoZQUvEmh6Bf_Zcq0wIe8YRPLzPFLPvqPyRv4TUJqozhAKLkcc5WB9VCwFl9R5jaivmzQCABxUK8t8eipUX8; expires=Tue, 01-Apr-2025 17:37:16 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
                                                          P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:37:16 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Expires: Mon, 30 Sep 2024 17:37:16 GMT
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:37:16 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:37:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          11192.168.2.449782142.250.186.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:39 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 1262
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          X-Goog-AuthUser: 0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Cookie: NID=518=0DOdV74vTP2Vl7Dy8mt66IM7hJqbaKBqJdskS79ifTbayHydQTp_nOPJBMZd2pYVmK5_KIZhLuNsWoQ834MjFeN2snZqwYh9rYyDJWweoZQUvEmh6Bf_Zcq0wIe8YRPLzPFLPvqPyRv4TUJqozhAKLkcc5WB9VCwFl9R5jaivmzQCABxUK8t8eipUX8
                                                          2024-09-30 17:37:39 UTC1262OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 37 31 37 38 35 37 39 35 39 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"30",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727717857959",null,null,null
                                                          2024-09-30 17:37:40 UTC523INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:37:40 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:37:40 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:37:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          12192.168.2.449783142.250.186.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:39 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 1437
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          X-Goog-AuthUser: 0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Cookie: NID=518=0DOdV74vTP2Vl7Dy8mt66IM7hJqbaKBqJdskS79ifTbayHydQTp_nOPJBMZd2pYVmK5_KIZhLuNsWoQ834MjFeN2snZqwYh9rYyDJWweoZQUvEmh6Bf_Zcq0wIe8YRPLzPFLPvqPyRv4TUJqozhAKLkcc5WB9VCwFl9R5jaivmzQCABxUK8t8eipUX8
                                                          2024-09-30 17:37:39 UTC1437OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 37 31 37 38 35 37 39 36 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"30",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727717857960",null,null,null
                                                          2024-09-30 17:37:40 UTC523INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:37:40 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:37:40 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:37:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          13192.168.2.449784142.250.186.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:40 UTC1290OUTPOST /log?hasfast=true&authuser=0&format=json HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 1030
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          Content-Type: text/plain;charset=UTF-8
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: no-cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Cookie: NID=518=0DOdV74vTP2Vl7Dy8mt66IM7hJqbaKBqJdskS79ifTbayHydQTp_nOPJBMZd2pYVmK5_KIZhLuNsWoQ834MjFeN2snZqwYh9rYyDJWweoZQUvEmh6Bf_Zcq0wIe8YRPLzPFLPvqPyRv4TUJqozhAKLkcc5WB9VCwFl9R5jaivmzQCABxUK8t8eipUX8
                                                          2024-09-30 17:37:40 UTC1030OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 69 64 65 6e 74 69 74 79 66 72 6f 6e 74 65 6e 64 61 75 74 68 75 69 73 65 72 76 65 72 5f 32 30 32 34 30 39 32 34 2e 30 32 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_identityfrontendauthuiserver_20240924.02_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0
                                                          2024-09-30 17:37:40 UTC523INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:37:40 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:37:40 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:37:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          14192.168.2.4598964.245.163.56443
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:37:43 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=EPMS9PtKV5L8tAt&MD=nFPxbtaW HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Accept: */*
                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                          Host: slscr.update.microsoft.com
                                                          2024-09-30 17:37:43 UTC560INHTTP/1.1 200 OK
                                                          Cache-Control: no-cache
                                                          Pragma: no-cache
                                                          Content-Type: application/octet-stream
                                                          Expires: -1
                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                          ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                          MS-CorrelationId: 2d2ed660-7f20-4150-a14d-91b2d61b78f0
                                                          MS-RequestId: c77dc7a1-582c-4885-930d-5ba40a9e3ef4
                                                          MS-CV: aTFogxU4BUW7PkUF.0
                                                          X-Microsoft-SLSClientCache: 1440
                                                          Content-Disposition: attachment; filename=environment.cab
                                                          X-Content-Type-Options: nosniff
                                                          Date: Mon, 30 Sep 2024 17:37:43 GMT
                                                          Connection: close
                                                          Content-Length: 30005
                                                          2024-09-30 17:37:43 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                          2024-09-30 17:37:43 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                          Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          15192.168.2.459901216.58.206.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:38:11 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 1157
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          X-Goog-AuthUser: 0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Cookie: NID=518=0DOdV74vTP2Vl7Dy8mt66IM7hJqbaKBqJdskS79ifTbayHydQTp_nOPJBMZd2pYVmK5_KIZhLuNsWoQ834MjFeN2snZqwYh9rYyDJWweoZQUvEmh6Bf_Zcq0wIe8YRPLzPFLPvqPyRv4TUJqozhAKLkcc5WB9VCwFl9R5jaivmzQCABxUK8t8eipUX8
                                                          2024-09-30 17:38:11 UTC1157OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 37 31 37 38 38 39 37 30 39 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"30",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727717889709",null,null,null
                                                          2024-09-30 17:38:11 UTC523INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:38:11 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:38:11 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:38:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          16192.168.2.459902216.58.206.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:38:11 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 1471
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          X-Goog-AuthUser: 0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Cookie: NID=518=0DOdV74vTP2Vl7Dy8mt66IM7hJqbaKBqJdskS79ifTbayHydQTp_nOPJBMZd2pYVmK5_KIZhLuNsWoQ834MjFeN2snZqwYh9rYyDJWweoZQUvEmh6Bf_Zcq0wIe8YRPLzPFLPvqPyRv4TUJqozhAKLkcc5WB9VCwFl9R5jaivmzQCABxUK8t8eipUX8
                                                          2024-09-30 17:38:11 UTC1471OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 37 31 37 38 38 39 39 34 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"30",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727717889944",null,null,null
                                                          2024-09-30 17:38:12 UTC523INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:38:11 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:38:12 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:38:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          17192.168.2.459904216.58.206.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:38:43 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 1563
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          X-Goog-AuthUser: 0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Cookie: NID=518=0DOdV74vTP2Vl7Dy8mt66IM7hJqbaKBqJdskS79ifTbayHydQTp_nOPJBMZd2pYVmK5_KIZhLuNsWoQ834MjFeN2snZqwYh9rYyDJWweoZQUvEmh6Bf_Zcq0wIe8YRPLzPFLPvqPyRv4TUJqozhAKLkcc5WB9VCwFl9R5jaivmzQCABxUK8t8eipUX8
                                                          2024-09-30 17:38:43 UTC1563OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 37 31 37 39 32 31 36 39 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"30",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727717921694",null,null,null
                                                          2024-09-30 17:38:43 UTC523INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:38:43 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:38:43 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:38:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          18192.168.2.459905216.58.206.464436680C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          TimestampBytes transferredDirectionData
                                                          2024-09-30 17:38:44 UTC1330OUTPOST /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                          Host: play.google.com
                                                          Connection: keep-alive
                                                          Content-Length: 1314
                                                          sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                          sec-ch-ua-mobile: ?0
                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                          sec-ch-ua-arch: "x86"
                                                          Content-Type: application/x-www-form-urlencoded;charset=UTF-8
                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                          sec-ch-ua-platform-version: "10.0.0"
                                                          X-Goog-AuthUser: 0
                                                          sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"
                                                          sec-ch-ua-bitness: "64"
                                                          sec-ch-ua-model: ""
                                                          sec-ch-ua-wow64: ?0
                                                          sec-ch-ua-platform: "Windows"
                                                          Accept: */*
                                                          Origin: https://accounts.google.com
                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                          Sec-Fetch-Site: same-site
                                                          Sec-Fetch-Mode: cors
                                                          Sec-Fetch-Dest: empty
                                                          Referer: https://accounts.google.com/
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-US,en;q=0.9
                                                          Cookie: NID=518=0DOdV74vTP2Vl7Dy8mt66IM7hJqbaKBqJdskS79ifTbayHydQTp_nOPJBMZd2pYVmK5_KIZhLuNsWoQ834MjFeN2snZqwYh9rYyDJWweoZQUvEmh6Bf_Zcq0wIe8YRPLzPFLPvqPyRv4TUJqozhAKLkcc5WB9VCwFl9R5jaivmzQCABxUK8t8eipUX8
                                                          2024-09-30 17:38:44 UTC1314OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 33 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 37 37 31 37 39 32 32 32 37 39 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c
                                                          Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"30",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1727717922279",null,null,null
                                                          2024-09-30 17:38:44 UTC523INHTTP/1.1 200 OK
                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                          Cross-Origin-Resource-Policy: cross-origin
                                                          Access-Control-Allow-Credentials: true
                                                          Access-Control-Allow-Headers: X-Playlog-Web
                                                          Content-Type: text/plain; charset=UTF-8
                                                          Date: Mon, 30 Sep 2024 17:38:44 GMT
                                                          Server: Playlog
                                                          Cache-Control: private
                                                          X-XSS-Protection: 0
                                                          X-Frame-Options: SAMEORIGIN
                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                          Accept-Ranges: none
                                                          Vary: Accept-Encoding
                                                          Connection: close
                                                          Transfer-Encoding: chunked
                                                          2024-09-30 17:38:44 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
                                                          Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
                                                          2024-09-30 17:38:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                          Data Ascii: 0


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:13:36:53
                                                          Start date:30/09/2024
                                                          Path:C:\Users\user\Desktop\random.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\random.exe"
                                                          Imagebase:0x240000
                                                          File size:1'167'360 bytes
                                                          MD5 hash:0BDC931DFBF405332BA87054D9096A2E
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:false

                                                          General

                                                          Target ID:1
                                                          Start time:13:36:53
                                                          Start date:30/09/2024
                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
                                                          Imagebase:0x7ff76e190000
                                                          File size:3'242'272 bytes
                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:3
                                                          Start time:13:36:54
                                                          Start date:30/09/2024
                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8
                                                          Imagebase:0x7ff76e190000
                                                          File size:3'242'272 bytes
                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:4
                                                          Start time:13:37:07
                                                          Start date:30/09/2024
                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5328 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8
                                                          Imagebase:0x7ff76e190000
                                                          File size:3'242'272 bytes
                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:5
                                                          Start time:13:37:07
                                                          Start date:30/09/2024
                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1964,i,250367667355379585,18088655434334270874,262144 /prefetch:8
                                                          Imagebase:0x7ff76e190000
                                                          File size:3'242'272 bytes
                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:2.2%
                                                            Dynamic/Decrypted Code Coverage:0%
                                                            Signature Coverage:7.1%
                                                            Total number of Nodes:1503
                                                            Total number of Limit Nodes:53
                                                            execution_graph 93691 241044 93696 2410f3 93691->93696 93693 24104a 93732 2600a3 29 API calls __onexit 93693->93732 93695 241054 93733 241398 93696->93733 93700 24116a 93743 24a961 93700->93743 93703 24a961 22 API calls 93704 24117e 93703->93704 93705 24a961 22 API calls 93704->93705 93706 241188 93705->93706 93707 24a961 22 API calls 93706->93707 93708 2411c6 93707->93708 93709 24a961 22 API calls 93708->93709 93710 241292 93709->93710 93748 24171c 93710->93748 93714 2412c4 93715 24a961 22 API calls 93714->93715 93716 2412ce 93715->93716 93769 251940 93716->93769 93718 2412f9 93779 241aab 93718->93779 93720 241315 93721 241325 GetStdHandle 93720->93721 93722 282485 93721->93722 93723 24137a 93721->93723 93722->93723 93724 28248e 93722->93724 93726 241387 OleInitialize 93723->93726 93786 25fddb 93724->93786 93726->93693 93727 282495 93796 2b011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 93727->93796 93729 28249e 93797 2b0944 CreateThread 93729->93797 93731 2824aa CloseHandle 93731->93723 93732->93695 93798 2413f1 93733->93798 93736 2413f1 22 API calls 93737 2413d0 93736->93737 93738 24a961 22 API calls 93737->93738 93739 2413dc 93738->93739 93805 246b57 93739->93805 93741 241129 93742 241bc3 6 API calls 93741->93742 93742->93700 93744 25fe0b 22 API calls 93743->93744 93745 24a976 93744->93745 93746 25fddb 22 API calls 93745->93746 93747 241174 93746->93747 93747->93703 93749 24a961 22 API calls 93748->93749 93750 24172c 93749->93750 93751 24a961 22 API calls 93750->93751 93752 241734 93751->93752 93753 24a961 22 API calls 93752->93753 93754 24174f 93753->93754 93755 25fddb 22 API calls 93754->93755 93756 24129c 93755->93756 93757 241b4a 93756->93757 93758 241b58 93757->93758 93759 24a961 22 API calls 93758->93759 93760 241b63 93759->93760 93761 24a961 22 API calls 93760->93761 93762 241b6e 93761->93762 93763 24a961 22 API calls 93762->93763 93764 241b79 93763->93764 93765 24a961 22 API calls 93764->93765 93766 241b84 93765->93766 93767 25fddb 22 API calls 93766->93767 93768 241b96 RegisterWindowMessageW 93767->93768 93768->93714 93770 251981 93769->93770 93776 25195d 93769->93776 93850 260242 5 API calls __Init_thread_wait 93770->93850 93771 25196e 93771->93718 93774 25198b 93774->93776 93851 2601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 93774->93851 93775 258727 93775->93771 93853 2601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 93775->93853 93776->93771 93852 260242 5 API calls __Init_thread_wait 93776->93852 93780 28272d 93779->93780 93781 241abb 93779->93781 93854 2b3209 23 API calls 93780->93854 93782 25fddb 22 API calls 93781->93782 93784 241ac3 93782->93784 93784->93720 93785 282738 93788 25fde0 93786->93788 93787 26ea0c ___std_exception_copy 21 API calls 93787->93788 93788->93787 93789 25fdfa 93788->93789 93792 25fdfc 93788->93792 93855 264ead 7 API calls 2 library calls 93788->93855 93789->93727 93791 26066d 93857 2632a4 RaiseException 93791->93857 93792->93791 93856 2632a4 RaiseException 93792->93856 93795 26068a 93795->93727 93796->93729 93797->93731 93858 2b092a 28 API calls 93797->93858 93799 24a961 22 API calls 93798->93799 93800 2413fc 93799->93800 93801 24a961 22 API calls 93800->93801 93802 241404 93801->93802 93803 24a961 22 API calls 93802->93803 93804 2413c6 93803->93804 93804->93736 93806 246b67 _wcslen 93805->93806 93807 284ba1 93805->93807 93810 246ba2 93806->93810 93811 246b7d 93806->93811 93828 2493b2 93807->93828 93809 284baa 93809->93809 93813 25fddb 22 API calls 93810->93813 93817 246f34 22 API calls 93811->93817 93814 246bae 93813->93814 93818 25fe0b 93814->93818 93815 246b85 __fread_nolock 93815->93741 93817->93815 93820 25fddb 93818->93820 93821 25fdfa 93820->93821 93824 25fdfc 93820->93824 93832 26ea0c 93820->93832 93839 264ead 7 API calls 2 library calls 93820->93839 93821->93815 93823 26066d 93841 2632a4 RaiseException 93823->93841 93824->93823 93840 2632a4 RaiseException 93824->93840 93827 26068a 93827->93815 93829 2493c0 93828->93829 93831 2493c9 __fread_nolock 93828->93831 93829->93831 93844 24aec9 93829->93844 93831->93809 93838 273820 __dosmaperr 93832->93838 93833 27385e 93843 26f2d9 20 API calls __dosmaperr 93833->93843 93835 273849 RtlAllocateHeap 93836 27385c 93835->93836 93835->93838 93836->93820 93838->93833 93838->93835 93842 264ead 7 API calls 2 library calls 93838->93842 93839->93820 93840->93823 93841->93827 93842->93838 93843->93836 93845 24aedc 93844->93845 93846 24aed9 __fread_nolock 93844->93846 93847 25fddb 22 API calls 93845->93847 93846->93831 93848 24aee7 93847->93848 93849 25fe0b 22 API calls 93848->93849 93849->93846 93850->93774 93851->93776 93852->93775 93853->93771 93854->93785 93855->93788 93856->93791 93857->93795 93859 24dee5 93862 24b710 93859->93862 93863 24b72b 93862->93863 93864 2900f8 93863->93864 93865 290146 93863->93865 93874 24b750 93863->93874 93868 290102 93864->93868 93871 29010f 93864->93871 93864->93874 93917 2c58a2 93865->93917 93957 2c5d33 216 API calls 93868->93957 93889 24ba20 93871->93889 93958 2c61d0 216 API calls 2 library calls 93871->93958 93879 290322 93874->93879 93883 24ba4e 93874->93883 93887 25d336 40 API calls 93874->93887 93888 24bbe0 40 API calls 93874->93888 93874->93889 93893 24ec40 93874->93893 93940 24a81b 93874->93940 93944 25d2f0 93874->93944 93950 25a01b 216 API calls 93874->93950 93951 260242 5 API calls __Init_thread_wait 93874->93951 93952 25edcd 22 API calls 93874->93952 93953 2600a3 29 API calls __onexit 93874->93953 93954 2601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 93874->93954 93955 25ee53 82 API calls 93874->93955 93956 25e5ca 216 API calls 93874->93956 93959 24aceb 93874->93959 93969 29f6bf 23 API calls 93874->93969 93970 24a8c7 22 API calls __fread_nolock 93874->93970 93876 2903d9 93876->93876 93971 2c5c0c 82 API calls 93879->93971 93887->93874 93888->93874 93889->93883 93972 2b359c 82 API calls __wsopen_s 93889->93972 93914 24ec76 ISource 93893->93914 93894 2600a3 29 API calls pre_c_initialization 93894->93914 93896 24fef7 93910 24ed9d ISource 93896->93910 93976 24a8c7 22 API calls __fread_nolock 93896->93976 93898 25fddb 22 API calls 93898->93914 93899 294600 93899->93910 93975 24a8c7 22 API calls __fread_nolock 93899->93975 93900 294b0b 93978 2b359c 82 API calls __wsopen_s 93900->93978 93901 24a8c7 22 API calls 93901->93914 93907 260242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 93907->93914 93908 24fbe3 93908->93910 93911 294bdc 93908->93911 93916 24f3ae ISource 93908->93916 93909 24a961 22 API calls 93909->93914 93910->93874 93979 2b359c 82 API calls __wsopen_s 93911->93979 93913 294beb 93980 2b359c 82 API calls __wsopen_s 93913->93980 93914->93894 93914->93896 93914->93898 93914->93899 93914->93900 93914->93901 93914->93907 93914->93908 93914->93909 93914->93910 93914->93913 93915 2601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 93914->93915 93914->93916 93973 2501e0 216 API calls 2 library calls 93914->93973 93974 2506a0 41 API calls ISource 93914->93974 93915->93914 93916->93910 93977 2b359c 82 API calls __wsopen_s 93916->93977 93918 2c58cb 93917->93918 93919 2c58e1 93917->93919 93918->93919 93920 2c58d0 93918->93920 93936 2c5935 93919->93936 93982 260242 5 API calls __Init_thread_wait 93919->93982 93981 2c5d33 216 API calls 93920->93981 93923 2c58dc 93923->93874 93924 2c5906 93924->93936 93983 25edcd 22 API calls 93924->93983 93925 25d2f0 40 API calls 93925->93936 93927 2c591f 93984 2600a3 29 API calls __onexit 93927->93984 93928 2c5aa8 93989 2b359c 82 API calls __wsopen_s 93928->93989 93931 24a81b 41 API calls 93931->93936 93932 2c5929 93985 2601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 93932->93985 93935 25ee53 82 API calls 93935->93936 93936->93923 93936->93925 93936->93928 93936->93931 93936->93935 93938 24ec40 216 API calls 93936->93938 93986 25a01b 216 API calls 93936->93986 93987 2c5c0c 82 API calls 93936->93987 93988 25e5ca 216 API calls 93936->93988 93938->93936 93941 24a826 93940->93941 93942 24a855 93941->93942 93990 24a993 93941->93990 93942->93874 93945 25d329 93944->93945 93949 25d2fc 93944->93949 93945->93949 94021 25d336 40 API calls 93945->94021 93947 25d321 93947->93874 93949->93947 94020 25d336 40 API calls 93949->94020 93950->93874 93951->93874 93952->93874 93953->93874 93954->93874 93955->93874 93956->93874 93957->93871 93958->93889 93960 24acf9 93959->93960 93968 24ad2a ISource 93959->93968 93961 24ad55 93960->93961 93963 24ad01 ISource 93960->93963 93961->93968 94022 24a8c7 22 API calls __fread_nolock 93961->94022 93964 24ad21 93963->93964 93965 28fa48 93963->93965 93963->93968 93966 28fa3a VariantClear 93964->93966 93964->93968 93965->93968 94023 25ce17 22 API calls ISource 93965->94023 93966->93968 93968->93874 93969->93874 93970->93874 93971->93889 93972->93876 93973->93914 93974->93914 93975->93910 93976->93910 93977->93910 93978->93910 93979->93913 93980->93910 93981->93923 93982->93924 93983->93927 93984->93932 93985->93936 93986->93936 93987->93936 93988->93936 93989->93923 94007 24bbe0 93990->94007 93992 24a9a3 93993 28f8c8 93992->93993 93994 24a9b1 93992->93994 93995 24aceb 23 API calls 93993->93995 93996 25fddb 22 API calls 93994->93996 93997 28f8d3 93995->93997 93998 24a9c2 93996->93998 93999 24a961 22 API calls 93998->93999 94000 24a9cc 93999->94000 94001 24a9db 94000->94001 94015 24a8c7 22 API calls __fread_nolock 94000->94015 94003 25fddb 22 API calls 94001->94003 94004 24a9e5 94003->94004 94016 24a869 40 API calls 94004->94016 94006 24aa09 94006->93942 94008 24be27 94007->94008 94011 24bbf3 94007->94011 94008->93992 94010 24a961 22 API calls 94010->94011 94011->94010 94013 24bc9d 94011->94013 94017 260242 5 API calls __Init_thread_wait 94011->94017 94018 2600a3 29 API calls __onexit 94011->94018 94019 2601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94011->94019 94013->93992 94015->94001 94016->94006 94017->94011 94018->94011 94019->94011 94020->93947 94021->93949 94022->93968 94023->93968 94024 278402 94029 2781be 94024->94029 94027 27842a 94030 2781ef try_get_first_available_module 94029->94030 94037 278338 94030->94037 94044 268e0b 40 API calls 2 library calls 94030->94044 94032 2783ee 94048 2727ec 26 API calls __cftof 94032->94048 94034 278343 94034->94027 94041 280984 94034->94041 94036 27838c 94036->94037 94045 268e0b 40 API calls 2 library calls 94036->94045 94037->94034 94047 26f2d9 20 API calls __dosmaperr 94037->94047 94039 2783ab 94039->94037 94046 268e0b 40 API calls 2 library calls 94039->94046 94049 280081 94041->94049 94043 28099f 94043->94027 94044->94036 94045->94039 94046->94037 94047->94032 94048->94034 94050 28008d __FrameHandler3::FrameUnwindToState 94049->94050 94051 28009b 94050->94051 94054 2800d4 94050->94054 94106 26f2d9 20 API calls __dosmaperr 94051->94106 94053 2800a0 94107 2727ec 26 API calls __cftof 94053->94107 94060 28065b 94054->94060 94059 2800aa __wsopen_s 94059->94043 94061 280678 94060->94061 94062 28068d 94061->94062 94063 2806a6 94061->94063 94123 26f2c6 20 API calls __dosmaperr 94062->94123 94109 275221 94063->94109 94066 280692 94124 26f2d9 20 API calls __dosmaperr 94066->94124 94067 2806ab 94068 2806cb 94067->94068 94069 2806b4 94067->94069 94122 28039a CreateFileW 94068->94122 94125 26f2c6 20 API calls __dosmaperr 94069->94125 94073 2806b9 94126 26f2d9 20 API calls __dosmaperr 94073->94126 94074 280781 GetFileType 94077 28078c GetLastError 94074->94077 94078 2807d3 94074->94078 94076 280756 GetLastError 94128 26f2a3 20 API calls __dosmaperr 94076->94128 94129 26f2a3 20 API calls __dosmaperr 94077->94129 94131 27516a 21 API calls 2 library calls 94078->94131 94079 280704 94079->94074 94079->94076 94127 28039a CreateFileW 94079->94127 94083 28079a CloseHandle 94083->94066 94086 2807c3 94083->94086 94085 280749 94085->94074 94085->94076 94130 26f2d9 20 API calls __dosmaperr 94086->94130 94088 2807f4 94092 280840 94088->94092 94132 2805ab 72 API calls 3 library calls 94088->94132 94089 2807c8 94089->94066 94094 28086d 94092->94094 94133 28014d 72 API calls 4 library calls 94092->94133 94093 280866 94093->94094 94095 28087e 94093->94095 94134 2786ae 94094->94134 94097 2800f8 94095->94097 94098 2808fc CloseHandle 94095->94098 94108 280121 LeaveCriticalSection __wsopen_s 94097->94108 94149 28039a CreateFileW 94098->94149 94100 280927 94101 280931 GetLastError 94100->94101 94102 28095d 94100->94102 94150 26f2a3 20 API calls __dosmaperr 94101->94150 94102->94097 94104 28093d 94151 275333 21 API calls 2 library calls 94104->94151 94106->94053 94107->94059 94108->94059 94110 27522d __FrameHandler3::FrameUnwindToState 94109->94110 94152 272f5e EnterCriticalSection 94110->94152 94112 275234 94113 275259 94112->94113 94118 2752c7 EnterCriticalSection 94112->94118 94119 27527b 94112->94119 94156 275000 94113->94156 94116 2752a4 __wsopen_s 94116->94067 94118->94119 94120 2752d4 LeaveCriticalSection 94118->94120 94153 27532a 94119->94153 94120->94112 94122->94079 94123->94066 94124->94097 94125->94073 94126->94066 94127->94085 94128->94066 94129->94083 94130->94089 94131->94088 94132->94092 94133->94093 94182 2753c4 94134->94182 94136 2786c4 94195 275333 21 API calls 2 library calls 94136->94195 94138 2786be 94138->94136 94140 2753c4 __wsopen_s 26 API calls 94138->94140 94148 2786f6 94138->94148 94139 2753c4 __wsopen_s 26 API calls 94141 278702 CloseHandle 94139->94141 94144 2786ed 94140->94144 94141->94136 94146 27870e GetLastError 94141->94146 94142 27873e 94142->94097 94143 27871c 94143->94142 94196 26f2a3 20 API calls __dosmaperr 94143->94196 94145 2753c4 __wsopen_s 26 API calls 94144->94145 94145->94148 94146->94136 94148->94136 94148->94139 94149->94100 94150->94104 94151->94102 94152->94112 94164 272fa6 LeaveCriticalSection 94153->94164 94155 275331 94155->94116 94165 274c7d 94156->94165 94158 275012 94162 27501f 94158->94162 94172 273405 11 API calls 2 library calls 94158->94172 94161 275071 94161->94119 94163 275147 EnterCriticalSection 94161->94163 94173 2729c8 94162->94173 94163->94119 94164->94155 94170 274c8a __dosmaperr 94165->94170 94166 274cca 94180 26f2d9 20 API calls __dosmaperr 94166->94180 94167 274cb5 RtlAllocateHeap 94168 274cc8 94167->94168 94167->94170 94168->94158 94170->94166 94170->94167 94179 264ead 7 API calls 2 library calls 94170->94179 94172->94158 94174 2729d3 RtlFreeHeap 94173->94174 94175 2729fc __dosmaperr 94173->94175 94174->94175 94176 2729e8 94174->94176 94175->94161 94181 26f2d9 20 API calls __dosmaperr 94176->94181 94178 2729ee GetLastError 94178->94175 94179->94170 94180->94168 94181->94178 94183 2753e6 94182->94183 94184 2753d1 94182->94184 94189 27540b 94183->94189 94199 26f2c6 20 API calls __dosmaperr 94183->94199 94197 26f2c6 20 API calls __dosmaperr 94184->94197 94186 2753d6 94198 26f2d9 20 API calls __dosmaperr 94186->94198 94189->94138 94190 275416 94200 26f2d9 20 API calls __dosmaperr 94190->94200 94192 2753de 94192->94138 94193 27541e 94201 2727ec 26 API calls __cftof 94193->94201 94195->94143 94196->94142 94197->94186 94198->94192 94199->94190 94200->94193 94201->94192 94202 242de3 94203 242df0 __wsopen_s 94202->94203 94204 282c2b ___scrt_fastfail 94203->94204 94205 242e09 94203->94205 94207 282c47 GetOpenFileNameW 94204->94207 94218 243aa2 94205->94218 94209 282c96 94207->94209 94211 246b57 22 API calls 94209->94211 94213 282cab 94211->94213 94213->94213 94215 242e27 94246 2444a8 94215->94246 94276 281f50 94218->94276 94221 243ace 94223 246b57 22 API calls 94221->94223 94222 243ae9 94282 24a6c3 94222->94282 94225 243ada 94223->94225 94278 2437a0 94225->94278 94228 242da5 94229 281f50 __wsopen_s 94228->94229 94230 242db2 GetLongPathNameW 94229->94230 94231 246b57 22 API calls 94230->94231 94232 242dda 94231->94232 94233 243598 94232->94233 94234 24a961 22 API calls 94233->94234 94235 2435aa 94234->94235 94236 243aa2 23 API calls 94235->94236 94237 2435b5 94236->94237 94238 2435c0 94237->94238 94243 2832eb 94237->94243 94288 24515f 94238->94288 94242 28330d 94243->94242 94300 25ce60 41 API calls 94243->94300 94245 2435df 94245->94215 94301 244ecb 94246->94301 94249 283833 94323 2b2cf9 94249->94323 94250 244ecb 94 API calls 94252 2444e1 94250->94252 94252->94249 94254 2444e9 94252->94254 94253 283848 94255 283869 94253->94255 94256 28384c 94253->94256 94258 2444f5 94254->94258 94259 283854 94254->94259 94257 25fe0b 22 API calls 94255->94257 94373 244f39 94256->94373 94275 2838ae 94257->94275 94372 24940c 136 API calls 2 library calls 94258->94372 94379 2ada5a 82 API calls 94259->94379 94263 242e31 94264 283862 94264->94255 94265 283a5f 94266 283a67 94265->94266 94267 244f39 68 API calls 94266->94267 94381 2a989b 82 API calls __wsopen_s 94266->94381 94267->94266 94272 249cb3 22 API calls 94272->94275 94275->94265 94275->94266 94275->94272 94349 2a967e 94275->94349 94352 2b0b5a 94275->94352 94358 24a4a1 94275->94358 94366 243ff7 94275->94366 94380 2a95ad 42 API calls _wcslen 94275->94380 94277 243aaf GetFullPathNameW 94276->94277 94277->94221 94277->94222 94279 2437ae 94278->94279 94280 2493b2 22 API calls 94279->94280 94281 242e12 94280->94281 94281->94228 94283 24a6d0 94282->94283 94284 24a6dd 94282->94284 94283->94225 94285 25fddb 22 API calls 94284->94285 94286 24a6e7 94285->94286 94287 25fe0b 22 API calls 94286->94287 94287->94283 94289 24516e 94288->94289 94293 24518f __fread_nolock 94288->94293 94291 25fe0b 22 API calls 94289->94291 94290 25fddb 22 API calls 94292 2435cc 94290->94292 94291->94293 94294 2435f3 94292->94294 94293->94290 94295 243605 94294->94295 94299 243624 __fread_nolock 94294->94299 94297 25fe0b 22 API calls 94295->94297 94296 25fddb 22 API calls 94298 24363b 94296->94298 94297->94299 94298->94245 94299->94296 94300->94243 94382 244e90 LoadLibraryA 94301->94382 94306 244ef6 LoadLibraryExW 94390 244e59 LoadLibraryA 94306->94390 94307 283ccf 94308 244f39 68 API calls 94307->94308 94310 283cd6 94308->94310 94312 244e59 3 API calls 94310->94312 94314 283cde 94312->94314 94412 2450f5 94314->94412 94315 244f20 94315->94314 94316 244f2c 94315->94316 94318 244f39 68 API calls 94316->94318 94320 2444cd 94318->94320 94320->94249 94320->94250 94322 283d05 94324 2b2d15 94323->94324 94325 24511f 64 API calls 94324->94325 94326 2b2d29 94325->94326 94546 2b2e66 94326->94546 94329 2b2d3f 94329->94253 94330 2450f5 40 API calls 94331 2b2d56 94330->94331 94332 2450f5 40 API calls 94331->94332 94333 2b2d66 94332->94333 94334 2450f5 40 API calls 94333->94334 94335 2b2d81 94334->94335 94336 2450f5 40 API calls 94335->94336 94337 2b2d9c 94336->94337 94338 24511f 64 API calls 94337->94338 94339 2b2db3 94338->94339 94340 26ea0c ___std_exception_copy 21 API calls 94339->94340 94341 2b2dba 94340->94341 94342 26ea0c ___std_exception_copy 21 API calls 94341->94342 94343 2b2dc4 94342->94343 94344 2450f5 40 API calls 94343->94344 94345 2b2dd8 94344->94345 94346 2b28fe 27 API calls 94345->94346 94347 2b2dee 94346->94347 94347->94329 94552 2b22ce 79 API calls 94347->94552 94350 25fe0b 22 API calls 94349->94350 94351 2a96ae __fread_nolock 94350->94351 94351->94275 94353 2b0b65 94352->94353 94354 25fddb 22 API calls 94353->94354 94355 2b0b7c 94354->94355 94553 249cb3 94355->94553 94360 24a52b 94358->94360 94365 24a4b1 __fread_nolock 94358->94365 94359 25fddb 22 API calls 94362 24a4b8 94359->94362 94361 25fe0b 22 API calls 94360->94361 94361->94365 94363 25fddb 22 API calls 94362->94363 94364 24a4d6 94362->94364 94363->94364 94364->94275 94365->94359 94367 24400a 94366->94367 94370 2440ae 94366->94370 94369 25fe0b 22 API calls 94367->94369 94371 24403c 94367->94371 94368 25fddb 22 API calls 94368->94371 94369->94371 94370->94275 94371->94368 94371->94370 94372->94263 94374 244f43 94373->94374 94378 244f4a 94373->94378 94559 26e678 94374->94559 94376 244f59 94376->94259 94377 244f6a FreeLibrary 94377->94376 94378->94376 94378->94377 94379->94264 94380->94275 94381->94266 94383 244ec6 94382->94383 94384 244ea8 GetProcAddress 94382->94384 94387 26e5eb 94383->94387 94385 244eb8 94384->94385 94385->94383 94386 244ebf FreeLibrary 94385->94386 94386->94383 94420 26e52a 94387->94420 94389 244eea 94389->94306 94389->94307 94391 244e8d 94390->94391 94392 244e6e GetProcAddress 94390->94392 94395 244f80 94391->94395 94393 244e7e 94392->94393 94393->94391 94394 244e86 FreeLibrary 94393->94394 94394->94391 94396 25fe0b 22 API calls 94395->94396 94397 244f95 94396->94397 94472 245722 94397->94472 94399 244fa1 __fread_nolock 94400 2450a5 94399->94400 94401 283d1d 94399->94401 94411 244fdc 94399->94411 94475 2442a2 CreateStreamOnHGlobal 94400->94475 94486 2b304d 74 API calls 94401->94486 94404 283d22 94406 24511f 64 API calls 94404->94406 94405 2450f5 40 API calls 94405->94411 94407 283d45 94406->94407 94408 2450f5 40 API calls 94407->94408 94410 24506e ISource 94408->94410 94410->94315 94411->94404 94411->94405 94411->94410 94481 24511f 94411->94481 94413 245107 94412->94413 94414 283d70 94412->94414 94508 26e8c4 94413->94508 94417 2b28fe 94529 2b274e 94417->94529 94419 2b2919 94419->94322 94423 26e536 __FrameHandler3::FrameUnwindToState 94420->94423 94421 26e544 94445 26f2d9 20 API calls __dosmaperr 94421->94445 94423->94421 94425 26e574 94423->94425 94424 26e549 94446 2727ec 26 API calls __cftof 94424->94446 94427 26e586 94425->94427 94428 26e579 94425->94428 94437 278061 94427->94437 94447 26f2d9 20 API calls __dosmaperr 94428->94447 94431 26e58f 94432 26e595 94431->94432 94433 26e5a2 94431->94433 94448 26f2d9 20 API calls __dosmaperr 94432->94448 94449 26e5d4 LeaveCriticalSection __fread_nolock 94433->94449 94435 26e554 __wsopen_s 94435->94389 94438 27806d __FrameHandler3::FrameUnwindToState 94437->94438 94450 272f5e EnterCriticalSection 94438->94450 94440 27807b 94451 2780fb 94440->94451 94444 2780ac __wsopen_s 94444->94431 94445->94424 94446->94435 94447->94435 94448->94435 94449->94435 94450->94440 94452 27811e 94451->94452 94453 278177 94452->94453 94460 278088 94452->94460 94467 26918d EnterCriticalSection 94452->94467 94468 2691a1 LeaveCriticalSection 94452->94468 94454 274c7d __dosmaperr 20 API calls 94453->94454 94455 278180 94454->94455 94457 2729c8 _free 20 API calls 94455->94457 94458 278189 94457->94458 94458->94460 94469 273405 11 API calls 2 library calls 94458->94469 94464 2780b7 94460->94464 94461 2781a8 94470 26918d EnterCriticalSection 94461->94470 94471 272fa6 LeaveCriticalSection 94464->94471 94466 2780be 94466->94444 94467->94452 94468->94452 94469->94461 94470->94460 94471->94466 94473 25fddb 22 API calls 94472->94473 94474 245734 94473->94474 94474->94399 94476 2442bc FindResourceExW 94475->94476 94480 2442d9 94475->94480 94477 2835ba LoadResource 94476->94477 94476->94480 94478 2835cf SizeofResource 94477->94478 94477->94480 94479 2835e3 LockResource 94478->94479 94478->94480 94479->94480 94480->94411 94482 283d90 94481->94482 94483 24512e 94481->94483 94487 26ece3 94483->94487 94486->94404 94490 26eaaa 94487->94490 94489 24513c 94489->94411 94493 26eab6 __FrameHandler3::FrameUnwindToState 94490->94493 94491 26eac2 94503 26f2d9 20 API calls __dosmaperr 94491->94503 94493->94491 94494 26eae8 94493->94494 94505 26918d EnterCriticalSection 94494->94505 94495 26eac7 94504 2727ec 26 API calls __cftof 94495->94504 94498 26eaf4 94506 26ec0a 62 API calls 2 library calls 94498->94506 94500 26eb08 94507 26eb27 LeaveCriticalSection __fread_nolock 94500->94507 94502 26ead2 __wsopen_s 94502->94489 94503->94495 94504->94502 94505->94498 94506->94500 94507->94502 94511 26e8e1 94508->94511 94510 245118 94510->94417 94512 26e8ed __FrameHandler3::FrameUnwindToState 94511->94512 94513 26e92d 94512->94513 94516 26e900 ___scrt_fastfail 94512->94516 94523 26e925 __wsopen_s 94512->94523 94526 26918d EnterCriticalSection 94513->94526 94515 26e937 94527 26e6f8 38 API calls 4 library calls 94515->94527 94524 26f2d9 20 API calls __dosmaperr 94516->94524 94519 26e91a 94525 2727ec 26 API calls __cftof 94519->94525 94520 26e94e 94528 26e96c LeaveCriticalSection __fread_nolock 94520->94528 94523->94510 94524->94519 94525->94523 94526->94515 94527->94520 94528->94523 94532 26e4e8 94529->94532 94531 2b275d 94531->94419 94535 26e469 94532->94535 94534 26e505 94534->94531 94536 26e48c 94535->94536 94537 26e478 94535->94537 94542 26e488 __alldvrm 94536->94542 94545 27333f 11 API calls 2 library calls 94536->94545 94543 26f2d9 20 API calls __dosmaperr 94537->94543 94539 26e47d 94544 2727ec 26 API calls __cftof 94539->94544 94542->94534 94543->94539 94544->94542 94545->94542 94547 2b2e7a 94546->94547 94548 2450f5 40 API calls 94547->94548 94549 2b2d3b 94547->94549 94550 2b28fe 27 API calls 94547->94550 94551 24511f 64 API calls 94547->94551 94548->94547 94549->94329 94549->94330 94550->94547 94551->94547 94552->94329 94554 249cc2 _wcslen 94553->94554 94555 25fe0b 22 API calls 94554->94555 94556 249cea __fread_nolock 94555->94556 94557 25fddb 22 API calls 94556->94557 94558 249d00 94557->94558 94558->94275 94560 26e684 __FrameHandler3::FrameUnwindToState 94559->94560 94561 26e695 94560->94561 94562 26e6aa 94560->94562 94572 26f2d9 20 API calls __dosmaperr 94561->94572 94571 26e6a5 __wsopen_s 94562->94571 94574 26918d EnterCriticalSection 94562->94574 94564 26e69a 94573 2727ec 26 API calls __cftof 94564->94573 94566 26e6c6 94575 26e602 94566->94575 94569 26e6d1 94591 26e6ee LeaveCriticalSection __fread_nolock 94569->94591 94571->94378 94572->94564 94573->94571 94574->94566 94576 26e60f 94575->94576 94577 26e624 94575->94577 94592 26f2d9 20 API calls __dosmaperr 94576->94592 94583 26e61f 94577->94583 94594 26dc0b 94577->94594 94580 26e614 94593 2727ec 26 API calls __cftof 94580->94593 94583->94569 94587 26e646 94611 27862f 94587->94611 94590 2729c8 _free 20 API calls 94590->94583 94591->94571 94592->94580 94593->94583 94595 26dc23 94594->94595 94597 26dc1f 94594->94597 94596 26d955 __fread_nolock 26 API calls 94595->94596 94595->94597 94598 26dc43 94596->94598 94600 274d7a 94597->94600 94626 2759be 62 API calls 4 library calls 94598->94626 94601 26e640 94600->94601 94602 274d90 94600->94602 94604 26d955 94601->94604 94602->94601 94603 2729c8 _free 20 API calls 94602->94603 94603->94601 94605 26d976 94604->94605 94606 26d961 94604->94606 94605->94587 94627 26f2d9 20 API calls __dosmaperr 94606->94627 94608 26d966 94628 2727ec 26 API calls __cftof 94608->94628 94610 26d971 94610->94587 94612 278653 94611->94612 94613 27863e 94611->94613 94615 27868e 94612->94615 94619 27867a 94612->94619 94629 26f2c6 20 API calls __dosmaperr 94613->94629 94634 26f2c6 20 API calls __dosmaperr 94615->94634 94616 278643 94630 26f2d9 20 API calls __dosmaperr 94616->94630 94631 278607 94619->94631 94620 278693 94635 26f2d9 20 API calls __dosmaperr 94620->94635 94623 27869b 94636 2727ec 26 API calls __cftof 94623->94636 94625 26e64c 94625->94583 94625->94590 94626->94597 94627->94608 94628->94610 94629->94616 94630->94625 94637 278585 94631->94637 94633 27862b 94633->94625 94634->94620 94635->94623 94636->94625 94638 278591 __FrameHandler3::FrameUnwindToState 94637->94638 94648 275147 EnterCriticalSection 94638->94648 94640 27859f 94641 2785c6 94640->94641 94642 2785d1 94640->94642 94643 2786ae __wsopen_s 29 API calls 94641->94643 94649 26f2d9 20 API calls __dosmaperr 94642->94649 94645 2785cc 94643->94645 94650 2785fb LeaveCriticalSection __wsopen_s 94645->94650 94647 2785ee __wsopen_s 94647->94633 94648->94640 94649->94645 94650->94647 94651 292a00 94667 24d7b0 ISource 94651->94667 94652 24db11 PeekMessageW 94652->94667 94653 24d807 GetInputState 94653->94652 94653->94667 94654 291cbe TranslateAcceleratorW 94654->94667 94656 24db8f PeekMessageW 94656->94667 94657 24da04 timeGetTime 94657->94667 94658 24db73 TranslateMessage DispatchMessageW 94658->94656 94659 24dbaf Sleep 94659->94667 94660 292b74 Sleep 94673 292b85 94660->94673 94663 291dda timeGetTime 94812 25e300 23 API calls 94663->94812 94666 292c0b GetExitCodeProcess 94668 292c21 WaitForSingleObject 94666->94668 94669 292c37 CloseHandle 94666->94669 94667->94652 94667->94653 94667->94654 94667->94656 94667->94657 94667->94658 94667->94659 94667->94660 94667->94663 94670 24d9d5 94667->94670 94671 2d29bf GetForegroundWindow 94667->94671 94679 24ec40 216 API calls 94667->94679 94683 24dd50 94667->94683 94690 251310 94667->94690 94747 24bf40 94667->94747 94805 25edf6 94667->94805 94810 24dfd0 216 API calls 3 library calls 94667->94810 94811 25e551 timeGetTime 94667->94811 94813 2b3a2a 23 API calls 94667->94813 94814 2b359c 82 API calls __wsopen_s 94667->94814 94815 2c5658 23 API calls 94667->94815 94816 2ae97b 94667->94816 94668->94667 94668->94669 94669->94673 94671->94667 94673->94666 94673->94667 94673->94670 94674 292ca9 Sleep 94673->94674 94826 25e551 timeGetTime 94673->94826 94827 2ad4dc 47 API calls 94673->94827 94674->94667 94679->94667 94684 24dd83 94683->94684 94685 24dd6f 94683->94685 94860 2b359c 82 API calls __wsopen_s 94684->94860 94828 24d260 94685->94828 94687 24dd7a 94687->94667 94689 292f75 94689->94689 94691 251376 94690->94691 94692 2517b0 94690->94692 94693 251390 94691->94693 94694 296331 94691->94694 94920 260242 5 API calls __Init_thread_wait 94692->94920 94696 251940 9 API calls 94693->94696 94924 2c709c 216 API calls 94694->94924 94700 2513a0 94696->94700 94698 2517ba 94699 2517fb 94698->94699 94702 249cb3 22 API calls 94698->94702 94705 296346 94699->94705 94707 25182c 94699->94707 94703 251940 9 API calls 94700->94703 94701 29633d 94701->94667 94710 2517d4 94702->94710 94704 2513b6 94703->94704 94704->94699 94706 2513ec 94704->94706 94925 2b359c 82 API calls __wsopen_s 94705->94925 94706->94705 94712 251408 __fread_nolock 94706->94712 94709 24aceb 23 API calls 94707->94709 94711 251839 94709->94711 94921 2601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 94710->94921 94922 25d217 216 API calls 94711->94922 94712->94711 94715 29636e 94712->94715 94722 25fddb 22 API calls 94712->94722 94724 25fe0b 22 API calls 94712->94724 94729 24ec40 216 API calls 94712->94729 94730 25152f 94712->94730 94731 2963b2 94712->94731 94738 2515c7 ISource 94712->94738 94926 2b359c 82 API calls __wsopen_s 94715->94926 94717 2963d1 94928 2c5745 54 API calls _wcslen 94717->94928 94718 25153c 94720 251940 9 API calls 94718->94720 94721 251549 94720->94721 94726 251940 9 API calls 94721->94726 94721->94738 94722->94712 94723 251872 94923 25faeb 23 API calls 94723->94923 94724->94712 94734 251563 94726->94734 94728 25171d 94728->94667 94729->94712 94730->94717 94730->94718 94927 2b359c 82 API calls __wsopen_s 94731->94927 94732 251940 9 API calls 94732->94738 94734->94738 94929 24a8c7 22 API calls __fread_nolock 94734->94929 94736 25167b ISource 94736->94728 94919 25ce17 22 API calls ISource 94736->94919 94738->94723 94738->94732 94738->94736 94870 2d29bf 94738->94870 94874 2cac5b 94738->94874 94877 2d2598 94738->94877 94886 2d13b7 94738->94886 94897 25f645 94738->94897 94904 2b5c5a 94738->94904 94909 2d19bc 94738->94909 94912 2d149e 94738->94912 94930 2b359c 82 API calls __wsopen_s 94738->94930 95025 24adf0 94747->95025 94749 24bf9d 94750 24bfa9 94749->94750 94751 2904b6 94749->94751 94752 2904c6 94750->94752 94753 24c01e 94750->94753 95043 2b359c 82 API calls __wsopen_s 94751->95043 95044 2b359c 82 API calls __wsopen_s 94752->95044 95030 24ac91 94753->95030 94757 2a7120 22 API calls 94776 24c039 ISource __fread_nolock 94757->94776 94758 24c7da 94762 25fe0b 22 API calls 94758->94762 94767 24c808 __fread_nolock 94762->94767 94764 2904f5 94768 29055a 94764->94768 95045 25d217 216 API calls 94764->95045 94773 25fe0b 22 API calls 94767->94773 94788 24c603 94768->94788 95046 2b359c 82 API calls __wsopen_s 94768->95046 94769 24ec40 216 API calls 94769->94776 94770 25fddb 22 API calls 94770->94776 94771 24af8a 22 API calls 94771->94776 94772 29091a 95053 2b3209 23 API calls 94772->95053 94777 24c350 ISource __fread_nolock 94773->94777 94776->94757 94776->94758 94776->94764 94776->94767 94776->94768 94776->94769 94776->94770 94776->94771 94776->94772 94778 2908a5 94776->94778 94782 290591 94776->94782 94783 2908f6 94776->94783 94785 24a993 41 API calls 94776->94785 94776->94788 94789 24aceb 23 API calls 94776->94789 94790 24c237 94776->94790 94792 25fe0b 22 API calls 94776->94792 94799 2909bf 94776->94799 94802 24bbe0 40 API calls 94776->94802 95034 24ad81 94776->95034 95048 2a7099 22 API calls __fread_nolock 94776->95048 95049 2c5745 54 API calls _wcslen 94776->95049 95050 25aa42 22 API calls ISource 94776->95050 95051 2af05c 40 API calls 94776->95051 94804 24c3ac 94777->94804 95042 25ce17 22 API calls ISource 94777->95042 94779 24ec40 216 API calls 94778->94779 94781 2908cf 94779->94781 94786 24a81b 41 API calls 94781->94786 94781->94788 95047 2b359c 82 API calls __wsopen_s 94782->95047 95052 2b359c 82 API calls __wsopen_s 94783->95052 94785->94776 94786->94783 94788->94667 94789->94776 94791 24c253 94790->94791 95054 24a8c7 22 API calls __fread_nolock 94790->95054 94794 290976 94791->94794 94797 24c297 ISource 94791->94797 94792->94776 94796 24aceb 23 API calls 94794->94796 94796->94799 94798 24aceb 23 API calls 94797->94798 94797->94799 94800 24c335 94798->94800 94799->94788 95055 2b359c 82 API calls __wsopen_s 94799->95055 94800->94799 94801 24c342 94800->94801 95041 24a704 22 API calls ISource 94801->95041 94802->94776 94804->94667 94807 25ee09 94805->94807 94808 25ee12 94805->94808 94806 25ee36 IsDialogMessageW 94806->94807 94806->94808 94807->94667 94808->94806 94808->94807 94809 29efaf GetClassLongW 94808->94809 94809->94806 94809->94808 94810->94667 94811->94667 94812->94667 94813->94667 94814->94667 94815->94667 94817 2ae988 94816->94817 94818 2ae9f9 94816->94818 94819 2ae98a Sleep 94817->94819 94821 2ae993 QueryPerformanceCounter 94817->94821 94818->94667 94819->94818 94821->94819 94822 2ae9a1 QueryPerformanceFrequency 94821->94822 94823 2ae9ab Sleep QueryPerformanceCounter 94822->94823 94824 2ae9ec 94823->94824 94824->94823 94825 2ae9f0 94824->94825 94825->94818 94826->94673 94827->94673 94829 24ec40 216 API calls 94828->94829 94831 24d29d 94829->94831 94832 24d30b ISource 94831->94832 94833 24d6d5 94831->94833 94834 24d3c3 94831->94834 94840 24d4b8 94831->94840 94845 291bc4 94831->94845 94847 25fddb 22 API calls 94831->94847 94855 24d429 ISource __fread_nolock 94831->94855 94832->94687 94833->94832 94843 25fe0b 22 API calls 94833->94843 94834->94833 94836 24d3ce 94834->94836 94835 24d5ff 94838 24d614 94835->94838 94839 291bb5 94835->94839 94837 25fddb 22 API calls 94836->94837 94850 24d3d5 __fread_nolock 94837->94850 94841 25fddb 22 API calls 94838->94841 94868 2c5705 23 API calls 94839->94868 94844 25fe0b 22 API calls 94840->94844 94852 24d46a 94841->94852 94843->94850 94844->94855 94869 2b359c 82 API calls __wsopen_s 94845->94869 94846 25fddb 22 API calls 94848 24d3f6 94846->94848 94847->94831 94848->94855 94864 24bec0 216 API calls 94848->94864 94850->94846 94850->94848 94851 291ba4 94867 2b359c 82 API calls __wsopen_s 94851->94867 94852->94687 94855->94835 94855->94851 94855->94852 94856 291b7f 94855->94856 94858 291b5d 94855->94858 94861 241f6f 94855->94861 94866 2b359c 82 API calls __wsopen_s 94856->94866 94865 2b359c 82 API calls __wsopen_s 94858->94865 94860->94689 94862 24ec40 216 API calls 94861->94862 94863 241f98 94862->94863 94863->94855 94864->94855 94865->94852 94866->94852 94867->94852 94868->94845 94869->94832 94871 2d29cb 94870->94871 94872 2d2a01 GetForegroundWindow 94871->94872 94873 2d29d1 94871->94873 94872->94873 94873->94738 94931 2cad64 94874->94931 94876 2cac6f 94876->94738 94995 2d2ad8 94877->94995 94879 2d25b8 94879->94738 94880 2d25a9 94880->94879 95005 2a3d03 SendMessageTimeoutW 94880->95005 94882 2d2607 94882->94879 94883 24b567 39 API calls 94882->94883 94884 2d2630 SetWindowPos 94883->94884 94884->94879 94887 2d2ad8 54 API calls 94886->94887 94888 2d13cb 94887->94888 94889 2d1418 GetForegroundWindow 94888->94889 94894 2d13da 94888->94894 94890 2d142a 94889->94890 94891 2d1435 94889->94891 94893 2ae97b 5 API calls 94890->94893 95007 25f98e GetForegroundWindow 94891->95007 94893->94891 94894->94738 94895 2d1442 94896 2ae97b 5 API calls 94895->94896 94896->94894 94898 24b567 39 API calls 94897->94898 94899 25f659 94898->94899 94900 25f661 timeGetTime 94899->94900 94901 29f2dc Sleep 94899->94901 94902 24b567 39 API calls 94900->94902 94903 25f677 94902->94903 94903->94738 94905 247510 53 API calls 94904->94905 94906 2b5c6d 94905->94906 95020 2adbbe lstrlenW 94906->95020 94908 2b5c77 94908->94738 94910 2d2ad8 54 API calls 94909->94910 94911 2d19cb 94910->94911 94911->94738 94913 2d2ad8 54 API calls 94912->94913 94914 2d14ae 94913->94914 94915 2d29bf GetForegroundWindow 94914->94915 94916 2d14b5 94915->94916 94917 2d14eb GetForegroundWindow 94916->94917 94918 2d14b9 94916->94918 94917->94918 94918->94738 94919->94736 94920->94698 94921->94699 94922->94723 94923->94723 94924->94701 94925->94738 94926->94738 94927->94738 94928->94734 94929->94738 94930->94738 94932 24a961 22 API calls 94931->94932 94933 2cad77 ___scrt_fastfail 94932->94933 94934 2cadce 94933->94934 94936 247510 53 API calls 94933->94936 94935 2cadee 94934->94935 94937 247510 53 API calls 94934->94937 94938 2cae3a 94935->94938 94941 247510 53 API calls 94935->94941 94939 2cadab 94936->94939 94940 2cade4 94937->94940 94943 2cae4d ___scrt_fastfail 94938->94943 94985 24b567 94938->94985 94939->94934 94944 247510 53 API calls 94939->94944 94983 247620 22 API calls _wcslen 94940->94983 94950 2cae04 94941->94950 94959 247510 94943->94959 94946 2cadc4 94944->94946 94982 247620 22 API calls _wcslen 94946->94982 94950->94938 94952 247510 53 API calls 94950->94952 94951 2caeb0 94955 2caec8 94951->94955 94956 2caf35 GetProcessId 94951->94956 94953 2cae28 94952->94953 94953->94938 94984 24a8c7 22 API calls __fread_nolock 94953->94984 94955->94876 94957 2caf48 94956->94957 94958 2caf58 CloseHandle 94957->94958 94958->94955 94960 247525 94959->94960 94976 247522 ShellExecuteExW 94959->94976 94961 24752d 94960->94961 94963 24755b 94960->94963 94990 2651c6 26 API calls 94961->94990 94964 2850f6 94963->94964 94967 24756d 94963->94967 94972 28500f 94963->94972 94993 265183 26 API calls 94964->94993 94965 24753d 94971 25fddb 22 API calls 94965->94971 94991 25fb21 51 API calls 94967->94991 94969 28510e 94969->94969 94973 247547 94971->94973 94975 25fe0b 22 API calls 94972->94975 94981 285088 94972->94981 94974 249cb3 22 API calls 94973->94974 94974->94976 94978 285058 94975->94978 94976->94951 94977 25fddb 22 API calls 94979 28507f 94977->94979 94978->94977 94980 249cb3 22 API calls 94979->94980 94980->94981 94992 25fb21 51 API calls 94981->94992 94982->94934 94983->94935 94984->94938 94986 24b578 94985->94986 94988 24b57f 94985->94988 94986->94988 94994 2662d1 39 API calls 94986->94994 94988->94943 94989 24b5c2 94989->94943 94990->94965 94991->94965 94992->94964 94993->94969 94994->94989 94996 24aceb 23 API calls 94995->94996 94997 2d2af3 94996->94997 94998 2d2b1d 94997->94998 94999 2d2aff 94997->94999 95001 246b57 22 API calls 94998->95001 95000 247510 53 API calls 94999->95000 95002 2d2b0c 95000->95002 95003 2d2b1b 95001->95003 95002->95003 95006 24a8c7 22 API calls __fread_nolock 95002->95006 95003->94880 95005->94882 95006->95003 95008 25f9a8 95007->95008 95009 29f467 95007->95009 95008->94895 95010 29f47c IsIconic 95009->95010 95011 29f46e FindWindowW 95009->95011 95012 29f490 SetForegroundWindow 95010->95012 95013 29f487 ShowWindow 95010->95013 95011->95010 95014 29f56b 95012->95014 95015 29f4a2 7 API calls 95012->95015 95013->95012 95016 29f4eb 9 API calls 95015->95016 95017 29f547 95015->95017 95018 29f543 95016->95018 95019 29f54f AttachThreadInput AttachThreadInput AttachThreadInput 95017->95019 95018->95017 95018->95019 95019->95014 95021 2adbdc GetFileAttributesW 95020->95021 95023 2adc06 95020->95023 95022 2adbe8 FindFirstFileW 95021->95022 95021->95023 95022->95023 95024 2adbf9 FindClose 95022->95024 95023->94908 95024->95023 95026 24ae01 95025->95026 95029 24ae1c ISource 95025->95029 95027 24aec9 22 API calls 95026->95027 95028 24ae09 CharUpperBuffW 95027->95028 95028->95029 95029->94749 95031 24acae 95030->95031 95032 24acd1 95031->95032 95056 2b359c 82 API calls __wsopen_s 95031->95056 95032->94776 95035 28fadb 95034->95035 95036 24ad92 95034->95036 95037 25fddb 22 API calls 95036->95037 95038 24ad99 95037->95038 95057 24adcd 95038->95057 95041->94777 95042->94777 95043->94752 95044->94788 95045->94768 95046->94788 95047->94788 95048->94776 95049->94776 95050->94776 95051->94776 95052->94788 95053->94790 95054->94791 95055->94788 95056->95032 95060 24addd 95057->95060 95058 24adb6 95058->94776 95059 25fddb 22 API calls 95059->95060 95060->95058 95060->95059 95061 24a961 22 API calls 95060->95061 95063 24adcd 22 API calls 95060->95063 95064 24a8c7 22 API calls __fread_nolock 95060->95064 95061->95060 95063->95060 95064->95060 95065 241cad SystemParametersInfoW 95066 282ba5 95067 242b25 95066->95067 95068 282baf 95066->95068 95094 242b83 7 API calls 95067->95094 95109 243a5a 95068->95109 95071 282bb8 95073 249cb3 22 API calls 95071->95073 95076 282bc6 95073->95076 95075 242b2f 95084 242b44 95075->95084 95098 243837 95075->95098 95077 282bce 95076->95077 95078 282bf5 95076->95078 95116 2433c6 95077->95116 95080 2433c6 22 API calls 95078->95080 95093 282bf1 GetForegroundWindow ShellExecuteW 95080->95093 95083 242b5f 95090 242b66 SetCurrentDirectoryW 95083->95090 95084->95083 95108 2430f2 Shell_NotifyIconW ___scrt_fastfail 95084->95108 95088 282be7 95091 2433c6 22 API calls 95088->95091 95089 282c26 95089->95083 95092 242b7a 95090->95092 95091->95093 95093->95089 95126 242cd4 7 API calls 95094->95126 95096 242b2a 95097 242c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 95096->95097 95097->95075 95099 243862 ___scrt_fastfail 95098->95099 95127 244212 95099->95127 95102 2438e8 95104 243906 Shell_NotifyIconW 95102->95104 95105 283386 Shell_NotifyIconW 95102->95105 95131 243923 95104->95131 95107 24391c 95107->95084 95108->95083 95110 281f50 __wsopen_s 95109->95110 95111 243a67 GetModuleFileNameW 95110->95111 95112 249cb3 22 API calls 95111->95112 95113 243a8d 95112->95113 95114 243aa2 23 API calls 95113->95114 95115 243a97 95114->95115 95115->95071 95117 2830bb 95116->95117 95118 2433dd 95116->95118 95120 25fddb 22 API calls 95117->95120 95162 2433ee 95118->95162 95122 2830c5 _wcslen 95120->95122 95121 2433e8 95125 246350 22 API calls 95121->95125 95123 25fe0b 22 API calls 95122->95123 95124 2830fe __fread_nolock 95123->95124 95125->95088 95126->95096 95128 2438b7 95127->95128 95129 2835a4 95127->95129 95128->95102 95153 2ac874 42 API calls _strftime 95128->95153 95129->95128 95130 2835ad DestroyIcon 95129->95130 95130->95128 95132 24393f 95131->95132 95151 243a13 95131->95151 95154 246270 95132->95154 95135 283393 LoadStringW 95138 2833ad 95135->95138 95136 24395a 95137 246b57 22 API calls 95136->95137 95139 24396f 95137->95139 95146 243994 ___scrt_fastfail 95138->95146 95160 24a8c7 22 API calls __fread_nolock 95138->95160 95140 2833c9 95139->95140 95141 24397c 95139->95141 95161 246350 22 API calls 95140->95161 95141->95138 95143 243986 95141->95143 95159 246350 22 API calls 95143->95159 95149 2439f9 Shell_NotifyIconW 95146->95149 95147 2833d7 95147->95146 95148 2433c6 22 API calls 95147->95148 95150 2833f9 95148->95150 95149->95151 95152 2433c6 22 API calls 95150->95152 95151->95107 95152->95146 95153->95102 95155 25fe0b 22 API calls 95154->95155 95156 246295 95155->95156 95157 25fddb 22 API calls 95156->95157 95158 24394d 95157->95158 95158->95135 95158->95136 95159->95146 95160->95146 95161->95147 95163 2433fe _wcslen 95162->95163 95164 28311d 95163->95164 95165 243411 95163->95165 95167 25fddb 22 API calls 95164->95167 95172 24a587 95165->95172 95169 283127 95167->95169 95168 24341e __fread_nolock 95168->95121 95170 25fe0b 22 API calls 95169->95170 95171 283157 __fread_nolock 95170->95171 95173 24a598 __fread_nolock 95172->95173 95174 24a59d 95172->95174 95173->95168 95175 28f80f 95174->95175 95176 25fe0b 22 API calls 95174->95176 95176->95173 95177 243156 95180 243170 95177->95180 95181 243187 95180->95181 95182 24318c 95181->95182 95183 2431eb 95181->95183 95184 2431e9 95181->95184 95185 243265 PostQuitMessage 95182->95185 95186 243199 95182->95186 95188 282dfb 95183->95188 95189 2431f1 95183->95189 95187 2431d0 DefWindowProcW 95184->95187 95193 24316a 95185->95193 95191 2431a4 95186->95191 95192 282e7c 95186->95192 95187->95193 95236 2418e2 10 API calls 95188->95236 95194 24321d SetTimer RegisterWindowMessageW 95189->95194 95195 2431f8 95189->95195 95199 282e68 95191->95199 95200 2431ae 95191->95200 95240 2abf30 34 API calls ___scrt_fastfail 95192->95240 95194->95193 95201 243246 CreatePopupMenu 95194->95201 95196 282d9c 95195->95196 95197 243201 KillTimer 95195->95197 95209 282da1 95196->95209 95210 282dd7 MoveWindow 95196->95210 95232 2430f2 Shell_NotifyIconW ___scrt_fastfail 95197->95232 95198 282e1c 95237 25e499 42 API calls 95198->95237 95225 2ac161 95199->95225 95206 282e4d 95200->95206 95207 2431b9 95200->95207 95201->95193 95206->95187 95239 2a0ad7 22 API calls 95206->95239 95212 2431c4 95207->95212 95213 243253 95207->95213 95208 282e8e 95208->95187 95208->95193 95214 282dc6 SetFocus 95209->95214 95215 282da7 95209->95215 95210->95193 95211 243214 95233 243c50 DeleteObject DestroyWindow 95211->95233 95212->95187 95238 2430f2 Shell_NotifyIconW ___scrt_fastfail 95212->95238 95234 24326f 44 API calls ___scrt_fastfail 95213->95234 95214->95193 95215->95212 95219 282db0 95215->95219 95235 2418e2 10 API calls 95219->95235 95220 243263 95220->95193 95223 282e41 95224 243837 49 API calls 95223->95224 95224->95184 95226 2ac179 ___scrt_fastfail 95225->95226 95227 2ac276 95225->95227 95228 243923 24 API calls 95226->95228 95227->95193 95230 2ac1a0 95228->95230 95229 2ac25f KillTimer SetTimer 95229->95227 95230->95229 95231 2ac251 Shell_NotifyIconW 95230->95231 95231->95229 95232->95211 95233->95193 95234->95220 95235->95193 95236->95198 95237->95212 95238->95223 95239->95184 95240->95208 95241 242e37 95242 24a961 22 API calls 95241->95242 95243 242e4d 95242->95243 95320 244ae3 95243->95320 95245 242e6b 95246 243a5a 24 API calls 95245->95246 95247 242e7f 95246->95247 95248 249cb3 22 API calls 95247->95248 95249 242e8c 95248->95249 95250 244ecb 94 API calls 95249->95250 95251 242ea5 95250->95251 95252 282cb0 95251->95252 95253 242ead 95251->95253 95254 2b2cf9 80 API calls 95252->95254 95334 24a8c7 22 API calls __fread_nolock 95253->95334 95255 282cc3 95254->95255 95257 282ccf 95255->95257 95259 244f39 68 API calls 95255->95259 95262 244f39 68 API calls 95257->95262 95258 242ec3 95335 246f88 22 API calls 95258->95335 95259->95257 95261 242ecf 95264 249cb3 22 API calls 95261->95264 95263 282ce5 95262->95263 95350 243084 22 API calls 95263->95350 95265 242edc 95264->95265 95266 24a81b 41 API calls 95265->95266 95268 242eec 95266->95268 95270 249cb3 22 API calls 95268->95270 95269 282d02 95351 243084 22 API calls 95269->95351 95272 242f12 95270->95272 95274 24a81b 41 API calls 95272->95274 95273 282d1e 95275 243a5a 24 API calls 95273->95275 95276 242f21 95274->95276 95277 282d44 95275->95277 95279 24a961 22 API calls 95276->95279 95352 243084 22 API calls 95277->95352 95281 242f3f 95279->95281 95280 282d50 95353 24a8c7 22 API calls __fread_nolock 95280->95353 95336 243084 22 API calls 95281->95336 95283 282d5e 95354 243084 22 API calls 95283->95354 95286 242f4b 95337 264a28 40 API calls 3 library calls 95286->95337 95287 282d6d 95355 24a8c7 22 API calls __fread_nolock 95287->95355 95289 242f59 95289->95263 95290 242f63 95289->95290 95338 264a28 40 API calls 3 library calls 95290->95338 95293 282d83 95356 243084 22 API calls 95293->95356 95294 242f6e 95294->95269 95296 242f78 95294->95296 95339 264a28 40 API calls 3 library calls 95296->95339 95297 282d90 95299 242f83 95299->95273 95300 242f8d 95299->95300 95340 264a28 40 API calls 3 library calls 95300->95340 95302 242f98 95303 242fdc 95302->95303 95341 243084 22 API calls 95302->95341 95303->95287 95304 242fe8 95303->95304 95304->95297 95344 2463eb 22 API calls 95304->95344 95306 242fbf 95342 24a8c7 22 API calls __fread_nolock 95306->95342 95309 242ff8 95345 246a50 22 API calls 95309->95345 95310 242fcd 95343 243084 22 API calls 95310->95343 95312 243006 95346 2470b0 23 API calls 95312->95346 95317 243021 95318 243065 95317->95318 95347 246f88 22 API calls 95317->95347 95348 2470b0 23 API calls 95317->95348 95349 243084 22 API calls 95317->95349 95321 244af0 __wsopen_s 95320->95321 95322 246b57 22 API calls 95321->95322 95323 244b22 95321->95323 95322->95323 95327 244b58 95323->95327 95357 244c6d 95323->95357 95325 244c6d 22 API calls 95325->95327 95326 244c29 95328 244c5e 95326->95328 95329 249cb3 22 API calls 95326->95329 95327->95325 95327->95326 95330 249cb3 22 API calls 95327->95330 95333 24515f 22 API calls 95327->95333 95328->95245 95331 244c52 95329->95331 95330->95327 95332 24515f 22 API calls 95331->95332 95332->95328 95333->95327 95334->95258 95335->95261 95336->95286 95337->95289 95338->95294 95339->95299 95340->95302 95341->95306 95342->95310 95343->95303 95344->95309 95345->95312 95346->95317 95347->95317 95348->95317 95349->95317 95350->95269 95351->95273 95352->95280 95353->95283 95354->95287 95355->95293 95356->95297 95358 24aec9 22 API calls 95357->95358 95359 244c78 95358->95359 95359->95323 95360 241033 95365 244c91 95360->95365 95364 241042 95366 24a961 22 API calls 95365->95366 95367 244cff 95366->95367 95373 243af0 95367->95373 95370 244d9c 95371 241038 95370->95371 95376 2451f7 22 API calls __fread_nolock 95370->95376 95372 2600a3 29 API calls __onexit 95371->95372 95372->95364 95377 243b1c 95373->95377 95376->95370 95378 243b0f 95377->95378 95379 243b29 95377->95379 95378->95370 95379->95378 95380 243b30 RegOpenKeyExW 95379->95380 95380->95378 95381 243b4a RegQueryValueExW 95380->95381 95382 243b80 RegCloseKey 95381->95382 95383 243b6b 95381->95383 95382->95378 95383->95382 95384 2d2a55 95392 2b1ebc 95384->95392 95387 2d2a70 95394 2a39c0 22 API calls 95387->95394 95389 2d2a87 95390 2d2a7c 95395 2a417d 22 API calls __fread_nolock 95390->95395 95393 2b1ec3 IsWindow 95392->95393 95393->95387 95393->95389 95394->95390 95395->95389 95396 24dddc 95397 24b710 216 API calls 95396->95397 95398 24ddea 95397->95398 95399 24f7bf 95400 24fcb6 95399->95400 95401 24f7d3 95399->95401 95403 24aceb 23 API calls 95400->95403 95402 24fcc2 95401->95402 95404 25fddb 22 API calls 95401->95404 95405 24aceb 23 API calls 95402->95405 95403->95402 95406 24f7e5 95404->95406 95408 24fd3d 95405->95408 95406->95402 95407 24f83e 95406->95407 95406->95408 95410 251310 216 API calls 95407->95410 95425 24ed9d ISource 95407->95425 95436 2b1155 22 API calls 95408->95436 95416 24ec76 ISource 95410->95416 95411 25fddb 22 API calls 95411->95416 95412 294beb 95442 2b359c 82 API calls __wsopen_s 95412->95442 95414 24fef7 95414->95425 95438 24a8c7 22 API calls __fread_nolock 95414->95438 95416->95411 95416->95412 95416->95414 95417 294600 95416->95417 95418 294b0b 95416->95418 95424 24a8c7 22 API calls 95416->95424 95416->95425 95426 24fbe3 95416->95426 95427 24a961 22 API calls 95416->95427 95430 2600a3 29 API calls pre_c_initialization 95416->95430 95431 260242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95416->95431 95432 2601f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95416->95432 95433 24f3ae ISource 95416->95433 95434 2501e0 216 API calls 2 library calls 95416->95434 95435 2506a0 41 API calls ISource 95416->95435 95417->95425 95437 24a8c7 22 API calls __fread_nolock 95417->95437 95440 2b359c 82 API calls __wsopen_s 95418->95440 95424->95416 95426->95425 95428 294bdc 95426->95428 95426->95433 95427->95416 95441 2b359c 82 API calls __wsopen_s 95428->95441 95430->95416 95431->95416 95432->95416 95433->95425 95439 2b359c 82 API calls __wsopen_s 95433->95439 95434->95416 95435->95416 95436->95425 95437->95425 95438->95425 95439->95425 95440->95425 95441->95412 95442->95425 95443 241098 95448 2442de 95443->95448 95447 2410a7 95449 24a961 22 API calls 95448->95449 95450 2442f5 GetVersionExW 95449->95450 95451 246b57 22 API calls 95450->95451 95452 244342 95451->95452 95453 2493b2 22 API calls 95452->95453 95458 244378 95452->95458 95454 24436c 95453->95454 95456 2437a0 22 API calls 95454->95456 95455 24441b GetCurrentProcess IsWow64Process 95457 244437 95455->95457 95456->95458 95459 24444f LoadLibraryA 95457->95459 95460 283824 GetSystemInfo 95457->95460 95458->95455 95464 2837df 95458->95464 95461 244460 GetProcAddress 95459->95461 95462 24449c GetSystemInfo 95459->95462 95461->95462 95465 244470 GetNativeSystemInfo 95461->95465 95463 244476 95462->95463 95466 24109d 95463->95466 95467 24447a FreeLibrary 95463->95467 95465->95463 95468 2600a3 29 API calls __onexit 95466->95468 95467->95466 95468->95447 95469 293f75 95480 25ceb1 95469->95480 95471 293f8b 95472 294006 95471->95472 95489 25e300 23 API calls 95471->95489 95474 24bf40 216 API calls 95472->95474 95477 294052 95474->95477 95476 293fe6 95476->95477 95490 2b1abf 22 API calls 95476->95490 95479 294a88 95477->95479 95491 2b359c 82 API calls __wsopen_s 95477->95491 95481 25ced2 95480->95481 95482 25cebf 95480->95482 95484 25cf05 95481->95484 95485 25ced7 95481->95485 95483 24aceb 23 API calls 95482->95483 95488 25cec9 95483->95488 95486 24aceb 23 API calls 95484->95486 95487 25fddb 22 API calls 95485->95487 95486->95488 95487->95488 95488->95471 95489->95476 95490->95472 95491->95479 95492 2603fb 95493 260407 __FrameHandler3::FrameUnwindToState 95492->95493 95521 25feb1 95493->95521 95495 26040e 95496 260561 95495->95496 95499 260438 95495->95499 95548 26083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95496->95548 95498 260568 95549 264e52 28 API calls _abort 95498->95549 95510 260477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95499->95510 95532 27247d 95499->95532 95501 26056e 95550 264e04 28 API calls _abort 95501->95550 95505 260576 95506 260457 95508 2604d8 95540 260959 95508->95540 95510->95508 95544 264e1a 38 API calls 3 library calls 95510->95544 95512 2604de 95513 2604f3 95512->95513 95545 260992 GetModuleHandleW 95513->95545 95515 2604fa 95515->95498 95516 2604fe 95515->95516 95517 260507 95516->95517 95546 264df5 28 API calls _abort 95516->95546 95547 260040 13 API calls 2 library calls 95517->95547 95520 26050f 95520->95506 95522 25feba 95521->95522 95551 260698 IsProcessorFeaturePresent 95522->95551 95524 25fec6 95552 262c94 10 API calls 3 library calls 95524->95552 95526 25fecb 95527 25fecf 95526->95527 95553 272317 95526->95553 95527->95495 95530 25fee6 95530->95495 95535 272494 95532->95535 95533 260a8c CatchGuardHandler 5 API calls 95534 260451 95533->95534 95534->95506 95536 272421 95534->95536 95535->95533 95537 272450 95536->95537 95538 260a8c CatchGuardHandler 5 API calls 95537->95538 95539 272479 95538->95539 95539->95510 95604 262340 95540->95604 95543 26097f 95543->95512 95544->95508 95545->95515 95546->95517 95547->95520 95548->95498 95549->95501 95550->95505 95551->95524 95552->95526 95557 27d1f6 95553->95557 95556 262cbd 8 API calls 3 library calls 95556->95527 95560 27d213 95557->95560 95561 27d20f 95557->95561 95559 25fed8 95559->95530 95559->95556 95560->95561 95563 274bfb 95560->95563 95575 260a8c 95561->95575 95564 274c07 __FrameHandler3::FrameUnwindToState 95563->95564 95582 272f5e EnterCriticalSection 95564->95582 95566 274c0e 95583 2750af 95566->95583 95568 274c1d 95569 274c2c 95568->95569 95596 274a8f 29 API calls 95568->95596 95598 274c48 LeaveCriticalSection _abort 95569->95598 95572 274c27 95597 274b45 GetStdHandle GetFileType 95572->95597 95573 274c3d __wsopen_s 95573->95560 95576 260a97 IsProcessorFeaturePresent 95575->95576 95577 260a95 95575->95577 95579 260c5d 95576->95579 95577->95559 95603 260c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95579->95603 95581 260d40 95581->95559 95582->95566 95584 2750bb __FrameHandler3::FrameUnwindToState 95583->95584 95585 2750df 95584->95585 95586 2750c8 95584->95586 95599 272f5e EnterCriticalSection 95585->95599 95600 26f2d9 20 API calls __dosmaperr 95586->95600 95589 2750cd 95601 2727ec 26 API calls __cftof 95589->95601 95591 2750d7 __wsopen_s 95591->95568 95592 275117 95602 27513e LeaveCriticalSection _abort 95592->95602 95594 2750eb 95594->95592 95595 275000 __wsopen_s 21 API calls 95594->95595 95595->95594 95596->95572 95597->95569 95598->95573 95599->95594 95600->95589 95601->95591 95602->95591 95603->95581 95605 26096c GetStartupInfoW 95604->95605 95605->95543 95606 24105b 95611 24344d 95606->95611 95608 24106a 95642 2600a3 29 API calls __onexit 95608->95642 95610 241074 95612 24345d __wsopen_s 95611->95612 95613 24a961 22 API calls 95612->95613 95614 243513 95613->95614 95615 243a5a 24 API calls 95614->95615 95616 24351c 95615->95616 95643 243357 95616->95643 95619 2433c6 22 API calls 95620 243535 95619->95620 95621 24515f 22 API calls 95620->95621 95622 243544 95621->95622 95623 24a961 22 API calls 95622->95623 95624 24354d 95623->95624 95625 24a6c3 22 API calls 95624->95625 95626 243556 RegOpenKeyExW 95625->95626 95627 283176 RegQueryValueExW 95626->95627 95631 243578 95626->95631 95628 28320c RegCloseKey 95627->95628 95629 283193 95627->95629 95628->95631 95641 28321e _wcslen 95628->95641 95630 25fe0b 22 API calls 95629->95630 95632 2831ac 95630->95632 95631->95608 95634 245722 22 API calls 95632->95634 95633 244c6d 22 API calls 95633->95641 95635 2831b7 RegQueryValueExW 95634->95635 95636 2831d4 95635->95636 95638 2831ee ISource 95635->95638 95637 246b57 22 API calls 95636->95637 95637->95638 95638->95628 95639 249cb3 22 API calls 95639->95641 95640 24515f 22 API calls 95640->95641 95641->95631 95641->95633 95641->95639 95641->95640 95642->95610 95644 281f50 __wsopen_s 95643->95644 95645 243364 GetFullPathNameW 95644->95645 95646 243386 95645->95646 95647 246b57 22 API calls 95646->95647 95648 2433a4 95647->95648 95648->95619

                                                            Executed Functions

                                                            Function 002442DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 234 2442de-24434d call 24a961 GetVersionExW call 246b57 239 244353 234->239 240 283617-28362a 234->240 242 244355-244357 239->242 241 28362b-28362f 240->241 243 283631 241->243 244 283632-28363e 241->244 245 24435d-2443bc call 2493b2 call 2437a0 242->245 246 283656 242->246 243->244 244->241 247 283640-283642 244->247 263 2443c2-2443c4 245->263 264 2837df-2837e6 245->264 250 28365d-283660 246->250 247->242 249 283648-28364f 247->249 249->240 252 283651 249->252 253 283666-2836a8 250->253 254 24441b-244435 GetCurrentProcess IsWow64Process 250->254 252->246 253->254 258 2836ae-2836b1 253->258 256 244494-24449a 254->256 257 244437 254->257 260 24443d-244449 256->260 257->260 261 2836db-2836e5 258->261 262 2836b3-2836bd 258->262 270 24444f-24445e LoadLibraryA 260->270 271 283824-283828 GetSystemInfo 260->271 266 2836f8-283702 261->266 267 2836e7-2836f3 261->267 272 2836ca-2836d6 262->272 273 2836bf-2836c5 262->273 263->250 265 2443ca-2443dd 263->265 268 2837e8 264->268 269 283806-283809 264->269 274 2443e3-2443e5 265->274 275 283726-28372f 265->275 277 283704-283710 266->277 278 283715-283721 266->278 267->254 276 2837ee 268->276 279 28380b-28381a 269->279 280 2837f4-2837fc 269->280 281 244460-24446e GetProcAddress 270->281 282 24449c-2444a6 GetSystemInfo 270->282 272->254 273->254 284 28374d-283762 274->284 285 2443eb-2443ee 274->285 286 28373c-283748 275->286 287 283731-283737 275->287 276->280 277->254 278->254 279->276 288 28381c-283822 279->288 280->269 281->282 289 244470-244474 GetNativeSystemInfo 281->289 283 244476-244478 282->283 294 244481-244493 283->294 295 24447a-24447b FreeLibrary 283->295 292 28376f-28377b 284->292 293 283764-28376a 284->293 290 2443f4-24440f 285->290 291 283791-283794 285->291 286->254 287->254 288->280 289->283 296 244415 290->296 297 283780-28378c 290->297 291->254 298 28379a-2837c1 291->298 292->254 293->254 295->294 296->254 297->254 299 2837ce-2837da 298->299 300 2837c3-2837c9 298->300 299->254 300->254
                                                            APIs
                                                            • GetVersionExW.KERNEL32(?), ref: 0024430D
                                                              • Part of subcall function 00246B57: _wcslen.LIBCMT ref: 00246B6A
                                                            • GetCurrentProcess.KERNEL32(?,002DCB64,00000000,?,?), ref: 00244422
                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00244429
                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00244454
                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00244466
                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00244474
                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 0024447B
                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 002444A0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                            • API String ID: 3290436268-3101561225
                                                            • Opcode ID: 33ba442f7ad0a74b62b246ef54ae1d6b853f3a621d8b4a48f9fb912992f71249
                                                            • Instruction ID: 58d9a13e17b5c98fa31907fcc73719e89b8811fc279e4ae67a7cf5572ce60f2c
                                                            • Opcode Fuzzy Hash: 33ba442f7ad0a74b62b246ef54ae1d6b853f3a621d8b4a48f9fb912992f71249
                                                            • Instruction Fuzzy Hash: 8FA1F66DA2A2D1CFCB17EB787C443D57FAC6B2E700F18CC9AD26193A69D2604914CB25
                                                            Function 002442A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 706 2442a2-2442ba CreateStreamOnHGlobal 707 2442bc-2442d3 FindResourceExW 706->707 708 2442da-2442dd 706->708 709 2835ba-2835c9 LoadResource 707->709 710 2442d9 707->710 709->710 711 2835cf-2835dd SizeofResource 709->711 710->708 711->710 712 2835e3-2835ee LockResource 711->712 712->710 713 2835f4-283612 712->713 713->710
                                                            APIs
                                                            • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,002450AA,?,?,00000000,00000000), ref: 002442B2
                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,002450AA,?,?,00000000,00000000), ref: 002442C9
                                                            • LoadResource.KERNEL32(?,00000000,?,?,002450AA,?,?,00000000,00000000,?,?,?,?,?,?,00244F20), ref: 002835BE
                                                            • SizeofResource.KERNEL32(?,00000000,?,?,002450AA,?,?,00000000,00000000,?,?,?,?,?,?,00244F20), ref: 002835D3
                                                            • LockResource.KERNEL32(002450AA,?,?,002450AA,?,?,00000000,00000000,?,?,?,?,?,?,00244F20,?), ref: 002835E6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                            • String ID: SCRIPT
                                                            • API String ID: 3051347437-3967369404
                                                            • Opcode ID: 5c4877612e0389e719d9b0ddac4434ac8829d0fa10ade39f4c161fc39af4c343
                                                            • Instruction ID: f0627ecf0adf932a60f645bb6a00b51b7e90ab3c590449aa9eb964bff8715580
                                                            • Opcode Fuzzy Hash: 5c4877612e0389e719d9b0ddac4434ac8829d0fa10ade39f4c161fc39af4c343
                                                            • Instruction Fuzzy Hash: 8F115AB0611602BFEB259BA5EC4CF677BB9EBC5B51F20416EF80296290DBB1DC10C620
                                                            Function 00282BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00242B6B
                                                              • Part of subcall function 00243A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00311418,?,00242E7F,?,?,?,00000000), ref: 00243A78
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,00302224), ref: 00282C10
                                                            • ShellExecuteW.SHELL32(00000000,?,?,00302224), ref: 00282C17
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                            • String ID: runas
                                                            • API String ID: 448630720-4000483414
                                                            • Opcode ID: b187d87a637cb1beb2406865d145a57f1122869f9085a88b9996719f0ad76d01
                                                            • Instruction ID: 43921903636614b780e27bc2ed6079d8604cd522bb7e08a54968650f05903de0
                                                            • Opcode Fuzzy Hash: b187d87a637cb1beb2406865d145a57f1122869f9085a88b9996719f0ad76d01
                                                            • Instruction Fuzzy Hash: 3F110631629302AAC70DFF61D855AEEBBA89F95704F44142DF142020A2CF7089ADCF52
                                                            Function 002ADBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1234 2adbbe-2adbda lstrlenW 1235 2adbdc-2adbe6 GetFileAttributesW 1234->1235 1236 2adc06 1234->1236 1237 2adbe8-2adbf7 FindFirstFileW 1235->1237 1238 2adc09-2adc0d 1235->1238 1236->1238 1237->1236 1239 2adbf9-2adc04 FindClose 1237->1239 1239->1238
                                                            APIs
                                                            • lstrlenW.KERNEL32(?,00285222), ref: 002ADBCE
                                                            • GetFileAttributesW.KERNEL32(?), ref: 002ADBDD
                                                            • FindFirstFileW.KERNEL32(?,?), ref: 002ADBEE
                                                            • FindClose.KERNEL32(00000000), ref: 002ADBFA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                            • String ID:
                                                            • API String ID: 2695905019-0
                                                            • Opcode ID: b6b3069e6fef7cb568765cfbd31c89c153d365a7c18219f910134ad032f9b0ee
                                                            • Instruction ID: 684e4bd8adc8bfe76329dd6a7ee948e2f25d415f71d68cd657b18b23d857b60a
                                                            • Opcode Fuzzy Hash: b6b3069e6fef7cb568765cfbd31c89c153d365a7c18219f910134ad032f9b0ee
                                                            • Instruction Fuzzy Hash: 89F0A0308219225782206F7CAC0D8AA376E9E02334BA04713F876C24E0EFB49D64C695
                                                            Function 0024BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: BuffCharUpper
                                                            • String ID: p#1
                                                            • API String ID: 3964851224-1153943065
                                                            • Opcode ID: 15f0be4302a6fac94cc5e7079e9aa64532205149ea84e158148817f364aaa4a2
                                                            • Instruction ID: 606ef6fcf8ee27b093ca622ddcc332635ea00a3e24cdfd8e672c83a70a851ed0
                                                            • Opcode Fuzzy Hash: 15f0be4302a6fac94cc5e7079e9aa64532205149ea84e158148817f364aaa4a2
                                                            • Instruction Fuzzy Hash: 03A27C706293019FDB54CF18C480B2AB7E5BF89304F24896DE99A8B352D771EC65CF92
                                                            Function 0024D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetInputState.USER32 ref: 0024D807
                                                            • timeGetTime.WINMM ref: 0024DA07
                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0024DB28
                                                            • TranslateMessage.USER32(?), ref: 0024DB7B
                                                            • DispatchMessageW.USER32(?), ref: 0024DB89
                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0024DB9F
                                                            • Sleep.KERNEL32(0000000A), ref: 0024DBB1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                            • String ID:
                                                            • API String ID: 2189390790-0
                                                            • Opcode ID: cf961a81c80f5e483760eac1fc282aff94089a00e5ec48a787a2a1e72b5c3a21
                                                            • Instruction ID: 0c933b99406a73cce7307a361f1f57934fcbd23bc448a410d4c74cfaa612bdcc
                                                            • Opcode Fuzzy Hash: cf961a81c80f5e483760eac1fc282aff94089a00e5ec48a787a2a1e72b5c3a21
                                                            • Instruction Fuzzy Hash: 0F42E270624342EFEB29CF24C885BAAB7E5FF45304F14895EE45587291D7B0E868CF92
                                                            Function 00242CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetSysColorBrush.USER32(0000000F), ref: 00242D07
                                                            • RegisterClassExW.USER32(00000030), ref: 00242D31
                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00242D42
                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00242D5F
                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00242D6F
                                                            • LoadIconW.USER32(000000A9), ref: 00242D85
                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00242D94
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                            • API String ID: 2914291525-1005189915
                                                            • Opcode ID: 143981f214520ae7f5b4e60f718d63308039758d0be653ac0bd93956ab61f8b2
                                                            • Instruction ID: 4c2346fc579c7d809c8a1c54bec9ff72b0e942b57704671bb4779d301ea6892a
                                                            • Opcode Fuzzy Hash: 143981f214520ae7f5b4e60f718d63308039758d0be653ac0bd93956ab61f8b2
                                                            • Instruction Fuzzy Hash: F921C3B5D52219AFEB01DFA4E849BDDBBB8FB08701F10811AF661A62A0D7B14944CF91
                                                            Function 0028065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 302 28065b-28068b call 28042f 305 28068d-280698 call 26f2c6 302->305 306 2806a6-2806b2 call 275221 302->306 311 28069a-2806a1 call 26f2d9 305->311 312 2806cb-280714 call 28039a 306->312 313 2806b4-2806c9 call 26f2c6 call 26f2d9 306->313 322 28097d-280983 311->322 320 280781-28078a GetFileType 312->320 321 280716-28071f 312->321 313->311 326 28078c-2807bd GetLastError call 26f2a3 CloseHandle 320->326 327 2807d3-2807d6 320->327 324 280721-280725 321->324 325 280756-28077c GetLastError call 26f2a3 321->325 324->325 331 280727-280754 call 28039a 324->331 325->311 326->311 341 2807c3-2807ce call 26f2d9 326->341 329 2807d8-2807dd 327->329 330 2807df-2807e5 327->330 334 2807e9-280837 call 27516a 329->334 330->334 335 2807e7 330->335 331->320 331->325 345 280839-280845 call 2805ab 334->345 346 280847-28086b call 28014d 334->346 335->334 341->311 345->346 351 28086f-280879 call 2786ae 345->351 352 28086d 346->352 353 28087e-2808c1 346->353 351->322 352->351 355 2808e2-2808f0 353->355 356 2808c3-2808c7 353->356 359 28097b 355->359 360 2808f6-2808fa 355->360 356->355 358 2808c9-2808dd 356->358 358->355 359->322 360->359 361 2808fc-28092f CloseHandle call 28039a 360->361 364 280931-28095d GetLastError call 26f2a3 call 275333 361->364 365 280963-280977 361->365 364->365 365->359
                                                            APIs
                                                              • Part of subcall function 0028039A: CreateFileW.KERNEL32(00000000,00000000,?,00280704,?,?,00000000,?,00280704,00000000,0000000C), ref: 002803B7
                                                            • GetLastError.KERNEL32 ref: 0028076F
                                                            • __dosmaperr.LIBCMT ref: 00280776
                                                            • GetFileType.KERNEL32(00000000), ref: 00280782
                                                            • GetLastError.KERNEL32 ref: 0028078C
                                                            • __dosmaperr.LIBCMT ref: 00280795
                                                            • CloseHandle.KERNEL32(00000000), ref: 002807B5
                                                            • CloseHandle.KERNEL32(?), ref: 002808FF
                                                            • GetLastError.KERNEL32 ref: 00280931
                                                            • __dosmaperr.LIBCMT ref: 00280938
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                            • String ID: H
                                                            • API String ID: 4237864984-2852464175
                                                            • Opcode ID: c98a659ec771f5b5c9a155a1987fa4369fe7408ed36095f50e865250238dfe6b
                                                            • Instruction ID: 2978f990abde8be37801a138ef79bd3a1eec4bda5d078995563eeb62afa1c3d5
                                                            • Opcode Fuzzy Hash: c98a659ec771f5b5c9a155a1987fa4369fe7408ed36095f50e865250238dfe6b
                                                            • Instruction Fuzzy Hash: ACA17636A211058FDF59AF68DC92BAE7BA0AB0A320F144159F8159B2D1DB309C66CF91
                                                            Function 0024344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                              • Part of subcall function 00243A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00311418,?,00242E7F,?,?,?,00000000), ref: 00243A78
                                                              • Part of subcall function 00243357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00243379
                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0024356A
                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0028318D
                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 002831CE
                                                            • RegCloseKey.ADVAPI32(?), ref: 00283210
                                                            • _wcslen.LIBCMT ref: 00283277
                                                            • _wcslen.LIBCMT ref: 00283286
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                            • API String ID: 98802146-2727554177
                                                            • Opcode ID: cfadda00f4ebb815b380232d8cd83e0815495ae6bc6736687a48ad4b352c731c
                                                            • Instruction ID: a7ceb6b4a5e0c0ed293ffc177b4ee55eb6b49c950a3b84f906f7599e6b6bf6e6
                                                            • Opcode Fuzzy Hash: cfadda00f4ebb815b380232d8cd83e0815495ae6bc6736687a48ad4b352c731c
                                                            • Instruction Fuzzy Hash: F271A0755253019EC319EF29EC819ABBBECFF89740F50482EF555831A1DB309A68CF52
                                                            Function 00242B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetSysColorBrush.USER32(0000000F), ref: 00242B8E
                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00242B9D
                                                            • LoadIconW.USER32(00000063), ref: 00242BB3
                                                            • LoadIconW.USER32(000000A4), ref: 00242BC5
                                                            • LoadIconW.USER32(000000A2), ref: 00242BD7
                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00242BEF
                                                            • RegisterClassExW.USER32(?), ref: 00242C40
                                                              • Part of subcall function 00242CD4: GetSysColorBrush.USER32(0000000F), ref: 00242D07
                                                              • Part of subcall function 00242CD4: RegisterClassExW.USER32(00000030), ref: 00242D31
                                                              • Part of subcall function 00242CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00242D42
                                                              • Part of subcall function 00242CD4: InitCommonControlsEx.COMCTL32(?), ref: 00242D5F
                                                              • Part of subcall function 00242CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00242D6F
                                                              • Part of subcall function 00242CD4: LoadIconW.USER32(000000A9), ref: 00242D85
                                                              • Part of subcall function 00242CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00242D94
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                            • String ID: #$0$AutoIt v3
                                                            • API String ID: 423443420-4155596026
                                                            • Opcode ID: bcfa73e412130d8167fc4b552cdbbba8ad9bdbb0b172a2bdd20c4b1fdd455114
                                                            • Instruction ID: c08a376ad4f04c3d1ff2a39a171458b2df6ce0c9e1b036fc8d724b58d3a1921f
                                                            • Opcode Fuzzy Hash: bcfa73e412130d8167fc4b552cdbbba8ad9bdbb0b172a2bdd20c4b1fdd455114
                                                            • Instruction Fuzzy Hash: 76214F78E11314ABDB129F95EC59AD9BFB8FB0CB50F10841BF610A66A4D3B10950CF90
                                                            Function 0024B710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __Init_thread_footer.LIBCMT ref: 0024BB4E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID: p#1$p#1$p#1$p#1$p%1$p%1$x#1$x#1
                                                            • API String ID: 1385522511-424857864
                                                            • Opcode ID: 2ebab04b9a42e03e70e28082613fe851081d3375cc19d352f62f7c7f1830dacc
                                                            • Instruction ID: 8f36fc68eb90321526543b99a6c66f025f323c23585768bd2f4c1b2041121e43
                                                            • Opcode Fuzzy Hash: 2ebab04b9a42e03e70e28082613fe851081d3375cc19d352f62f7c7f1830dacc
                                                            • Instruction Fuzzy Hash: D0329D35A2020ADFDF2ACF54C894ABAB7B9EF48304F148059ED15AB251C774EDA1CF51
                                                            Function 00243170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 650 243170-243185 651 2431e5-2431e7 650->651 652 243187-24318a 650->652 651->652 655 2431e9 651->655 653 24318c-243193 652->653 654 2431eb 652->654 656 243265-24326d PostQuitMessage 653->656 657 243199-24319e 653->657 659 282dfb-282e23 call 2418e2 call 25e499 654->659 660 2431f1-2431f6 654->660 658 2431d0-2431d8 DefWindowProcW 655->658 665 243219-24321b 656->665 662 2431a4-2431a8 657->662 663 282e7c-282e90 call 2abf30 657->663 664 2431de-2431e4 658->664 695 282e28-282e2f 659->695 666 24321d-243244 SetTimer RegisterWindowMessageW 660->666 667 2431f8-2431fb 660->667 671 282e68-282e72 call 2ac161 662->671 672 2431ae-2431b3 662->672 663->665 689 282e96 663->689 665->664 666->665 673 243246-243251 CreatePopupMenu 666->673 668 282d9c-282d9f 667->668 669 243201-243214 KillTimer call 2430f2 call 243c50 667->669 681 282da1-282da5 668->681 682 282dd7-282df6 MoveWindow 668->682 669->665 685 282e77 671->685 678 282e4d-282e54 672->678 679 2431b9-2431be 672->679 673->665 678->658 683 282e5a-282e63 call 2a0ad7 678->683 687 2431c4-2431ca 679->687 688 243253-243263 call 24326f 679->688 690 282dc6-282dd2 SetFocus 681->690 691 282da7-282daa 681->691 682->665 683->658 685->665 687->658 687->695 688->665 689->658 690->665 691->687 696 282db0-282dc1 call 2418e2 691->696 695->658 699 282e35-282e48 call 2430f2 call 243837 695->699 696->665 699->658
                                                            APIs
                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0024316A,?,?), ref: 002431D8
                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,0024316A,?,?), ref: 00243204
                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00243227
                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0024316A,?,?), ref: 00243232
                                                            • CreatePopupMenu.USER32 ref: 00243246
                                                            • PostQuitMessage.USER32(00000000), ref: 00243267
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                            • String ID: TaskbarCreated
                                                            • API String ID: 129472671-2362178303
                                                            • Opcode ID: efee3458f6fc020c7023ce907466b26b3f7d5e04fb22fb99038b487558bc531a
                                                            • Instruction ID: 60350f91292419e38970e64409816613dd3c783bdfd82b6bf13666192514d1f2
                                                            • Opcode Fuzzy Hash: efee3458f6fc020c7023ce907466b26b3f7d5e04fb22fb99038b487558bc531a
                                                            • Instruction Fuzzy Hash: 40410939230206A7DF1EEF78AC4DBF93A5DE709300F144115FA1A85295CBE19E70DBA1
                                                            Function 00242C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 716 242c63-242cd3 CreateWindowExW * 2 ShowWindow * 2
                                                            APIs
                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00242C91
                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00242CB2
                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00241CAD,?), ref: 00242CC6
                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00241CAD,?), ref: 00242CCF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$CreateShow
                                                            • String ID: AutoIt v3$edit
                                                            • API String ID: 1584632944-3779509399
                                                            • Opcode ID: 5c5a1d36e98c9260a0b5787ca95599c00d629088094eb12f68fb0a369ffa43c7
                                                            • Instruction ID: 4bee95d9c43d3983fa469bf451c83a1a1bd90d86914d9bd8aea1f5a4df96e85a
                                                            • Opcode Fuzzy Hash: 5c5a1d36e98c9260a0b5787ca95599c00d629088094eb12f68fb0a369ffa43c7
                                                            • Instruction Fuzzy Hash: B2F0DA799402907AEB321717AC0CEF76EBDD7CAF50F10855AFA10A26A8C6A11C50DAB0
                                                            Function 002CAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 831 2cad64-2cad9c call 24a961 call 262340 836 2cad9e-2cadb5 call 247510 831->836 837 2cadd1-2cadd5 831->837 836->837 848 2cadb7-2cadce call 247510 call 247620 836->848 838 2cadd7-2cadee call 247510 call 247620 837->838 839 2cadf1-2cadf5 837->839 838->839 842 2cae3a 839->842 843 2cadf7-2cae0e call 247510 839->843 846 2cae3c-2cae40 842->846 843->846 857 2cae10-2cae21 call 249b47 843->857 850 2cae42-2cae50 call 24b567 846->850 851 2cae53-2caeae call 262340 call 247510 ShellExecuteExW 846->851 848->837 850->851 868 2caeb7-2caeb9 851->868 869 2caeb0-2caeb6 call 25fe14 851->869 857->842 867 2cae23-2cae2e call 247510 857->867 867->842 875 2cae30-2cae35 call 24a8c7 867->875 872 2caebb-2caec1 call 25fe14 868->872 873 2caec2-2caec6 868->873 869->868 872->873 877 2caec8-2caed6 873->877 878 2caf0a-2caf0e 873->878 875->842 882 2caed8 877->882 883 2caedb-2caeeb 877->883 884 2caf1b-2caf33 call 24cfa0 878->884 885 2caf10-2caf19 878->885 882->883 886 2caeed 883->886 887 2caef0-2caf08 call 24cfa0 883->887 888 2caf6d-2caf7b call 24988f 884->888 893 2caf35-2caf46 GetProcessId 884->893 885->888 886->887 887->888 896 2caf4e-2caf67 call 24cfa0 CloseHandle 893->896 897 2caf48 893->897 896->888 897->896
                                                            APIs
                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 002CAEA3
                                                              • Part of subcall function 00247620: _wcslen.LIBCMT ref: 00247625
                                                            • GetProcessId.KERNEL32(00000000), ref: 002CAF38
                                                            • CloseHandle.KERNEL32(00000000), ref: 002CAF67
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                            • String ID: <$@
                                                            • API String ID: 146682121-1426351568
                                                            • Opcode ID: 8f594beccbfb9b9df4a81507b66918d474b51d28c2d1a42fd9943ad84cef7f06
                                                            • Instruction ID: 5c5d2239549459fe19a6b99faee85c0827530be17cb2d0e90860295fb742d54f
                                                            • Opcode Fuzzy Hash: 8f594beccbfb9b9df4a81507b66918d474b51d28c2d1a42fd9943ad84cef7f06
                                                            • Instruction Fuzzy Hash: 67715570A10619DFCB18DF54C485A9EBBB0EF08304F0485ADE816AB362C775ED65CF91
                                                            Function 002AE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1174 2ae97b-2ae986 1175 2ae988 1174->1175 1176 2ae9f9-2ae9fb 1174->1176 1177 2ae98a-2ae98c 1175->1177 1178 2ae98e-2ae991 1175->1178 1179 2ae9f3 Sleep 1177->1179 1180 2ae9f2 1178->1180 1181 2ae993-2ae99f QueryPerformanceCounter 1178->1181 1179->1176 1180->1179 1181->1180 1182 2ae9a1-2ae9a5 QueryPerformanceFrequency 1181->1182 1183 2ae9ab-2ae9ee Sleep QueryPerformanceCounter call 2820b0 1182->1183 1186 2ae9f0 1183->1186 1186->1176
                                                            APIs
                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 002AE997
                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 002AE9A5
                                                            • Sleep.KERNEL32(00000000), ref: 002AE9AD
                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 002AE9B7
                                                            • Sleep.KERNEL32 ref: 002AE9F3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                            • String ID:
                                                            • API String ID: 2833360925-0
                                                            • Opcode ID: 751a80b2a9643c8b3a5b2c87c69f8dac3c345906c2b311b2662cd8a3d8f08d35
                                                            • Instruction ID: addb8e2df0c7a98493fd9502650e678be8f9b6d60466380f8477fe172f531b2e
                                                            • Opcode Fuzzy Hash: 751a80b2a9643c8b3a5b2c87c69f8dac3c345906c2b311b2662cd8a3d8f08d35
                                                            • Instruction Fuzzy Hash: 18011E31C1162ADBCF009FE5E85D6DEBB78BB0A711F110556D502B2141DF309565C762
                                                            Function 00243B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1223 243b1c-243b27 1224 243b99-243b9b 1223->1224 1225 243b29-243b2e 1223->1225 1227 243b8c-243b8f 1224->1227 1225->1224 1226 243b30-243b48 RegOpenKeyExW 1225->1226 1226->1224 1228 243b4a-243b69 RegQueryValueExW 1226->1228 1229 243b80-243b8b RegCloseKey 1228->1229 1230 243b6b-243b76 1228->1230 1229->1227 1231 243b90-243b97 1230->1231 1232 243b78-243b7a 1230->1232 1233 243b7e 1231->1233 1232->1233 1233->1229
                                                            APIs
                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00243B0F,SwapMouseButtons,00000004,?), ref: 00243B40
                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00243B0F,SwapMouseButtons,00000004,?), ref: 00243B61
                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00243B0F,SwapMouseButtons,00000004,?), ref: 00243B83
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CloseOpenQueryValue
                                                            • String ID: Control Panel\Mouse
                                                            • API String ID: 3677997916-824357125
                                                            • Opcode ID: 44c4c6a5a2d00e7abf59d16de43e1c18738e8f9386fd552f8730efc652f268f9
                                                            • Instruction ID: 21daecda7a25bf312fa48c1eb5d42898e9e4824d38962d9a3b6dbc6d60eebf1c
                                                            • Opcode Fuzzy Hash: 44c4c6a5a2d00e7abf59d16de43e1c18738e8f9386fd552f8730efc652f268f9
                                                            • Instruction Fuzzy Hash: C2115AB1521209FFDB24CFA4DC48AAEB7B8EF00748B10845AA801D7210D2319E509760
                                                            Function 00243923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 1240 243923-243939 1241 243a13-243a17 1240->1241 1242 24393f-243954 call 246270 1240->1242 1245 283393-2833a2 LoadStringW 1242->1245 1246 24395a-243976 call 246b57 1242->1246 1248 2833ad-2833b6 1245->1248 1250 2833c9-2833e5 call 246350 call 243fcf 1246->1250 1251 24397c-243980 1246->1251 1252 243994-243a0e call 262340 call 243a18 call 264983 Shell_NotifyIconW call 24988f 1248->1252 1253 2833bc-2833c4 call 24a8c7 1248->1253 1250->1252 1266 2833eb-283409 call 2433c6 call 243fcf call 2433c6 1250->1266 1251->1248 1255 243986-24398f call 246350 1251->1255 1252->1241 1253->1252 1255->1252 1266->1252
                                                            APIs
                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 002833A2
                                                              • Part of subcall function 00246B57: _wcslen.LIBCMT ref: 00246B6A
                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00243A04
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                            • String ID: Line:
                                                            • API String ID: 2289894680-1585850449
                                                            • Opcode ID: fd8e8edfe159d62e4de3d1e4ac1512559093c806218e33ab8f4b43528ac4aa28
                                                            • Instruction ID: df2544f41472fe5572b59c137dcb1404b0615867727e6980ecc8cff6ab5b4324
                                                            • Opcode Fuzzy Hash: fd8e8edfe159d62e4de3d1e4ac1512559093c806218e33ab8f4b43528ac4aa28
                                                            • Instruction Fuzzy Hash: 8F31F471429301AAD72AEF20DC45BEBB7DCAF45710F10492AF599831D1DB709A68CBC3
                                                            Function 00242DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00282C8C
                                                              • Part of subcall function 00243AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00243A97,?,?,00242E7F,?,?,?,00000000), ref: 00243AC2
                                                              • Part of subcall function 00242DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00242DC4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Name$Path$FileFullLongOpen
                                                            • String ID: X$`e0
                                                            • API String ID: 779396738-2543136528
                                                            • Opcode ID: 1741770cc39fa0625d465217d7108b3b79478ebfab4e4997115542c4ba248900
                                                            • Instruction ID: 0b65a6d0875fb9db7734ee7529c0723de4b3b446b5639c65ed188f96b4291d5c
                                                            • Opcode Fuzzy Hash: 1741770cc39fa0625d465217d7108b3b79478ebfab4e4997115542c4ba248900
                                                            • Instruction Fuzzy Hash: 0D21C370A20258DBCB05EF94C805BEE7BFCAF49304F00805AE505B7281DBB45AADCF61
                                                            Function 0025FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00260668
                                                              • Part of subcall function 002632A4: RaiseException.KERNEL32(?,?,?,0026068A,?,00311444,?,?,?,?,?,?,0026068A,00241129,00308738,00241129), ref: 00263304
                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00260685
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                            • String ID: Unknown exception
                                                            • API String ID: 3476068407-410509341
                                                            • Opcode ID: f74ea5afca7d519addc6cbd7d9b20c729352eaaf4aa4f39b0862a3c0582164c2
                                                            • Instruction ID: 3e06df115c2b36f861771e10893713c32f7bead3a2015bf2d05df682a9af1649
                                                            • Opcode Fuzzy Hash: f74ea5afca7d519addc6cbd7d9b20c729352eaaf4aa4f39b0862a3c0582164c2
                                                            • Instruction Fuzzy Hash: A9F0C23492020EB7CB00BAA4DC96C9E777C6E00310B604571FD14965D1EF71DAB9D985
                                                            Function 002410F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00241BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00241BF4
                                                              • Part of subcall function 00241BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00241BFC
                                                              • Part of subcall function 00241BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00241C07
                                                              • Part of subcall function 00241BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00241C12
                                                              • Part of subcall function 00241BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00241C1A
                                                              • Part of subcall function 00241BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00241C22
                                                              • Part of subcall function 00241B4A: RegisterWindowMessageW.USER32(00000004,?,002412C4), ref: 00241BA2
                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0024136A
                                                            • OleInitialize.OLE32 ref: 00241388
                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 002824AB
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                            • String ID:
                                                            • API String ID: 1986988660-0
                                                            • Opcode ID: a388654feb258110f19fc158048233dde1ef9e143a1d5760f2d61c4ff52be9d8
                                                            • Instruction ID: fc2811629e89d34d386cd48f2909414ca095cff29ab67bdfe2cf335c04092b9a
                                                            • Opcode Fuzzy Hash: a388654feb258110f19fc158048233dde1ef9e143a1d5760f2d61c4ff52be9d8
                                                            • Instruction Fuzzy Hash: E071EEB89222018FC78ADF7AAC456D53BFAFB8E740B54C22AD60AC7361EB304451CF04
                                                            Function 002AC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00243923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00243A04
                                                            • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 002AC259
                                                            • KillTimer.USER32(?,00000001,?,?), ref: 002AC261
                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 002AC270
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: IconNotifyShell_Timer$Kill
                                                            • String ID:
                                                            • API String ID: 3500052701-0
                                                            • Opcode ID: 55b7b26e8835393bbfdc05b419459238bbc89daa47614ab29f728a37179cf6d5
                                                            • Instruction ID: 772d5d42b5df26e0be8e55ea9a0ad0bfe5f3d896de6b727c1720829b50ef36f7
                                                            • Opcode Fuzzy Hash: 55b7b26e8835393bbfdc05b419459238bbc89daa47614ab29f728a37179cf6d5
                                                            • Instruction Fuzzy Hash: 55319370914344AFEB229F649859BEBBBECAB07304F10449AD6DAA7241CB745A84CB51
                                                            Function 002786AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,002785CC,?,00308CC8,0000000C), ref: 00278704
                                                            • GetLastError.KERNEL32(?,002785CC,?,00308CC8,0000000C), ref: 0027870E
                                                            • __dosmaperr.LIBCMT ref: 00278739
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CloseErrorHandleLast__dosmaperr
                                                            • String ID:
                                                            • API String ID: 2583163307-0
                                                            • Opcode ID: bfc56073942c037f8757a304bf31d511a81bd89dcecf1b6d49e87bf126f10353
                                                            • Instruction ID: 3ed4481f2ce6e073d1f4d4240c3ce8413ebc23bbcd908d1bf4ce3eabf225a761
                                                            • Opcode Fuzzy Hash: bfc56073942c037f8757a304bf31d511a81bd89dcecf1b6d49e87bf126f10353
                                                            • Instruction Fuzzy Hash: 75016B32E7623136D6646634684E77EA74E4B82774F39C159F80C8B0E2DEF0CCE18550
                                                            Function 0024DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • TranslateMessage.USER32(?), ref: 0024DB7B
                                                            • DispatchMessageW.USER32(?), ref: 0024DB89
                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0024DB9F
                                                            • Sleep.KERNEL32(0000000A), ref: 0024DBB1
                                                            • TranslateAcceleratorW.USER32(?,?,?), ref: 00291CC9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                            • String ID:
                                                            • API String ID: 3288985973-0
                                                            • Opcode ID: e3e96e9d58ca5da9ede9f1be4d2c82df41175a00ac0ab5479169d668ab6d247a
                                                            • Instruction ID: 580620345ffe24051d38a18b3896273432f15c5d55192d1060482e172653aea0
                                                            • Opcode Fuzzy Hash: e3e96e9d58ca5da9ede9f1be4d2c82df41175a00ac0ab5479169d668ab6d247a
                                                            • Instruction Fuzzy Hash: 21F05E30A653429BEB34CB609C49FEA73ACEB48310F10461AE61A830C0DB30A898CB16
                                                            Function 00251310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __Init_thread_footer.LIBCMT ref: 002517F6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID: CALL
                                                            • API String ID: 1385522511-4196123274
                                                            • Opcode ID: d407aec03208d131f83f8034a5c121852a4fabcbeb5968a38b61b16fe44d834c
                                                            • Instruction ID: a82063e547cfd0ff8fc20655f8eac8bb56db94bcaeddfabeebb877ae10eb44ab
                                                            • Opcode Fuzzy Hash: d407aec03208d131f83f8034a5c121852a4fabcbeb5968a38b61b16fe44d834c
                                                            • Instruction Fuzzy Hash: 0A229A706282029FCB14DF14C484B2ABBF1BF89315F24895DF8968B361D771E969CF86
                                                            Function 00243837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00243908
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: IconNotifyShell_
                                                            • String ID:
                                                            • API String ID: 1144537725-0
                                                            • Opcode ID: 50f967e3ca343a31ea086bcf563ea357ca2ad4722c73abf5a22b23e37850673a
                                                            • Instruction ID: fa307b71a8f18c54b2a66455fee06ee3ac7e4780b8998c7978eafeddcd75f707
                                                            • Opcode Fuzzy Hash: 50f967e3ca343a31ea086bcf563ea357ca2ad4722c73abf5a22b23e37850673a
                                                            • Instruction Fuzzy Hash: 3A319374515701DFD721DF24D8857D7BBE8FB49708F00092EF6A987240E7B1AA54CB52
                                                            Function 0025F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • timeGetTime.WINMM ref: 0025F661
                                                              • Part of subcall function 0024D730: GetInputState.USER32 ref: 0024D807
                                                            • Sleep.KERNEL32(00000000), ref: 0029F2DE
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: InputSleepStateTimetime
                                                            • String ID:
                                                            • API String ID: 4149333218-0
                                                            • Opcode ID: 004b96a9769356921f3f266ca939b01acb5fc894aa1742214d27206b30c7ef73
                                                            • Instruction ID: 6f5453240db2430741d251e13a0943196179342e861f1827289ad21ff6103a6c
                                                            • Opcode Fuzzy Hash: 004b96a9769356921f3f266ca939b01acb5fc894aa1742214d27206b30c7ef73
                                                            • Instruction Fuzzy Hash: 0AF08C31250205AFD358EF79E549B6AF7E8EF45B61F00002AE85DC72A0DB70AC10CF90
                                                            Function 002C58A2 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __Init_thread_footer.LIBCMT ref: 002C5930
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID:
                                                            • API String ID: 1385522511-0
                                                            • Opcode ID: 72f9be279d020297808579f7f0cbc3f70e5f4f42501e194121f268a39c91f131
                                                            • Instruction ID: 4da272b938136e61a6e24f6de409e146bf64fd73888088b6cc664c0ad09bfdc5
                                                            • Opcode Fuzzy Hash: 72f9be279d020297808579f7f0cbc3f70e5f4f42501e194121f268a39c91f131
                                                            • Instruction Fuzzy Hash: ED717A30620626AFDB24DF55C881EBAB7B5FF58310F10826DE9499B281D771EDA1CF90
                                                            Function 002D2598 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000013,00000001,?), ref: 002D2649
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window
                                                            • String ID:
                                                            • API String ID: 2353593579-0
                                                            • Opcode ID: 6b4a44f96aeeb7370a53a137078ace456de9b2374eae5896b27561ef5c5ef72a
                                                            • Instruction ID: df44a594cffa6417faba3f93e6fc70e9c28be0cb88b76f539f265ec71e9fb916
                                                            • Opcode Fuzzy Hash: 6b4a44f96aeeb7370a53a137078ace456de9b2374eae5896b27561ef5c5ef72a
                                                            • Instruction Fuzzy Hash: 3B212270210316EFE714DF28C8D0D36B79DEB54368B60806EE8968B392CB71ED59CB90
                                                            Function 002D13B7 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetForegroundWindow.USER32(00000001,?), ref: 002D1420
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ForegroundWindow
                                                            • String ID:
                                                            • API String ID: 2020703349-0
                                                            • Opcode ID: 0b0660953357b59848d81b095a17facafbc7bba012bbb25438b3e3d39b17231d
                                                            • Instruction ID: dcffaecf17a8b99b49ad17e3998a98fd7088cffbf78562b5dc06f115e5e936a7
                                                            • Opcode Fuzzy Hash: 0b0660953357b59848d81b095a17facafbc7bba012bbb25438b3e3d39b17231d
                                                            • Instruction Fuzzy Hash: 2B31CE30624203AFD754EF29C491B69B7A2FF45324F14816AE8154B792DB31EC65CFC0
                                                            Function 00244ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00244E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00244EDD,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244E9C
                                                              • Part of subcall function 00244E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00244EAE
                                                              • Part of subcall function 00244E90: FreeLibrary.KERNEL32(00000000,?,?,00244EDD,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244EC0
                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244EFD
                                                              • Part of subcall function 00244E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00283CDE,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244E62
                                                              • Part of subcall function 00244E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00244E74
                                                              • Part of subcall function 00244E59: FreeLibrary.KERNEL32(00000000,?,?,00283CDE,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244E87
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Library$Load$AddressFreeProc
                                                            • String ID:
                                                            • API String ID: 2632591731-0
                                                            • Opcode ID: 9133a57e8c602e43a836cab702af46a9725fae9a75ad317d9579bd543d054e59
                                                            • Instruction ID: f5fed14835009436ed0d02303fc6d19418b265ff7b7adf8becbb5ada2cc9472d
                                                            • Opcode Fuzzy Hash: 9133a57e8c602e43a836cab702af46a9725fae9a75ad317d9579bd543d054e59
                                                            • Instruction Fuzzy Hash: 9D11C432630205AADB18FF60D806BAD77A59F40B14F20442AF542A65D1DEB49A699B50
                                                            Function 00278402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: __wsopen_s
                                                            • String ID:
                                                            • API String ID: 3347428461-0
                                                            • Opcode ID: fd23ae5e1e7e391518e90b832f90b577a42f4c217e492ba7d1bc6b615e4715a2
                                                            • Instruction ID: 3a5c4b63e48d22ae9e45855cfa154443a99a07225cd27dcfad128fe816964883
                                                            • Opcode Fuzzy Hash: fd23ae5e1e7e391518e90b832f90b577a42f4c217e492ba7d1bc6b615e4715a2
                                                            • Instruction Fuzzy Hash: 0611187590410AAFCB05DF58E94599B7BF9EF48314F108059F808AB352DA71DA21CBA5
                                                            Function 00275000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00274C7D: RtlAllocateHeap.NTDLL(00000008,00241129,00000000,?,00272E29,00000001,00000364,?,?,?,0026F2DE,00273863,00311444,?,0025FDF5,?), ref: 00274CBE
                                                            • _free.LIBCMT ref: 0027506C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap_free
                                                            • String ID:
                                                            • API String ID: 614378929-0
                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                            • Instruction ID: b30bfaffe54a5cb0dbb4d95f47ff65e14111149d8cd3603310ebb8d09328933a
                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                            • Instruction Fuzzy Hash: 4B012672214709ABE3218E659881A5AFBE8FB89370F25451DE19883280EA70A805CAB4
                                                            Function 002D29BF Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetForegroundWindow.USER32(00000000,?,?,?,002D14B5,?), ref: 002D2A01
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ForegroundWindow
                                                            • String ID:
                                                            • API String ID: 2020703349-0
                                                            • Opcode ID: b3b9229c2a79d0a14ab21e40c9973a106b2ed4c5b67a6d957f5967cc0d85da7f
                                                            • Instruction ID: 5816915b0d5eee756cac10ee8c67e1d3b6da3ecbe27036f5855b4b906ea732dd
                                                            • Opcode Fuzzy Hash: b3b9229c2a79d0a14ab21e40c9973a106b2ed4c5b67a6d957f5967cc0d85da7f
                                                            • Instruction Fuzzy Hash: 74019E36720A42DFE325CA2CC554B227792EBA9314F39C46AC0878B355DB32EC56C7A0
                                                            Function 0026E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                            • Instruction ID: 4b54829ae43b0134bd938162c9f686162606422cc2db9341067cb89fef8ebe76
                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                            • Instruction Fuzzy Hash: A3F0F436931A14EADE313E69DC05B5A339C9F52330F214715F928921D2CBB098A68EA6
                                                            Function 002D149E Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetForegroundWindow.USER32(?), ref: 002D14EB
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ForegroundWindow
                                                            • String ID:
                                                            • API String ID: 2020703349-0
                                                            • Opcode ID: 9c81dc8c2bcf8c71be103f6561b68a51accaa1b7932b7d3bd5b184dc342e0cb0
                                                            • Instruction ID: 327eacb00bd7dfb89cf5bb761585483836c5aad491c7dcd9e25436c923c95d53
                                                            • Opcode Fuzzy Hash: 9c81dc8c2bcf8c71be103f6561b68a51accaa1b7932b7d3bd5b184dc342e0cb0
                                                            • Instruction Fuzzy Hash: 0C01F735319742AFD320CF69D450826BB95FF94324764805FE84A8BB52D672DDA2CBC0
                                                            Function 00249CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID:
                                                            • API String ID: 176396367-0
                                                            • Opcode ID: d57aa977ca9da633799a4b4d943c5b5fcd567f4384338c029a49ddd99b613df9
                                                            • Instruction ID: 73eba841d018e74f79fae1e071cd07dec30d5eb33d15f36ef4366be27f5b1e53
                                                            • Opcode Fuzzy Hash: d57aa977ca9da633799a4b4d943c5b5fcd567f4384338c029a49ddd99b613df9
                                                            • Instruction Fuzzy Hash: C4F028B36116006ED7149F28C802A67BB98EB48760F10852AFA19CB1D1DB31E4648BE4
                                                            Function 00274C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000008,00241129,00000000,?,00272E29,00000001,00000364,?,?,?,0026F2DE,00273863,00311444,?,0025FDF5,?), ref: 00274CBE
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: ae39ac06e9e71f047efd6229db37eb68b57a0af8c28bf4ccffcae9782cf291df
                                                            • Instruction ID: 94d90ef13485fa6e800f81d722369ba3a93100749cbc63353d5509379a775209
                                                            • Opcode Fuzzy Hash: ae39ac06e9e71f047efd6229db37eb68b57a0af8c28bf4ccffcae9782cf291df
                                                            • Instruction Fuzzy Hash: AAF0BB3163312566DB237F629C05B563748AF41760B19C51BBD1D96194CB70DC708990
                                                            Function 00273820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00000000,?,00311444,?,0025FDF5,?,?,0024A976,00000010,00311440,002413FC,?,002413C6,?,00241129), ref: 00273852
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 2a1c99fa35b8980e5e818794ecfffc28568fdcbf013aae87588f75fe634046ad
                                                            • Instruction ID: d866f3c7a525adc2757d81fb4196235856dd299ac074b68cb3a78f83776bf966
                                                            • Opcode Fuzzy Hash: 2a1c99fa35b8980e5e818794ecfffc28568fdcbf013aae87588f75fe634046ad
                                                            • Instruction Fuzzy Hash: 7DE0E53213123696D7216E669C04F9A3749AB427B0F158122BC5C929D1CB71DD61A5E2
                                                            Function 00244F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FreeLibrary.KERNEL32(?,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244F6D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FreeLibrary
                                                            • String ID:
                                                            • API String ID: 3664257935-0
                                                            • Opcode ID: 147a414e8ba601d3d5107a8a727f81eb9444dff06dc8f574b2d01c2a30ad7344
                                                            • Instruction ID: 8ea1a0602f713100197ed310020fe2283f261378e61a236f6ef8bd98595bb26a
                                                            • Opcode Fuzzy Hash: 147a414e8ba601d3d5107a8a727f81eb9444dff06dc8f574b2d01c2a30ad7344
                                                            • Instruction Fuzzy Hash: AFF03071525752CFDB38AF64D494912B7E4BF14319321897EE1EA82921C7719868DF10
                                                            Function 002D2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsWindow.USER32(00000000), ref: 002D2A66
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window
                                                            • String ID:
                                                            • API String ID: 2353593579-0
                                                            • Opcode ID: a39277564c99f0c4001377dc346ca3e25c879a913e07a5eb269034a57a68033a
                                                            • Instruction ID: ffc8b7abc8c0f3004e1a1536102ccae2437de69f3158d9c55c691c9287783f48
                                                            • Opcode Fuzzy Hash: a39277564c99f0c4001377dc346ca3e25c879a913e07a5eb269034a57a68033a
                                                            • Instruction Fuzzy Hash: D5E04F36770116EAC714EA30EC808FAB35CEBA53957104537BC1AD2200EF70DDB98AE0
                                                            Function 00242DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00242DC4
                                                              • Part of subcall function 00246B57: _wcslen.LIBCMT ref: 00246B6A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: LongNamePath_wcslen
                                                            • String ID:
                                                            • API String ID: 541455249-0
                                                            • Opcode ID: 86d0805c0758cc18472dd91a58b3e9cdfbbb8090d8d206b0ce03d1f81651ce93
                                                            • Instruction ID: 530289e183b31ee44b8b11a2e900ba0f04a9de2c5a049297a790ac67201a549d
                                                            • Opcode Fuzzy Hash: 86d0805c0758cc18472dd91a58b3e9cdfbbb8090d8d206b0ce03d1f81651ce93
                                                            • Instruction Fuzzy Hash: DDE0CD76A012245BCB20A2589C09FDA77DDDFC8794F040071FD09E7288D960AD90CA51
                                                            Function 00242B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00243837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00243908
                                                              • Part of subcall function 0024D730: GetInputState.USER32 ref: 0024D807
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00242B6B
                                                              • Part of subcall function 002430F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0024314E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                            • String ID:
                                                            • API String ID: 3667716007-0
                                                            • Opcode ID: f4178d42c79453eac482328dc96cc7366a27b426fa15e41c45b02fa416e620a6
                                                            • Instruction ID: fccbd402fc7a0da8589131f94602ec739b8945340a253d847b5e521fee550e5d
                                                            • Opcode Fuzzy Hash: f4178d42c79453eac482328dc96cc7366a27b426fa15e41c45b02fa416e620a6
                                                            • Instruction Fuzzy Hash: 12E0262172020403CA0CFB35A8125EDF3598BD5715F40153EF142831A3CE6049A98A11
                                                            Function 002A3D03 Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 002A3D18
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSendTimeout
                                                            • String ID:
                                                            • API String ID: 1599653421-0
                                                            • Opcode ID: fdb9ca1024d52bea92725ba39aca6db4c2a179c5562810e723155950e103e842
                                                            • Instruction ID: b19b9fe110a8e3a19b71523b8f07c7303376f7e529ce4e2630349d6db8241537
                                                            • Opcode Fuzzy Hash: fdb9ca1024d52bea92725ba39aca6db4c2a179c5562810e723155950e103e842
                                                            • Instruction Fuzzy Hash: BBD012E0AA03087EFB0087719C0BEBB339CC356A81F104BA57A02D68C1D9A0DE084170
                                                            Function 0028039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00280704,?,?,00000000,?,00280704,00000000,0000000C), ref: 002803B7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: 2b299a149d817dc198e3aeb862dcb50ae315dc824678065f455597f3040ad6d5
                                                            • Instruction ID: f89cb9bfc7a5260fbaea24308b3e7c4b63897965cae90c2719bf95f09531cf63
                                                            • Opcode Fuzzy Hash: 2b299a149d817dc198e3aeb862dcb50ae315dc824678065f455597f3040ad6d5
                                                            • Instruction Fuzzy Hash: 38D06C3204010DBBDF028F84ED06EDA3BAAFB48714F114000BE1856020C732E821EB90
                                                            Function 00241CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00241CBC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: InfoParametersSystem
                                                            • String ID:
                                                            • API String ID: 3098949447-0
                                                            • Opcode ID: a087178c23ae472bcbb6daee17b9a79b5a850277cdf57a117d5f3ccc59e20326
                                                            • Instruction ID: f925a880f742e51e622195b352f818e4248daac4a4b9b053d39ed71d3d61910d
                                                            • Opcode Fuzzy Hash: a087178c23ae472bcbb6daee17b9a79b5a850277cdf57a117d5f3ccc59e20326
                                                            • Instruction Fuzzy Hash: 55C09B352803059FF6164780BC4EF917759E34CB00F54C501F709655E7C3A11820D650

                                                            Non-executed Functions

                                                            Function 002D9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00259BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00259BB2
                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 002D961A
                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 002D965B
                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 002D969F
                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002D96C9
                                                            • SendMessageW.USER32 ref: 002D96F2
                                                            • GetKeyState.USER32(00000011), ref: 002D978B
                                                            • GetKeyState.USER32(00000009), ref: 002D9798
                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 002D97AE
                                                            • GetKeyState.USER32(00000010), ref: 002D97B8
                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002D97E9
                                                            • SendMessageW.USER32 ref: 002D9810
                                                            • SendMessageW.USER32(?,00001030,?,002D7E95), ref: 002D9918
                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 002D992E
                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 002D9941
                                                            • SetCapture.USER32(?), ref: 002D994A
                                                            • ClientToScreen.USER32(?,?), ref: 002D99AF
                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 002D99BC
                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002D99D6
                                                            • ReleaseCapture.USER32 ref: 002D99E1
                                                            • GetCursorPos.USER32(?), ref: 002D9A19
                                                            • ScreenToClient.USER32(?,?), ref: 002D9A26
                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 002D9A80
                                                            • SendMessageW.USER32 ref: 002D9AAE
                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 002D9AEB
                                                            • SendMessageW.USER32 ref: 002D9B1A
                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 002D9B3B
                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 002D9B4A
                                                            • GetCursorPos.USER32(?), ref: 002D9B68
                                                            • ScreenToClient.USER32(?,?), ref: 002D9B75
                                                            • GetParent.USER32(?), ref: 002D9B93
                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 002D9BFA
                                                            • SendMessageW.USER32 ref: 002D9C2B
                                                            • ClientToScreen.USER32(?,?), ref: 002D9C84
                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 002D9CB4
                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 002D9CDE
                                                            • SendMessageW.USER32 ref: 002D9D01
                                                            • ClientToScreen.USER32(?,?), ref: 002D9D4E
                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 002D9D82
                                                              • Part of subcall function 00259944: GetWindowLongW.USER32(?,000000EB), ref: 00259952
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D9E05
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                            • String ID: @GUI_DRAGID$F$p#1
                                                            • API String ID: 3429851547-3134686647
                                                            • Opcode ID: b2069d38a62eeb2793f148f6b5f0fa93c8b8f48f2010fb243006448023208fab
                                                            • Instruction ID: ad97e8bbb2a8625c3338854da2c3ed27b6555181e311a93e83e57e707d792377
                                                            • Opcode Fuzzy Hash: b2069d38a62eeb2793f148f6b5f0fa93c8b8f48f2010fb243006448023208fab
                                                            • Instruction Fuzzy Hash: 7942A034A25242AFD725CF24CC48AAABBE9FF49310F10461AF659973A1D771DCA0CF91
                                                            Function 002D4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 002D48F3
                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 002D4908
                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 002D4927
                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 002D494B
                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 002D495C
                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 002D497B
                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 002D49AE
                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 002D49D4
                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 002D4A0F
                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 002D4A56
                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 002D4A7E
                                                            • IsMenu.USER32(?), ref: 002D4A97
                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002D4AF2
                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002D4B20
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D4B94
                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 002D4BE3
                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 002D4C82
                                                            • wsprintfW.USER32 ref: 002D4CAE
                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 002D4CC9
                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 002D4CF1
                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 002D4D13
                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 002D4D33
                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 002D4D5A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                            • String ID: %d/%02d/%02d
                                                            • API String ID: 4054740463-328681919
                                                            • Opcode ID: 73554df72c16bfe422e92172df1499c0b5d8f26c295ed25ca32365fa5a084bb7
                                                            • Instruction ID: 2a5d79306e4e3797963835f278fd1af54bea48a0c26dca738a9a348f023954fe
                                                            • Opcode Fuzzy Hash: 73554df72c16bfe422e92172df1499c0b5d8f26c295ed25ca32365fa5a084bb7
                                                            • Instruction Fuzzy Hash: 7212F131920255AFEB29AF24DC49FAE7BF8EF85310F10411AF915EA2E1DBB49D50CB50
                                                            Function 0025F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0025F998
                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0029F474
                                                            • IsIconic.USER32(00000000), ref: 0029F47D
                                                            • ShowWindow.USER32(00000000,00000009), ref: 0029F48A
                                                            • SetForegroundWindow.USER32(00000000), ref: 0029F494
                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0029F4AA
                                                            • GetCurrentThreadId.KERNEL32 ref: 0029F4B1
                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0029F4BD
                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0029F4CE
                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 0029F4D6
                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 0029F4DE
                                                            • SetForegroundWindow.USER32(00000000), ref: 0029F4E1
                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0029F4F6
                                                            • keybd_event.USER32(00000012,00000000), ref: 0029F501
                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0029F50B
                                                            • keybd_event.USER32(00000012,00000000), ref: 0029F510
                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0029F519
                                                            • keybd_event.USER32(00000012,00000000), ref: 0029F51E
                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 0029F528
                                                            • keybd_event.USER32(00000012,00000000), ref: 0029F52D
                                                            • SetForegroundWindow.USER32(00000000), ref: 0029F530
                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 0029F557
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                            • String ID: Shell_TrayWnd
                                                            • API String ID: 4125248594-2988720461
                                                            • Opcode ID: 04fb8b564c5b9797275570bfab6109525aa7f0172ee4dd22be0b1b2ce7d29c0a
                                                            • Instruction ID: 282b4254bf0f37cd559905fab1b0a9a0786f56d1370a14c75b345a27454f2b17
                                                            • Opcode Fuzzy Hash: 04fb8b564c5b9797275570bfab6109525aa7f0172ee4dd22be0b1b2ce7d29c0a
                                                            • Instruction Fuzzy Hash: B9316171E512197AEF606BA56C4AFBF7F6CEB44B50F210066FA04F61D1C6B09D10EAA0
                                                            Function 002A1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 002A170D
                                                              • Part of subcall function 002A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 002A173A
                                                              • Part of subcall function 002A16C3: GetLastError.KERNEL32 ref: 002A174A
                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 002A1286
                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 002A12A8
                                                            • CloseHandle.KERNEL32(?), ref: 002A12B9
                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 002A12D1
                                                            • GetProcessWindowStation.USER32 ref: 002A12EA
                                                            • SetProcessWindowStation.USER32(00000000), ref: 002A12F4
                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 002A1310
                                                              • Part of subcall function 002A10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002A11FC), ref: 002A10D4
                                                              • Part of subcall function 002A10BF: CloseHandle.KERNEL32(?,?,002A11FC), ref: 002A10E9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                            • String ID: $default$winsta0$Z0
                                                            • API String ID: 22674027-3574802224
                                                            • Opcode ID: aada0885513af2198f31df7343adb56845a6171252a8275a984b927ff2e555b9
                                                            • Instruction ID: d88a4c1ec6f4d7198e32db23cc076c316b4cc72003e97fec0a4b914f90241b95
                                                            • Opcode Fuzzy Hash: aada0885513af2198f31df7343adb56845a6171252a8275a984b927ff2e555b9
                                                            • Instruction Fuzzy Hash: 60819D7191124AAFDF219FA8DC49FEE7BB9EF09714F14412AF910A61A0DB708D64CF60
                                                            Function 002A0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 002A1114
                                                              • Part of subcall function 002A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,002A0B9B,?,?,?), ref: 002A1120
                                                              • Part of subcall function 002A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,002A0B9B,?,?,?), ref: 002A112F
                                                              • Part of subcall function 002A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,002A0B9B,?,?,?), ref: 002A1136
                                                              • Part of subcall function 002A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 002A114D
                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 002A0BCC
                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 002A0C00
                                                            • GetLengthSid.ADVAPI32(?), ref: 002A0C17
                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 002A0C51
                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 002A0C6D
                                                            • GetLengthSid.ADVAPI32(?), ref: 002A0C84
                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 002A0C8C
                                                            • HeapAlloc.KERNEL32(00000000), ref: 002A0C93
                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 002A0CB4
                                                            • CopySid.ADVAPI32(00000000), ref: 002A0CBB
                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 002A0CEA
                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 002A0D0C
                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 002A0D1E
                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A0D45
                                                            • HeapFree.KERNEL32(00000000), ref: 002A0D4C
                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A0D55
                                                            • HeapFree.KERNEL32(00000000), ref: 002A0D5C
                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A0D65
                                                            • HeapFree.KERNEL32(00000000), ref: 002A0D6C
                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 002A0D78
                                                            • HeapFree.KERNEL32(00000000), ref: 002A0D7F
                                                              • Part of subcall function 002A1193: GetProcessHeap.KERNEL32(00000008,002A0BB1,?,00000000,?,002A0BB1,?), ref: 002A11A1
                                                              • Part of subcall function 002A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,002A0BB1,?), ref: 002A11A8
                                                              • Part of subcall function 002A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,002A0BB1,?), ref: 002A11B7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                            • String ID:
                                                            • API String ID: 4175595110-0
                                                            • Opcode ID: 818d1f7225ce380ddc7dbeec80ab89b444e95a57d0835e5828a195d598a718bb
                                                            • Instruction ID: 899a31a89818b42a67aa75798a913d0e65743503b59554f0e8fd6b9434ee9cbc
                                                            • Opcode Fuzzy Hash: 818d1f7225ce380ddc7dbeec80ab89b444e95a57d0835e5828a195d598a718bb
                                                            • Instruction Fuzzy Hash: 68719C7290021AEBDF10DFA4EC88FAEBBB9FF05310F144166E914A7190DB71AD15CBA0
                                                            Function 002BEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • OpenClipboard.USER32(002DCC08), ref: 002BEB29
                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 002BEB37
                                                            • GetClipboardData.USER32(0000000D), ref: 002BEB43
                                                            • CloseClipboard.USER32 ref: 002BEB4F
                                                            • GlobalLock.KERNEL32(00000000), ref: 002BEB87
                                                            • CloseClipboard.USER32 ref: 002BEB91
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 002BEBBC
                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 002BEBC9
                                                            • GetClipboardData.USER32(00000001), ref: 002BEBD1
                                                            • GlobalLock.KERNEL32(00000000), ref: 002BEBE2
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 002BEC22
                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 002BEC38
                                                            • GetClipboardData.USER32(0000000F), ref: 002BEC44
                                                            • GlobalLock.KERNEL32(00000000), ref: 002BEC55
                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 002BEC77
                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 002BEC94
                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 002BECD2
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 002BECF3
                                                            • CountClipboardFormats.USER32 ref: 002BED14
                                                            • CloseClipboard.USER32 ref: 002BED59
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                            • String ID:
                                                            • API String ID: 420908878-0
                                                            • Opcode ID: 128454dcc9e9f7be566ecc7803f39455b991b3fa90bb2c68d94714b547f1d9de
                                                            • Instruction ID: 922dd398f314882435d5333d958207a3ba6a8e2b950583f2419950d530798065
                                                            • Opcode Fuzzy Hash: 128454dcc9e9f7be566ecc7803f39455b991b3fa90bb2c68d94714b547f1d9de
                                                            • Instruction Fuzzy Hash: 5D61E1742142039FD704EF24D888FAA77E8BF84744F29451EF856872A2CB71DD55CBA2
                                                            Function 002B698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNEL32(?,?), ref: 002B69BE
                                                            • FindClose.KERNEL32(00000000), ref: 002B6A12
                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 002B6A4E
                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 002B6A75
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 002B6AB2
                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 002B6ADF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                            • API String ID: 3830820486-3289030164
                                                            • Opcode ID: 8b798df7956b828e068a533389093515148e59bb1f1b43a2e779fb671eb86160
                                                            • Instruction ID: b114cba0058f713baefff7335fc61263bd2abba8351c7af8763c5e9d8692a629
                                                            • Opcode Fuzzy Hash: 8b798df7956b828e068a533389093515148e59bb1f1b43a2e779fb671eb86160
                                                            • Instruction Fuzzy Hash: D0D17072518300AEC714EFA4C885EAFB7ECAF88704F44491EF985D7191EB74DA58CB62
                                                            Function 002B9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 002B9663
                                                            • GetFileAttributesW.KERNEL32(?), ref: 002B96A1
                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 002B96BB
                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 002B96D3
                                                            • FindClose.KERNEL32(00000000), ref: 002B96DE
                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 002B96FA
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 002B974A
                                                            • SetCurrentDirectoryW.KERNEL32(00306B7C), ref: 002B9768
                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 002B9772
                                                            • FindClose.KERNEL32(00000000), ref: 002B977F
                                                            • FindClose.KERNEL32(00000000), ref: 002B978F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                            • String ID: *.*
                                                            • API String ID: 1409584000-438819550
                                                            • Opcode ID: 07a8440ef66bf0e2576658974581e77999d549385720633717ecbb822bc930b8
                                                            • Instruction ID: 3d70c78e3078ce7a748372ee41653ea69dcd3d7ab3773a7074c40c7acae06dee
                                                            • Opcode Fuzzy Hash: 07a8440ef66bf0e2576658974581e77999d549385720633717ecbb822bc930b8
                                                            • Instruction Fuzzy Hash: 4831C2B256121A6ADF10AFB5EC4DADE77EC9F09360F204156FA05E21A0EB30DDA0DE50
                                                            Function 002B979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 002B97BE
                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 002B9819
                                                            • FindClose.KERNEL32(00000000), ref: 002B9824
                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 002B9840
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 002B9890
                                                            • SetCurrentDirectoryW.KERNEL32(00306B7C), ref: 002B98AE
                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 002B98B8
                                                            • FindClose.KERNEL32(00000000), ref: 002B98C5
                                                            • FindClose.KERNEL32(00000000), ref: 002B98D5
                                                              • Part of subcall function 002ADAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 002ADB00
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                            • String ID: *.*
                                                            • API String ID: 2640511053-438819550
                                                            • Opcode ID: e7aa63caec47f6e2697ee08c609629bb4319a3184a7d0ff730ecfef2da5ffb46
                                                            • Instruction ID: 2f8ffba55cc70b12516797c002d763a9a206a05053844363f0150a849c4a6e73
                                                            • Opcode Fuzzy Hash: e7aa63caec47f6e2697ee08c609629bb4319a3184a7d0ff730ecfef2da5ffb46
                                                            • Instruction Fuzzy Hash: 1A31C37151161A6ADF10AFB4EC49ADE77AC9F06360F204156EA54A21E0DB31DDE4CE60
                                                            Function 002CBE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002CB6AE,?,?), ref: 002CC9B5
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CC9F1
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CCA68
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CCA9E
                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002CBF3E
                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 002CBFA9
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 002CBFCD
                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 002CC02C
                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 002CC0E7
                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 002CC154
                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 002CC1E9
                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 002CC23A
                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 002CC2E3
                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 002CC382
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 002CC38F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                            • String ID:
                                                            • API String ID: 3102970594-0
                                                            • Opcode ID: c96226d325b515f69b7627fc0cc5d9f932ae30162968c86b8514bf64446a007d
                                                            • Instruction ID: 91f0d39ea3bbe8e442ac485db0f1cc50a2cb722749b8a5fd757b96529921975e
                                                            • Opcode Fuzzy Hash: c96226d325b515f69b7627fc0cc5d9f932ae30162968c86b8514bf64446a007d
                                                            • Instruction Fuzzy Hash: 4A024A716142419FC714CF28C895F2ABBE5AF89318F18C59DF84ACB2A2D731EC55CB52
                                                            Function 002B8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLocalTime.KERNEL32(?), ref: 002B8257
                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 002B8267
                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 002B8273
                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 002B8310
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 002B8324
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 002B8356
                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 002B838C
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 002B8395
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                            • String ID: *.*
                                                            • API String ID: 1464919966-438819550
                                                            • Opcode ID: e7c19192c5a793e6cfe22a4d45398f9f1d67ad37f1eb17f55b26819b425841ba
                                                            • Instruction ID: 4328f19a69add8ba352c30405410afd0d2f7df8d34508150c13f43b82ef6a3a0
                                                            • Opcode Fuzzy Hash: e7c19192c5a793e6cfe22a4d45398f9f1d67ad37f1eb17f55b26819b425841ba
                                                            • Instruction Fuzzy Hash: 0B6189725283469FCB10EF24C8449AEB3ECFF89310F04891AF98987251DB31E965CF92
                                                            Function 002AD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00243AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00243A97,?,?,00242E7F,?,?,?,00000000), ref: 00243AC2
                                                              • Part of subcall function 002AE199: GetFileAttributesW.KERNEL32(?,002ACF95), ref: 002AE19A
                                                            • FindFirstFileW.KERNEL32(?,?), ref: 002AD122
                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 002AD1DD
                                                            • MoveFileW.KERNEL32(?,?), ref: 002AD1F0
                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 002AD20D
                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 002AD237
                                                              • Part of subcall function 002AD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,002AD21C,?,?), ref: 002AD2B2
                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 002AD253
                                                            • FindClose.KERNEL32(00000000), ref: 002AD264
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                            • String ID: \*.*
                                                            • API String ID: 1946585618-1173974218
                                                            • Opcode ID: 2e7af96e7843ef4a10d16f5cb698687022b72d2a61245862f4fdbc7c64b89b3c
                                                            • Instruction ID: 4bf56d9d4f5e8e1554df106404eff8804f1dbaa47a1eafdba432a206dbb0b63d
                                                            • Opcode Fuzzy Hash: 2e7af96e7843ef4a10d16f5cb698687022b72d2a61245862f4fdbc7c64b89b3c
                                                            • Instruction Fuzzy Hash: 07614B3181114E9BCF09EFA4D996AEDB775AF56300F204165E80677192EF306F69CF60
                                                            Function 002BED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                            • String ID:
                                                            • API String ID: 1737998785-0
                                                            • Opcode ID: 5131cf01af36723be50e949ff42f1c003a724640c0e63110228acdaddd25042d
                                                            • Instruction ID: 85002114491661afadccc3d98031124e2e170201c1baad167208fae67dc0990b
                                                            • Opcode Fuzzy Hash: 5131cf01af36723be50e949ff42f1c003a724640c0e63110228acdaddd25042d
                                                            • Instruction Fuzzy Hash: F841EF34615212AFDB10CF15E88CB99BBE8EF44368F25C09AE8258B662C775EC41CBC0
                                                            Function 002AE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002A16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 002A170D
                                                              • Part of subcall function 002A16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 002A173A
                                                              • Part of subcall function 002A16C3: GetLastError.KERNEL32 ref: 002A174A
                                                            • ExitWindowsEx.USER32(?,00000000), ref: 002AE932
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                            • String ID: $ $@$SeShutdownPrivilege
                                                            • API String ID: 2234035333-3163812486
                                                            • Opcode ID: ca7d70bf8b2af0b606fda79901f16c0aba141c6becd09ee173ff23f17eca4ec8
                                                            • Instruction ID: 04c337fd3a5c96999c0ff13d9c2393fbcb18e6ec25e4829ddd27f264edeaff7b
                                                            • Opcode Fuzzy Hash: ca7d70bf8b2af0b606fda79901f16c0aba141c6becd09ee173ff23f17eca4ec8
                                                            • Instruction Fuzzy Hash: B3012B72A30313ABEF142674AC8ABFB725C9B05750F164422FC02E20D1DDA05C6585A0
                                                            Function 002C1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 002C1276
                                                            • WSAGetLastError.WSOCK32 ref: 002C1283
                                                            • bind.WSOCK32(00000000,?,00000010), ref: 002C12BA
                                                            • WSAGetLastError.WSOCK32 ref: 002C12C5
                                                            • closesocket.WSOCK32(00000000), ref: 002C12F4
                                                            • listen.WSOCK32(00000000,00000005), ref: 002C1303
                                                            • WSAGetLastError.WSOCK32 ref: 002C130D
                                                            • closesocket.WSOCK32(00000000), ref: 002C133C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                            • String ID:
                                                            • API String ID: 540024437-0
                                                            • Opcode ID: 74dcc8fa9b9640b3de7feca933cd5fb351b49e4da93f53613929d4ea81638ff1
                                                            • Instruction ID: 8828d83e120475d674a7c4260cbae8e363010da1d6894cc944ef097642cf7781
                                                            • Opcode Fuzzy Hash: 74dcc8fa9b9640b3de7feca933cd5fb351b49e4da93f53613929d4ea81638ff1
                                                            • Instruction Fuzzy Hash: 9241CF34A001519FD710DF24D489F29BBE5AF46318F28828DE8568F297C771EC91CBE1
                                                            Function 002AD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00243AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00243A97,?,?,00242E7F,?,?,?,00000000), ref: 00243AC2
                                                              • Part of subcall function 002AE199: GetFileAttributesW.KERNEL32(?,002ACF95), ref: 002AE19A
                                                            • FindFirstFileW.KERNEL32(?,?), ref: 002AD420
                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 002AD470
                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 002AD481
                                                            • FindClose.KERNEL32(00000000), ref: 002AD498
                                                            • FindClose.KERNEL32(00000000), ref: 002AD4A1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                            • String ID: \*.*
                                                            • API String ID: 2649000838-1173974218
                                                            • Opcode ID: 5a3789acc92819ca28efcf917e7ff8cee61baa65486e0420a59a8278636af630
                                                            • Instruction ID: e97e541613aecb108222a61b829674a6e23b4e584a8a845d1f046eccee982693
                                                            • Opcode Fuzzy Hash: 5a3789acc92819ca28efcf917e7ff8cee61baa65486e0420a59a8278636af630
                                                            • Instruction Fuzzy Hash: 4A31A2310293419FC304EF64D8558AF77A8BE96310F404A1EF4D253191EF30AA29DB63
                                                            Function 0027E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: __floor_pentium4
                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                            • API String ID: 4168288129-2761157908
                                                            • Opcode ID: 00273d55646f6ed5f00e1a88c9585d12d620dab44d21a704e11cc48cba41945b
                                                            • Instruction ID: 8e49df8d201dde37f4ca5e132b07422488c1fc78c6e5f6c17dcf6913aba50653
                                                            • Opcode Fuzzy Hash: 00273d55646f6ed5f00e1a88c9585d12d620dab44d21a704e11cc48cba41945b
                                                            • Instruction Fuzzy Hash: 8CC26B71E282298FDF65CE28DD407EAB7B5EB48304F1581EAD40DE7240E774AE918F50
                                                            Function 002B648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 002B64DC
                                                            • CoInitialize.OLE32(00000000), ref: 002B6639
                                                            • CoCreateInstance.OLE32(002DFCF8,00000000,00000001,002DFB68,?), ref: 002B6650
                                                            • CoUninitialize.OLE32 ref: 002B68D4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                            • String ID: .lnk
                                                            • API String ID: 886957087-24824748
                                                            • Opcode ID: 00cf368e3fa53bc6039a361c65b3a5920f7c9d13e92c4ba3006baf233ac6e206
                                                            • Instruction ID: efc2223aa9e5d84890283776038473f3540a92e86b122751dc5c89fc2171d1fb
                                                            • Opcode Fuzzy Hash: 00cf368e3fa53bc6039a361c65b3a5920f7c9d13e92c4ba3006baf233ac6e206
                                                            • Instruction Fuzzy Hash: D6D17971528201AFC314EF24C885DABB7E8FF88304F50492DF5958B2A1EB31ED59CB92
                                                            Function 002C22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 002C22E8
                                                              • Part of subcall function 002BE4EC: GetWindowRect.USER32(?,?), ref: 002BE504
                                                            • GetDesktopWindow.USER32 ref: 002C2312
                                                            • GetWindowRect.USER32(00000000), ref: 002C2319
                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 002C2355
                                                            • GetCursorPos.USER32(?), ref: 002C2381
                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 002C23DF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                            • String ID:
                                                            • API String ID: 2387181109-0
                                                            • Opcode ID: 9210bfe1df738cf5c21bac8b778cbb7d0917c072b94d4b042a81fc55ac8d1ee6
                                                            • Instruction ID: 9d052021846ebfe7e2f83dda7008f582a0aeb5c9b724dddc655adf273ac46f80
                                                            • Opcode Fuzzy Hash: 9210bfe1df738cf5c21bac8b778cbb7d0917c072b94d4b042a81fc55ac8d1ee6
                                                            • Instruction Fuzzy Hash: AF31ED72505346ABDB20DF14D809F9BBBA9FF84710F100A1EF984A7181DB34EA18CB92
                                                            Function 002B9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 002B9B78
                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 002B9C8B
                                                              • Part of subcall function 002B3874: GetInputState.USER32 ref: 002B38CB
                                                              • Part of subcall function 002B3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002B3966
                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 002B9BA8
                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 002B9C75
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                            • String ID: *.*
                                                            • API String ID: 1972594611-438819550
                                                            • Opcode ID: 19dda9838a590d46d27d1389fa0b7d37c906ae01409a734d1b743fd561ebf61f
                                                            • Instruction ID: 6917067a4a2553dadc098fee06e782c89119da59f2b177e6219539d8e14d2574
                                                            • Opcode Fuzzy Hash: 19dda9838a590d46d27d1389fa0b7d37c906ae01409a734d1b743fd561ebf61f
                                                            • Instruction Fuzzy Hash: DF41837195520A9FDF14DFA4CC89AEE7BB4EF09350F244156E905A3191EB309EE4CFA0
                                                            Function 00248060 Relevance: 8.7, Strings: 6, Instructions: 1151COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • VUUU, xrefs: 0024843C
                                                            • VUUU, xrefs: 002483FA
                                                            • VUUU, xrefs: 002483E8
                                                            • VUUU, xrefs: 00285DF0
                                                            • _______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{, xrefs: 00285D43
                                                            • ERCP, xrefs: 0024813C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU$_______________________________________________________________________________________________________________________________abccccccccdeefghijklmnopqrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstuvwxrstyzzzzzzzzzzzzzzzz{{{{
                                                            • API String ID: 0-2009957334
                                                            • Opcode ID: 2c16bc264b6654522fc90f55816ec1e5d2681dd00300656dff2d936edc58aaa7
                                                            • Instruction ID: d1ed25d79e77831f92de650a6c8411d299202fc4477a7c621ed331baa71f3443
                                                            • Opcode Fuzzy Hash: 2c16bc264b6654522fc90f55816ec1e5d2681dd00300656dff2d936edc58aaa7
                                                            • Instruction Fuzzy Hash: B3A2B274E3122ACBDF28DF58C8447AEB7B1BF54314F2481AAE815A7285DB709DA1CF50
                                                            Function 0025997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00259BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00259BB2
                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00259A4E
                                                            • GetSysColor.USER32(0000000F), ref: 00259B23
                                                            • SetBkColor.GDI32(?,00000000), ref: 00259B36
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Color$LongProcWindow
                                                            • String ID:
                                                            • API String ID: 3131106179-0
                                                            • Opcode ID: 3e4de9c9b3b09382c37cdb4b941f4a0dcdd7dfbe1ebf9af74fe8e1a141d76153
                                                            • Instruction ID: f3a60a76a46414d6c42e155a10d77ee42c38c86eac08c7a57a9074e5b1755783
                                                            • Opcode Fuzzy Hash: 3e4de9c9b3b09382c37cdb4b941f4a0dcdd7dfbe1ebf9af74fe8e1a141d76153
                                                            • Instruction Fuzzy Hash: 4BA16BB0238145FEEB299E3C8C48EFB365DDB46302F14410AFD02C6691CA719DB5C679
                                                            Function 002C1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 002C307A
                                                              • Part of subcall function 002C304E: _wcslen.LIBCMT ref: 002C309B
                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 002C185D
                                                            • WSAGetLastError.WSOCK32 ref: 002C1884
                                                            • bind.WSOCK32(00000000,?,00000010), ref: 002C18DB
                                                            • WSAGetLastError.WSOCK32 ref: 002C18E6
                                                            • closesocket.WSOCK32(00000000), ref: 002C1915
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                            • String ID:
                                                            • API String ID: 1601658205-0
                                                            • Opcode ID: 25f741e3437f0e2e613399037b413671b7420bfbbcb9dd71cb3ad888f1c6fafb
                                                            • Instruction ID: 3b2ef63b70347c9530425269a413d948baee64a6264b309310d9965cba05ba44
                                                            • Opcode Fuzzy Hash: 25f741e3437f0e2e613399037b413671b7420bfbbcb9dd71cb3ad888f1c6fafb
                                                            • Instruction Fuzzy Hash: CB51E471A10210AFEB14EF24C88AF2AB7E5AB45718F14859CF9059F3D3C771AD61CBA1
                                                            Function 002D1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                            • String ID:
                                                            • API String ID: 292994002-0
                                                            • Opcode ID: 1447b7700350f19a17735335fcd79f37096976a91a1bc382b6c1bef8b81f5676
                                                            • Instruction ID: 114ce92f5e5b4139c2fbfd104b4539b79094d3a1925e80389801bb4df27deb88
                                                            • Opcode Fuzzy Hash: 1447b7700350f19a17735335fcd79f37096976a91a1bc382b6c1bef8b81f5676
                                                            • Instruction Fuzzy Hash: 9C212731761202AFD7208F1AD884B2A7BE5EF84310F29805BE846CB751CB71EC62CB91
                                                            Function 002A8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 002A82AA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: lstrlen
                                                            • String ID: ($tb0$|
                                                            • API String ID: 1659193697-3964579587
                                                            • Opcode ID: 2ce19883ead8af416517d04a51f1cdc86b5db23f973c2450705fa46641695498
                                                            • Instruction ID: a1e448307464e8972d3f4db70bfaa648878280633635c63a7a63d8269cdbf2a1
                                                            • Opcode Fuzzy Hash: 2ce19883ead8af416517d04a51f1cdc86b5db23f973c2450705fa46641695498
                                                            • Instruction Fuzzy Hash: D0323774A10606DFCB28CF19C481A6AB7F0FF48710B15C4AEE49ADB3A1EB70E951CB44
                                                            Function 002CA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 002CA6AC
                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 002CA6BA
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • Process32NextW.KERNEL32(00000000,?), ref: 002CA79C
                                                            • CloseHandle.KERNEL32(00000000), ref: 002CA7AB
                                                              • Part of subcall function 0025CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00283303,?), ref: 0025CE8A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                            • String ID:
                                                            • API String ID: 1991900642-0
                                                            • Opcode ID: dac92c9dfbc2d17ef652c231f79aed6a9217bb1e74768e7e0159501e5d4d0473
                                                            • Instruction ID: 995a6d19eb56ab73e7f16f4b2c89ecaefb3a2e2c9ce1d824a9a6993f09a353d3
                                                            • Opcode Fuzzy Hash: dac92c9dfbc2d17ef652c231f79aed6a9217bb1e74768e7e0159501e5d4d0473
                                                            • Instruction Fuzzy Hash: C4514871518311AFD314EF24C886A6BBBE8FF89754F004A1DF98997292EB30D914CF92
                                                            Function 002AAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 002AAAAC
                                                            • SetKeyboardState.USER32(00000080), ref: 002AAAC8
                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 002AAB36
                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 002AAB88
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: KeyboardState$InputMessagePostSend
                                                            • String ID:
                                                            • API String ID: 432972143-0
                                                            • Opcode ID: 38aaabaf9854a8817a4a1f23dfa658fa5d755af8bce1d1ad5864cf497e81d043
                                                            • Instruction ID: b76cbf1d1ac1d68df93ba53cd617fd82224a49cad6190003f756fd66435ba690
                                                            • Opcode Fuzzy Hash: 38aaabaf9854a8817a4a1f23dfa658fa5d755af8bce1d1ad5864cf497e81d043
                                                            • Instruction Fuzzy Hash: DF313930A60209AFEB348F64CC05BFA77A6AF66314F14465BE081521D1DB7489A4C772
                                                            Function 0027BB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 0027BB7F
                                                              • Part of subcall function 002729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000), ref: 002729DE
                                                              • Part of subcall function 002729C8: GetLastError.KERNEL32(00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000,00000000), ref: 002729F0
                                                            • GetTimeZoneInformation.KERNEL32 ref: 0027BB91
                                                            • WideCharToMultiByte.KERNEL32(00000000,?,0031121C,000000FF,?,0000003F,?,?), ref: 0027BC09
                                                            • WideCharToMultiByte.KERNEL32(00000000,?,00311270,000000FF,?,0000003F,?,?,?,0031121C,000000FF,?,0000003F,?,?), ref: 0027BC36
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$ErrorFreeHeapInformationLastTimeZone_free
                                                            • String ID:
                                                            • API String ID: 806657224-0
                                                            • Opcode ID: 53f3224741c146312381cc0724be29aaebbeb4ca6ea004a7270ef6ddb6768b59
                                                            • Instruction ID: 06b7c1b5b66e996d01451f541f65e8eacf897161aa6b854e0d0f5b83f958e9cb
                                                            • Opcode Fuzzy Hash: 53f3224741c146312381cc0724be29aaebbeb4ca6ea004a7270ef6ddb6768b59
                                                            • Instruction Fuzzy Hash: C031CF70914206DFCB13DF68DC80AA9BBB8FF4A310B24C6AEE518D72A1D7709D52CB50
                                                            Function 002BCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 002BCE89
                                                            • GetLastError.KERNEL32(?,00000000), ref: 002BCEEA
                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 002BCEFE
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorEventFileInternetLastRead
                                                            • String ID:
                                                            • API String ID: 234945975-0
                                                            • Opcode ID: 824c277ffe1493b8a04caa6ed1abb9f5b7005e3f0829caa92d8cf0de3f73da72
                                                            • Instruction ID: 7767c348070f83ab635fdb234f878acc030cb4e867d516c74ee9e76b9a09fbc7
                                                            • Opcode Fuzzy Hash: 824c277ffe1493b8a04caa6ed1abb9f5b7005e3f0829caa92d8cf0de3f73da72
                                                            • Instruction Fuzzy Hash: 1F21B0B1910306DBDB20DFA5D948BA777FCEB50394F20441EE54692151E770ED54CB90
                                                            Function 002B5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNEL32(?,?), ref: 002B5CC1
                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 002B5D17
                                                            • FindClose.KERNEL32(?), ref: 002B5D5F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Find$File$CloseFirstNext
                                                            • String ID:
                                                            • API String ID: 3541575487-0
                                                            • Opcode ID: 20733ea301cbcea1f0de0cc2abd1d0ec86f12d2e8c1764584d9570e181d43988
                                                            • Instruction ID: c6517de9d770d7cc603a992b03e96cabf2336568473b96cd49f43b29ec898da4
                                                            • Opcode Fuzzy Hash: 20733ea301cbcea1f0de0cc2abd1d0ec86f12d2e8c1764584d9570e181d43988
                                                            • Instruction Fuzzy Hash: 20518A746146029FC718DF28C498A96B7E4FF49314F24865EE95A8B3A1CB30FD64CF91
                                                            Function 00272622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • IsDebuggerPresent.KERNEL32 ref: 0027271A
                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00272724
                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00272731
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                            • String ID:
                                                            • API String ID: 3906539128-0
                                                            • Opcode ID: 3e1130a38e59bb50f7ed6df0d91c8b868b3398e943e93c032ef1c114b2ec9db7
                                                            • Instruction ID: 41933bd935325a44892ecae3b81f1719046f74a5148415662bb07a28632b8f91
                                                            • Opcode Fuzzy Hash: 3e1130a38e59bb50f7ed6df0d91c8b868b3398e943e93c032ef1c114b2ec9db7
                                                            • Instruction Fuzzy Hash: D131B574D112199BCB21DF68DD8979DB7B8AF08310F5042EAE81CA7261E7309F958F45
                                                            Function 002B51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNEL32(00000001), ref: 002B51DA
                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 002B5238
                                                            • SetErrorMode.KERNEL32(00000000), ref: 002B52A1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$DiskFreeSpace
                                                            • String ID:
                                                            • API String ID: 1682464887-0
                                                            • Opcode ID: 5f7514388b26791c8a2de4f0a6295e11ec3ce4f80080da3d4d35efaa2a8fc32e
                                                            • Instruction ID: 51cf5f78a68cd2f19244a91e70821d01779aaa7ecd0cca70265457b0e5448e2f
                                                            • Opcode Fuzzy Hash: 5f7514388b26791c8a2de4f0a6295e11ec3ce4f80080da3d4d35efaa2a8fc32e
                                                            • Instruction Fuzzy Hash: 05314B75A105199FDB00DF54D888EADBBB4FF49314F148099E805AB362DB31EC56CBA0
                                                            Function 002A16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0025FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00260668
                                                              • Part of subcall function 0025FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00260685
                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 002A170D
                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 002A173A
                                                            • GetLastError.KERNEL32 ref: 002A174A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                            • String ID:
                                                            • API String ID: 577356006-0
                                                            • Opcode ID: b80943dcc757705c09c65b10ef1b274ca77d2dff00309e044e744dd97b196600
                                                            • Instruction ID: 82f709d2aa8e55821c5540838ea81d9b7ac5fe4c5f19028723a3074f5f20883a
                                                            • Opcode Fuzzy Hash: b80943dcc757705c09c65b10ef1b274ca77d2dff00309e044e744dd97b196600
                                                            • Instruction Fuzzy Hash: 381101B2824305AFD7189F54EC8AD6AB7BCEB05721B20802EE44697241EB70BC61CA20
                                                            Function 002AD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 002AD608
                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 002AD645
                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 002AD650
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                            • String ID:
                                                            • API String ID: 33631002-0
                                                            • Opcode ID: f08903f6b5e947f88f7b1adbb94dc4d9559b56147e856ed433077b0f9c873553
                                                            • Instruction ID: 85e78ee7a0f1f83de77361e390ba87711b2f2eb502d886e1d59d308f097c822d
                                                            • Opcode Fuzzy Hash: f08903f6b5e947f88f7b1adbb94dc4d9559b56147e856ed433077b0f9c873553
                                                            • Instruction Fuzzy Hash: 63115E75E05228BFDB148F95EC49FAFBBBCEB45B50F108156F904E7290D6704E058BA1
                                                            Function 002A1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 002A168C
                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 002A16A1
                                                            • FreeSid.ADVAPI32(?), ref: 002A16B1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                            • String ID:
                                                            • API String ID: 3429775523-0
                                                            • Opcode ID: 292a07bd3d2601d6ed794e65dfe870a884d0f2b6d6800d047004c14f35e38855
                                                            • Instruction ID: caac12afe3cb76e5e796cb71971d8fdd8059d28f914da5a1daa8eabf1ba0de64
                                                            • Opcode Fuzzy Hash: 292a07bd3d2601d6ed794e65dfe870a884d0f2b6d6800d047004c14f35e38855
                                                            • Instruction Fuzzy Hash: DEF0F471D5130AFBDF00DFE49C89AAEBBBCEB08705F504565E501E2181E774AA448A50
                                                            Function 00264CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(002728E9,?,00264CBE,002728E9,003088B8,0000000C,00264E15,002728E9,00000002,00000000,?,002728E9), ref: 00264D09
                                                            • TerminateProcess.KERNEL32(00000000,?,00264CBE,002728E9,003088B8,0000000C,00264E15,002728E9,00000002,00000000,?,002728E9), ref: 00264D10
                                                            • ExitProcess.KERNEL32 ref: 00264D22
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Process$CurrentExitTerminate
                                                            • String ID:
                                                            • API String ID: 1703294689-0
                                                            • Opcode ID: dab2ee08bd64e75de3e95a5b3fa355533ced3fd18a76c910477213f1163d56f2
                                                            • Instruction ID: b6c93bbab6672d34064b7fb501bdbfed950360327f7ee62e5f35d117ef95469f
                                                            • Opcode Fuzzy Hash: dab2ee08bd64e75de3e95a5b3fa355533ced3fd18a76c910477213f1163d56f2
                                                            • Instruction Fuzzy Hash: 55E0B631811149ABCF11BF54ED0DA583B69EB45781F208055FC498B122CB35DDA2DA80
                                                            Function 0029D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetUserNameW.ADVAPI32(?,?), ref: 0029D28C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: NameUser
                                                            • String ID: X64
                                                            • API String ID: 2645101109-893830106
                                                            • Opcode ID: 979c4dad2c133c81c43b7994283dfe31f290acc76a6b203165adc7132fd6696b
                                                            • Instruction ID: 617d77accf5b108dbfc5b668ac5e819f3f609b0568b63c06d02e137ac2943998
                                                            • Opcode Fuzzy Hash: 979c4dad2c133c81c43b7994283dfe31f290acc76a6b203165adc7132fd6696b
                                                            • Instruction Fuzzy Hash: B3D0C9B482511DEBCF90CB90EC88DD9B37CBB04306F100152F506A2080D77095489F10
                                                            Function 0026CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                            • Instruction ID: 7349e0d2fa9017ee70976fdfa7be72eea50b7c7cbebab97f272eeaefc7c011f6
                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                            • Instruction Fuzzy Hash: FF024C71E102199FDF14DFA9C8806ADFBF5EF88324F25816AD859E7380D731AA518B90
                                                            Function 0024CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Variable is not of type 'Object'.$p#1
                                                            • API String ID: 0-898839
                                                            • Opcode ID: 58c12a04338b7136fde3266f33f66ae9a240b02ec598a1fe2858914a6e10c46a
                                                            • Instruction ID: 35df66dd97cd1faf7017d8c60e0b12ed2596a4efc896f946b154c0182e8c8548
                                                            • Opcode Fuzzy Hash: 58c12a04338b7136fde3266f33f66ae9a240b02ec598a1fe2858914a6e10c46a
                                                            • Instruction Fuzzy Hash: 1D329D70921219DFCF58DF98C881AEDB7B5FF05304F24406AE806AB292D775AD69CF60
                                                            Function 002B68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNEL32(?,?), ref: 002B6918
                                                            • FindClose.KERNEL32(00000000), ref: 002B6961
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Find$CloseFileFirst
                                                            • String ID:
                                                            • API String ID: 2295610775-0
                                                            • Opcode ID: 3219271c1a8b84bda28c3cbdd2757a365b7d277811b945aad859f05981d04c01
                                                            • Instruction ID: 646eab269eaeafd0666d6c1718d3842cdcd8429df366109b7f4aa2a48d67348a
                                                            • Opcode Fuzzy Hash: 3219271c1a8b84bda28c3cbdd2757a365b7d277811b945aad859f05981d04c01
                                                            • Instruction Fuzzy Hash: 6C11E2316146019FC714CF29D488A16BBE0FF84328F14C69AF8698F7A2C734EC05CB90
                                                            Function 002B37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,002C4891,?,?,00000035,?), ref: 002B37E4
                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,002C4891,?,?,00000035,?), ref: 002B37F4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorFormatLastMessage
                                                            • String ID:
                                                            • API String ID: 3479602957-0
                                                            • Opcode ID: fe54539bd391e493a20298bf5f2637e4fc37a578e3123ff8014f20000212d89e
                                                            • Instruction ID: 746301206182becf54cd85fb87c48c27c1c1d19b41fb2b88cd954daf89c28896
                                                            • Opcode Fuzzy Hash: fe54539bd391e493a20298bf5f2637e4fc37a578e3123ff8014f20000212d89e
                                                            • Instruction Fuzzy Hash: BAF0E5B0A153296AE72067669C4DFEB7BAEEFC47A1F000266F509D22C1D9609D44CBB0
                                                            Function 002AB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 002AB25D
                                                            • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 002AB270
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: InputSendkeybd_event
                                                            • String ID:
                                                            • API String ID: 3536248340-0
                                                            • Opcode ID: c74e9d3a8a79a4bd9a6d1867dc140b539dd0a6f9ba81192db48dcbd400c92253
                                                            • Instruction ID: 92768f56f7aa9f920f4124daac1d2abda406fc6cfd8ff3a465405348ba5da374
                                                            • Opcode Fuzzy Hash: c74e9d3a8a79a4bd9a6d1867dc140b539dd0a6f9ba81192db48dcbd400c92253
                                                            • Instruction Fuzzy Hash: 51F01D7181424EABDB059FA0D805BAE7BB4FF05305F10804AF955A5192C7798611DF94
                                                            Function 002A10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,002A11FC), ref: 002A10D4
                                                            • CloseHandle.KERNEL32(?,?,002A11FC), ref: 002A10E9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                            • String ID:
                                                            • API String ID: 81990902-0
                                                            • Opcode ID: 7a8ebe3e83eb721772ac243df23d2f64fb8da96c46d1f3d8cdc425523ee086e1
                                                            • Instruction ID: 28563974e38b931c9745736aca1bb52ae58d6825acefda3ef26bb97330a5523d
                                                            • Opcode Fuzzy Hash: 7a8ebe3e83eb721772ac243df23d2f64fb8da96c46d1f3d8cdc425523ee086e1
                                                            • Instruction Fuzzy Hash: 48E04F32029601AFE7652B11FC0AE7377A9EB04321F20882EF8A5804B1DB726CA0DF14
                                                            Function 0027676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00276766,?,?,00000008,?,?,0027FEFE,00000000), ref: 00276998
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ExceptionRaise
                                                            • String ID:
                                                            • API String ID: 3997070919-0
                                                            • Opcode ID: 117418d4e5c80f0bba3c19ba9325514697dab5b918c9cf40b08b15a256349cd6
                                                            • Instruction ID: b7c2673f31a8d215d9feb3c092f64404ec8f45be6a0faffe3af9ebd62c42e6ac
                                                            • Opcode Fuzzy Hash: 117418d4e5c80f0bba3c19ba9325514697dab5b918c9cf40b08b15a256349cd6
                                                            • Instruction Fuzzy Hash: 6FB13B31520A0ADFD719CF28C48AB657BA0FF45364F25C658E99DCF2A2C335D9A5CB40
                                                            Function 0025B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: 1ee4a1422a3afb55b132fc5d7f80299b241249acd9bf2a40d5327768d7c72eba
                                                            • Instruction ID: 7871972ed6bd10af974f6a6db6c6e5979e892d8861552e5fb43e47a0a7b8b36b
                                                            • Opcode Fuzzy Hash: 1ee4a1422a3afb55b132fc5d7f80299b241249acd9bf2a40d5327768d7c72eba
                                                            • Instruction Fuzzy Hash: 3F126071D202299BCF25CF58C880AEEB7B5FF48310F14819AE809EB251DB709E95CF94
                                                            Function 002BEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • BlockInput.USER32(00000001), ref: 002BEABD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: BlockInput
                                                            • String ID:
                                                            • API String ID: 3456056419-0
                                                            • Opcode ID: 49cfdffdea2662b4d767e20f9e96e93c087a56f06d5d49479223503475c3a95b
                                                            • Instruction ID: 732497e3924fbe48108e5d05e8a7a0976d69e3ec2b2d8a31f716d615113b9899
                                                            • Opcode Fuzzy Hash: 49cfdffdea2662b4d767e20f9e96e93c087a56f06d5d49479223503475c3a95b
                                                            • Instruction Fuzzy Hash: A9E01A312202059FC710EF69D804E9AF7EDAF987A0F118416FC49C72A1DAB0E8508B90
                                                            Function 002609D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,002603EE), ref: 002609DA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ExceptionFilterUnhandled
                                                            • String ID:
                                                            • API String ID: 3192549508-0
                                                            • Opcode ID: 2c21c9c4c20be1d4eed60c1e24a07efa78e90a025a2961f6c3c1080a68d4b0d9
                                                            • Instruction ID: 8b11c38e3d0a17bb2a1ece8fc743c33d890d05789656ca21cd4c0011178c2a36
                                                            • Opcode Fuzzy Hash: 2c21c9c4c20be1d4eed60c1e24a07efa78e90a025a2961f6c3c1080a68d4b0d9
                                                            • Instruction Fuzzy Hash:
                                                            Function 0026781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0
                                                            • API String ID: 0-4108050209
                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                            • Instruction ID: ba4db146812c66858b9197be909b8f4d38efb7b1e85036c78b86645c74708d14
                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                            • Instruction Fuzzy Hash: F451997163D7075BDB388D78A85D7BE23D99B0230CF280A19D882C7282C655EEF1E752
                                                            Function 002B2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 0&1
                                                            • API String ID: 0-1227538332
                                                            • Opcode ID: cb2c13427466dd93448d7849a4e81cbdf6f3598fdefa00d42100af132aadfc5b
                                                            • Instruction ID: e1bbf0b967ac02264c35c10aa4133e45fd20b7960b5340721c10b9a660a92e1f
                                                            • Opcode Fuzzy Hash: cb2c13427466dd93448d7849a4e81cbdf6f3598fdefa00d42100af132aadfc5b
                                                            • Instruction Fuzzy Hash: 8721BB326206158BD728CF79C8136BE73E9A764310F158A2EE4A7C37D0DE75A944CB80
                                                            Function 00276DD9 Relevance: .6, Instructions: 637COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 90fe0bd464859253061b2b2a17350a1ad738344b38e30211671843bbf800bc1e
                                                            • Instruction ID: 4de77f8ae159748ea3812fdd99be6f5b8e691a96135619502f6a0cc2d5b2bb67
                                                            • Opcode Fuzzy Hash: 90fe0bd464859253061b2b2a17350a1ad738344b38e30211671843bbf800bc1e
                                                            • Instruction Fuzzy Hash: 04322122D79F414DD7239634DC66336A64DAFB73C5F15C727E81AB99A6EB38C4834100
                                                            Function 0025CC39 Relevance: .6, Instructions: 635COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6b5b0342310cbb566eb602a3bec833cc7a6d8f38144686c787b4235e43bb93b0
                                                            • Instruction ID: e8861a333a48096917782079f2e7875cb75987da06d4436e3efff2e2374f2e38
                                                            • Opcode Fuzzy Hash: 6b5b0342310cbb566eb602a3bec833cc7a6d8f38144686c787b4235e43bb93b0
                                                            • Instruction Fuzzy Hash: F6323A31A342468FDF28CF28C4A467D7BA5EB45315F38816BD85ACB2A1E330DDA5DB50
                                                            Function 00247920 Relevance: .6, Instructions: 563COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 845b962ff6a91fdc875833bc77cfb4b0fc2270289b6b934703f960216ca474d9
                                                            • Instruction ID: 3c697b5b4c586253e06fb89530d9a0723c441208fb0307bbe530748fa6eb87cb
                                                            • Opcode Fuzzy Hash: 845b962ff6a91fdc875833bc77cfb4b0fc2270289b6b934703f960216ca474d9
                                                            • Instruction Fuzzy Hash: EB22D270A2061ADFDF18DF64C981AAEB7F5FF48300F104569E816E7291EB369D64CB50
                                                            Function 002491C0 Relevance: .5, Instructions: 475COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b5e884a1d203657d05f4fbc574ca8129efd3a560a8038add99588ce4df95c44
                                                            • Instruction ID: 1ed2283b27b970e89c89d80bc6c5c6d0e693abf3d4e5af7e6fa57c4c58581602
                                                            • Opcode Fuzzy Hash: 2b5e884a1d203657d05f4fbc574ca8129efd3a560a8038add99588ce4df95c44
                                                            • Instruction Fuzzy Hash: 8302E7B1E21106EBDF04EF54D881AAEB7B5FF44300F118169E8069B2D0EB71AA74CF85
                                                            Function 00279EEE Relevance: .3, Instructions: 294COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e8cc69c422d3198ebcb429dae8508cbf69f4c477f0002ac4b79067da6080eccc
                                                            • Instruction ID: 559f0ce36341187a54c63e21ffa1efbfc7b1f7621281b198f57b2e766ed7bad8
                                                            • Opcode Fuzzy Hash: e8cc69c422d3198ebcb429dae8508cbf69f4c477f0002ac4b79067da6080eccc
                                                            • Instruction Fuzzy Hash: 98B12620D6AF804DC72396399879336B75C6FBB2D6F51D35BFC1A79D22EB2185834180
                                                            Function 00261C77 Relevance: .3, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                            • Instruction ID: 5314cdc1b59f00130e8ded721336205c0b80cdfcc304c088bd61d9da33937680
                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                            • Instruction Fuzzy Hash: 519168725290E34ADB2D4A3E857407DFFE15A523A131E079ED4F2CA1C5FE14E9B4E620
                                                            Function 002619B0 Relevance: .2, Instructions: 240COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                            • Instruction ID: ded87375bc1bb74b0d64074005b7e9eb9a8f983866276d71d080a50218818197
                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                            • Instruction Fuzzy Hash: 0B9156722290E34DDB6D4A7A857403DFFE15A923A631D079ED4F2CA1C1FD14E9B4E620
                                                            Function 00267A4A Relevance: .2, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b6ede07eaf1f7182858cfc656dff08ec63f852b44c393883d5eb1e13d938d2ca
                                                            • Instruction ID: 8681af4440a9000566200c7f56e1f4443818f5439fec50c81408aef2c48cb92e
                                                            • Opcode Fuzzy Hash: b6ede07eaf1f7182858cfc656dff08ec63f852b44c393883d5eb1e13d938d2ca
                                                            • Instruction Fuzzy Hash: 2661893123834B96DE349E68BCA5BBE6394DF4170CF200A1AE842DB2C1DA519EF2C755
                                                            Function 00267CA7 Relevance: .2, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0e58f2a8320bdcad82901337581e7c54072dff703be7a4b10ef24bfdcbf6ceb7
                                                            • Instruction ID: a3fc5c74767d7623fc24cc54a41a9b587f87f76a43b3c910ff0146e7e1be391b
                                                            • Opcode Fuzzy Hash: 0e58f2a8320bdcad82901337581e7c54072dff703be7a4b10ef24bfdcbf6ceb7
                                                            • Instruction Fuzzy Hash: 15618C3123874B52DA388E287895BBF23889F4270CF200D5AE942CB281EB529DF58755
                                                            Function 00261706 Relevance: .2, Instructions: 232COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                            • Instruction ID: 34dcf872c8bb71b5474d82937a54c9c3bb190e797793ca1a9b3cb7c63c889c82
                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                            • Instruction Fuzzy Hash: 78816A725290E34DEB5E4A3A857443EFFE15A923A131E079DD4F2CB1C1EE14E5B4E620
                                                            Function 0025D065 Relevance: .2, Instructions: 170COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: df3dd8c3f31dfd8ba44d28b882ce1e044cd7b3a4127e0e1e4396052ee00ab04e
                                                            • Instruction ID: 2e03f12626244708893e59a5f0ffd18689b46f3689d4e696ca198f6716780b9d
                                                            • Opcode Fuzzy Hash: df3dd8c3f31dfd8ba44d28b882ce1e044cd7b3a4127e0e1e4396052ee00ab04e
                                                            • Instruction Fuzzy Hash: F661187284FBC19FC7074B35886A044BF70EE6761432D4AEFC0808B1A7E7A6149ADF56
                                                            Function 002C2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteObject.GDI32(00000000), ref: 002C2B30
                                                            • DeleteObject.GDI32(00000000), ref: 002C2B43
                                                            • DestroyWindow.USER32 ref: 002C2B52
                                                            • GetDesktopWindow.USER32 ref: 002C2B6D
                                                            • GetWindowRect.USER32(00000000), ref: 002C2B74
                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 002C2CA3
                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 002C2CB1
                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002C2CF8
                                                            • GetClientRect.USER32(00000000,?), ref: 002C2D04
                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 002C2D40
                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002C2D62
                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002C2D75
                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002C2D80
                                                            • GlobalLock.KERNEL32(00000000), ref: 002C2D89
                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002C2D98
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 002C2DA1
                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002C2DA8
                                                            • GlobalFree.KERNEL32(00000000), ref: 002C2DB3
                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002C2DC5
                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,002DFC38,00000000), ref: 002C2DDB
                                                            • GlobalFree.KERNEL32(00000000), ref: 002C2DEB
                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 002C2E11
                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 002C2E30
                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002C2E52
                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 002C303F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                            • API String ID: 2211948467-2373415609
                                                            • Opcode ID: 009e7511cd5f3d7cb104d5eaff393a945d38d58dc004f9501551044df845a890
                                                            • Instruction ID: fd976612da15ae1789ddaaae4016e031a28f6f8b7529b55d0ce954899c30d4db
                                                            • Opcode Fuzzy Hash: 009e7511cd5f3d7cb104d5eaff393a945d38d58dc004f9501551044df845a890
                                                            • Instruction Fuzzy Hash: 1D026A75910215EFDB14DF64DC89EAEBBB9EB48710F108619F915AB2A0CB70ED10CF60
                                                            Function 002D70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetTextColor.GDI32(?,00000000), ref: 002D712F
                                                            • GetSysColorBrush.USER32(0000000F), ref: 002D7160
                                                            • GetSysColor.USER32(0000000F), ref: 002D716C
                                                            • SetBkColor.GDI32(?,000000FF), ref: 002D7186
                                                            • SelectObject.GDI32(?,?), ref: 002D7195
                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 002D71C0
                                                            • GetSysColor.USER32(00000010), ref: 002D71C8
                                                            • CreateSolidBrush.GDI32(00000000), ref: 002D71CF
                                                            • FrameRect.USER32(?,?,00000000), ref: 002D71DE
                                                            • DeleteObject.GDI32(00000000), ref: 002D71E5
                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 002D7230
                                                            • FillRect.USER32(?,?,?), ref: 002D7262
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D7284
                                                              • Part of subcall function 002D73E8: GetSysColor.USER32(00000012), ref: 002D7421
                                                              • Part of subcall function 002D73E8: SetTextColor.GDI32(?,?), ref: 002D7425
                                                              • Part of subcall function 002D73E8: GetSysColorBrush.USER32(0000000F), ref: 002D743B
                                                              • Part of subcall function 002D73E8: GetSysColor.USER32(0000000F), ref: 002D7446
                                                              • Part of subcall function 002D73E8: GetSysColor.USER32(00000011), ref: 002D7463
                                                              • Part of subcall function 002D73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 002D7471
                                                              • Part of subcall function 002D73E8: SelectObject.GDI32(?,00000000), ref: 002D7482
                                                              • Part of subcall function 002D73E8: SetBkColor.GDI32(?,00000000), ref: 002D748B
                                                              • Part of subcall function 002D73E8: SelectObject.GDI32(?,?), ref: 002D7498
                                                              • Part of subcall function 002D73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 002D74B7
                                                              • Part of subcall function 002D73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002D74CE
                                                              • Part of subcall function 002D73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 002D74DB
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                            • String ID:
                                                            • API String ID: 4124339563-0
                                                            • Opcode ID: b9fb5501098f219fd4d895e0a02edcd85b8eda8f9c39a251c0c42b9fcb005068
                                                            • Instruction ID: 996c72dd3a174cf262b053f774a7fd74951bbc84a2e4e96cfea4fa8986bf575e
                                                            • Opcode Fuzzy Hash: b9fb5501098f219fd4d895e0a02edcd85b8eda8f9c39a251c0c42b9fcb005068
                                                            • Instruction Fuzzy Hash: F1A1B272419312AFDB009F60EC4CA5BBBA9FB48321F204B1AF966961E0D774ED54CB51
                                                            Function 00258D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DestroyWindow.USER32(?,?), ref: 00258E14
                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00296AC5
                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00296AFE
                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00296F43
                                                              • Part of subcall function 00258F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00258BE8,?,00000000,?,?,?,?,00258BBA,00000000,?), ref: 00258FC5
                                                            • SendMessageW.USER32(?,00001053), ref: 00296F7F
                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00296F96
                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00296FAC
                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00296FB7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                            • String ID: 0
                                                            • API String ID: 2760611726-4108050209
                                                            • Opcode ID: b83563d4b5b33dce06da03c486b0d90ce1b11983dfb4e5a8850629f74f0057e1
                                                            • Instruction ID: bdeb7e6ff1683c501fa65a40c080ffbf88fee2058cf016227e9ca46086bccc37
                                                            • Opcode Fuzzy Hash: b83563d4b5b33dce06da03c486b0d90ce1b11983dfb4e5a8850629f74f0057e1
                                                            • Instruction Fuzzy Hash: CF12CB30621202DFCB25CF24D859BAAB7F5FB48301F148069F999AB661CB71EC65CF91
                                                            Function 002C2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DestroyWindow.USER32(00000000), ref: 002C273E
                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 002C286A
                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 002C28A9
                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 002C28B9
                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 002C2900
                                                            • GetClientRect.USER32(00000000,?), ref: 002C290C
                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 002C2955
                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 002C2964
                                                            • GetStockObject.GDI32(00000011), ref: 002C2974
                                                            • SelectObject.GDI32(00000000,00000000), ref: 002C2978
                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 002C2988
                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002C2991
                                                            • DeleteDC.GDI32(00000000), ref: 002C299A
                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 002C29C6
                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 002C29DD
                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 002C2A1D
                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 002C2A31
                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 002C2A42
                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 002C2A77
                                                            • GetStockObject.GDI32(00000011), ref: 002C2A82
                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 002C2A8D
                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 002C2A97
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                            • API String ID: 2910397461-517079104
                                                            • Opcode ID: 647f028ac6d67e8221954a21521ea9c7d86a5261120840905d9a74ebfbaa2a6e
                                                            • Instruction ID: cc1dbbf369e26e716ce8f243dc3277085e917c00077f74ccd95cd77c64b8ad53
                                                            • Opcode Fuzzy Hash: 647f028ac6d67e8221954a21521ea9c7d86a5261120840905d9a74ebfbaa2a6e
                                                            • Instruction Fuzzy Hash: 44B17075A50215AFEB14DF68DC49FAEBBA9EB08710F108615FA14E7290DB70ED50CFA0
                                                            Function 002B4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNEL32(00000001), ref: 002B4AED
                                                            • GetDriveTypeW.KERNEL32(?,002DCB68,?,\\.\,002DCC08), ref: 002B4BCA
                                                            • SetErrorMode.KERNEL32(00000000,002DCB68,?,\\.\,002DCC08), ref: 002B4D36
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$DriveType
                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                            • API String ID: 2907320926-4222207086
                                                            • Opcode ID: 2768ba8b04305b2f540b511ac84b81910adb0d94353f09b28877dbfa886a1e8a
                                                            • Instruction ID: 6c8e85c21e9dd0f83926b7c67b2b9aee742e5eec1984153de218f25c38dd20c0
                                                            • Opcode Fuzzy Hash: 2768ba8b04305b2f540b511ac84b81910adb0d94353f09b28877dbfa886a1e8a
                                                            • Instruction Fuzzy Hash: CA61E4306361069BCB09FF24C9D29FD7BA0AB04B84B208517F806AB697DB71DD75DB41
                                                            Function 002D73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetSysColor.USER32(00000012), ref: 002D7421
                                                            • SetTextColor.GDI32(?,?), ref: 002D7425
                                                            • GetSysColorBrush.USER32(0000000F), ref: 002D743B
                                                            • GetSysColor.USER32(0000000F), ref: 002D7446
                                                            • CreateSolidBrush.GDI32(?), ref: 002D744B
                                                            • GetSysColor.USER32(00000011), ref: 002D7463
                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 002D7471
                                                            • SelectObject.GDI32(?,00000000), ref: 002D7482
                                                            • SetBkColor.GDI32(?,00000000), ref: 002D748B
                                                            • SelectObject.GDI32(?,?), ref: 002D7498
                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 002D74B7
                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 002D74CE
                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 002D74DB
                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 002D752A
                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 002D7554
                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 002D7572
                                                            • DrawFocusRect.USER32(?,?), ref: 002D757D
                                                            • GetSysColor.USER32(00000011), ref: 002D758E
                                                            • SetTextColor.GDI32(?,00000000), ref: 002D7596
                                                            • DrawTextW.USER32(?,002D70F5,000000FF,?,00000000), ref: 002D75A8
                                                            • SelectObject.GDI32(?,?), ref: 002D75BF
                                                            • DeleteObject.GDI32(?), ref: 002D75CA
                                                            • SelectObject.GDI32(?,?), ref: 002D75D0
                                                            • DeleteObject.GDI32(?), ref: 002D75D5
                                                            • SetTextColor.GDI32(?,?), ref: 002D75DB
                                                            • SetBkColor.GDI32(?,?), ref: 002D75E5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                            • String ID:
                                                            • API String ID: 1996641542-0
                                                            • Opcode ID: 1e899a1041888c8a79e3bd699ca9ea23f6dc723a1363f8c9d3b937a1c6e3c6e9
                                                            • Instruction ID: 3b968940fb93ebcf850aefd4fc36dc34e16b4e552f9bde422b923794a506344b
                                                            • Opcode Fuzzy Hash: 1e899a1041888c8a79e3bd699ca9ea23f6dc723a1363f8c9d3b937a1c6e3c6e9
                                                            • Instruction Fuzzy Hash: 11614F72D01219AFDF019FA4EC49AAEBF79EB08320F218116F915BB2A1D7749D50CF90
                                                            Function 002D0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCursorPos.USER32(?), ref: 002D1128
                                                            • GetDesktopWindow.USER32 ref: 002D113D
                                                            • GetWindowRect.USER32(00000000), ref: 002D1144
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D1199
                                                            • DestroyWindow.USER32(?), ref: 002D11B9
                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 002D11ED
                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002D120B
                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 002D121D
                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 002D1232
                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 002D1245
                                                            • IsWindowVisible.USER32(00000000), ref: 002D12A1
                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 002D12BC
                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 002D12D0
                                                            • GetWindowRect.USER32(00000000,?), ref: 002D12E8
                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 002D130E
                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 002D1328
                                                            • CopyRect.USER32(?,?), ref: 002D133F
                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 002D13AA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                            • String ID: ($0$tooltips_class32
                                                            • API String ID: 698492251-4156429822
                                                            • Opcode ID: 2196f4d7d2ba7687c62c1b74ee463bcd6c0de2f010e1f3f297e59a4e96062ace
                                                            • Instruction ID: ce7acfb7a2a19b40a903c229e4eccc8be0117943973750dda041cd51d37a4299
                                                            • Opcode Fuzzy Hash: 2196f4d7d2ba7687c62c1b74ee463bcd6c0de2f010e1f3f297e59a4e96062ace
                                                            • Instruction Fuzzy Hash: F5B19C71618341AFD704DF64D888B6ABBE4FF84310F00891AF9999B2A1C771EC64CF91
                                                            Function 00258891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00258968
                                                            • GetSystemMetrics.USER32(00000007), ref: 00258970
                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0025899B
                                                            • GetSystemMetrics.USER32(00000008), ref: 002589A3
                                                            • GetSystemMetrics.USER32(00000004), ref: 002589C8
                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 002589E5
                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 002589F5
                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00258A28
                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00258A3C
                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00258A5A
                                                            • GetStockObject.GDI32(00000011), ref: 00258A76
                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00258A81
                                                              • Part of subcall function 0025912D: GetCursorPos.USER32(?), ref: 00259141
                                                              • Part of subcall function 0025912D: ScreenToClient.USER32(00000000,?), ref: 0025915E
                                                              • Part of subcall function 0025912D: GetAsyncKeyState.USER32(00000001), ref: 00259183
                                                              • Part of subcall function 0025912D: GetAsyncKeyState.USER32(00000002), ref: 0025919D
                                                            • SetTimer.USER32(00000000,00000000,00000028,002590FC), ref: 00258AA8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                            • String ID: AutoIt v3 GUI
                                                            • API String ID: 1458621304-248962490
                                                            • Opcode ID: 8f1b785841ba5eddd852a86dc4b9909e7e8bfc0ed4dff0b4107cf71481824eb8
                                                            • Instruction ID: bae7866d3f0f4a6bb9d1ace0a49df4b0d97220e94e38aa9e2a856846b3f2e347
                                                            • Opcode Fuzzy Hash: 8f1b785841ba5eddd852a86dc4b9909e7e8bfc0ed4dff0b4107cf71481824eb8
                                                            • Instruction Fuzzy Hash: B8B15935A1020A9FDF14DFA8DC49BEA7BB5FB48315F10822AFA15A7290DB70E851CF54
                                                            Function 002A0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002A10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 002A1114
                                                              • Part of subcall function 002A10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,002A0B9B,?,?,?), ref: 002A1120
                                                              • Part of subcall function 002A10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,002A0B9B,?,?,?), ref: 002A112F
                                                              • Part of subcall function 002A10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,002A0B9B,?,?,?), ref: 002A1136
                                                              • Part of subcall function 002A10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 002A114D
                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 002A0DF5
                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 002A0E29
                                                            • GetLengthSid.ADVAPI32(?), ref: 002A0E40
                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 002A0E7A
                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 002A0E96
                                                            • GetLengthSid.ADVAPI32(?), ref: 002A0EAD
                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 002A0EB5
                                                            • HeapAlloc.KERNEL32(00000000), ref: 002A0EBC
                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 002A0EDD
                                                            • CopySid.ADVAPI32(00000000), ref: 002A0EE4
                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 002A0F13
                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 002A0F35
                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 002A0F47
                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A0F6E
                                                            • HeapFree.KERNEL32(00000000), ref: 002A0F75
                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A0F7E
                                                            • HeapFree.KERNEL32(00000000), ref: 002A0F85
                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A0F8E
                                                            • HeapFree.KERNEL32(00000000), ref: 002A0F95
                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 002A0FA1
                                                            • HeapFree.KERNEL32(00000000), ref: 002A0FA8
                                                              • Part of subcall function 002A1193: GetProcessHeap.KERNEL32(00000008,002A0BB1,?,00000000,?,002A0BB1,?), ref: 002A11A1
                                                              • Part of subcall function 002A1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,002A0BB1,?), ref: 002A11A8
                                                              • Part of subcall function 002A1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,002A0BB1,?), ref: 002A11B7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                            • String ID:
                                                            • API String ID: 4175595110-0
                                                            • Opcode ID: 263e64bf15522222cb9a703c21a46009ba7ddfd818ecf8e86238e75b85b338fa
                                                            • Instruction ID: 49485eab4e9d87c16426b72bf6794ffd8ad06edfd0e063704b9cce84f7561fb5
                                                            • Opcode Fuzzy Hash: 263e64bf15522222cb9a703c21a46009ba7ddfd818ecf8e86238e75b85b338fa
                                                            • Instruction Fuzzy Hash: 75716D7191121AEFDF209FA4EC88BAEBBB8BF05311F144126F919F6191DB31AD15CB60
                                                            Function 002CC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002CC4BD
                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,002DCC08,00000000,?,00000000,?,?), ref: 002CC544
                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 002CC5A4
                                                            • _wcslen.LIBCMT ref: 002CC5F4
                                                            • _wcslen.LIBCMT ref: 002CC66F
                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 002CC6B2
                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 002CC7C1
                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 002CC84D
                                                            • RegCloseKey.ADVAPI32(?), ref: 002CC881
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 002CC88E
                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 002CC960
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                            • API String ID: 9721498-966354055
                                                            • Opcode ID: 2479af927b6a7de8b8f34c41ddc3025e6e79655dc9e1d06ca1ec9278ad45117b
                                                            • Instruction ID: 08b1c55822a15c83ccde23ebd62e6e98a56148ce556034c27417a4d8cc401e8e
                                                            • Opcode Fuzzy Hash: 2479af927b6a7de8b8f34c41ddc3025e6e79655dc9e1d06ca1ec9278ad45117b
                                                            • Instruction Fuzzy Hash: CF1246356242019FCB19DF14C891F2AB7E5EF88714F24895DF89A9B2A2DB31EC51CF81
                                                            Function 002D091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CharUpperBuffW.USER32(?,?), ref: 002D09C6
                                                            • _wcslen.LIBCMT ref: 002D0A01
                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 002D0A54
                                                            • _wcslen.LIBCMT ref: 002D0A8A
                                                            • _wcslen.LIBCMT ref: 002D0B06
                                                            • _wcslen.LIBCMT ref: 002D0B81
                                                              • Part of subcall function 0025F9F2: _wcslen.LIBCMT ref: 0025F9FD
                                                              • Part of subcall function 002A2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 002A2BFA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                            • API String ID: 1103490817-4258414348
                                                            • Opcode ID: f362835b7d6ecb1edac184eae7e26bcd4bf945f2bd3034055c20167321c6105a
                                                            • Instruction ID: 6796b74d7f3de8d974c84c437f9c7b197a60a0a21d2d88fd2fabc3e5004ae015
                                                            • Opcode Fuzzy Hash: f362835b7d6ecb1edac184eae7e26bcd4bf945f2bd3034055c20167321c6105a
                                                            • Instruction Fuzzy Hash: 3EE1AF356287028FC714DF24C490A2AB7E2FF98314F11495EF8969B3A2D731ED69CB81
                                                            Function 002CC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$BuffCharUpper
                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                            • API String ID: 1256254125-909552448
                                                            • Opcode ID: 74f2c1ccd5049c8a9c38a5a19aa6e8c1ba63113d0406fd955b8b241a26536d18
                                                            • Instruction ID: 1b26c36bccca7a06dfb47dbe8d00eb6bd76062443b517d0f9eeac0f2642118c4
                                                            • Opcode Fuzzy Hash: 74f2c1ccd5049c8a9c38a5a19aa6e8c1ba63113d0406fd955b8b241a26536d18
                                                            • Instruction Fuzzy Hash: 1871E432A3056B8BCB20DE7CCD51FBA3391AB60754B31062DF85E97284E631DDA5C7A0
                                                            Function 002D833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 002D835A
                                                            • _wcslen.LIBCMT ref: 002D836E
                                                            • _wcslen.LIBCMT ref: 002D8391
                                                            • _wcslen.LIBCMT ref: 002D83B4
                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 002D83F2
                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,002D361A,?), ref: 002D844E
                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 002D8487
                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 002D84CA
                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 002D8501
                                                            • FreeLibrary.KERNEL32(?), ref: 002D850D
                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 002D851D
                                                            • DestroyIcon.USER32(?), ref: 002D852C
                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 002D8549
                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 002D8555
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                            • String ID: .dll$.exe$.icl
                                                            • API String ID: 799131459-1154884017
                                                            • Opcode ID: 6b1719a2ae2d20c369aa65c00e9ab9b5573d6f54c4136869f01f898f70b14d0b
                                                            • Instruction ID: 87ed922ab3451aef3269a61bce25d76ca7b82fda5b41dd3d69a5c04951ef0e45
                                                            • Opcode Fuzzy Hash: 6b1719a2ae2d20c369aa65c00e9ab9b5573d6f54c4136869f01f898f70b14d0b
                                                            • Instruction Fuzzy Hash: 3D61F271960216BAEB14DF64DC85BBF77A8FB04B11F20460AF815D61D1DBB4ADA0CBA0
                                                            Function 00247778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                            • API String ID: 0-1645009161
                                                            • Opcode ID: 9142b6cd4f515a0f764a3eceea7a01aa2c1b3de4cf47b4a67b9a695280da35ab
                                                            • Instruction ID: 51d8bf429b40fd7fb216c58ffab52bd08397360ed928a47b71c206c1815bb60f
                                                            • Opcode Fuzzy Hash: 9142b6cd4f515a0f764a3eceea7a01aa2c1b3de4cf47b4a67b9a695280da35ab
                                                            • Instruction Fuzzy Hash: 54811671A71206BBDB25BF60CC42FAE77A8AF15300F004025FD15AA1D6EBB1D975CB91
                                                            Function 002B3E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CharLowerBuffW.USER32(?,?), ref: 002B3EF8
                                                            • _wcslen.LIBCMT ref: 002B3F03
                                                            • _wcslen.LIBCMT ref: 002B3F5A
                                                            • _wcslen.LIBCMT ref: 002B3F98
                                                            • GetDriveTypeW.KERNEL32(?), ref: 002B3FD6
                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 002B401E
                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 002B4059
                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 002B4087
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                            • API String ID: 1839972693-4113822522
                                                            • Opcode ID: 2f3185e64ded1739272c13d3b21391cae38500f3f95b849cdfac755f288ad276
                                                            • Instruction ID: 7e627c7a012e29b8f67770159d2db0954319e88b865aa9e98cc20c65b869719a
                                                            • Opcode Fuzzy Hash: 2f3185e64ded1739272c13d3b21391cae38500f3f95b849cdfac755f288ad276
                                                            • Instruction Fuzzy Hash: A1710432A242029FC314EF24C8918BBB7F4EF94798F10492DF99597291EB31DD65CB91
                                                            Function 002A5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadIconW.USER32(00000063), ref: 002A5A2E
                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 002A5A40
                                                            • SetWindowTextW.USER32(?,?), ref: 002A5A57
                                                            • GetDlgItem.USER32(?,000003EA), ref: 002A5A6C
                                                            • SetWindowTextW.USER32(00000000,?), ref: 002A5A72
                                                            • GetDlgItem.USER32(?,000003E9), ref: 002A5A82
                                                            • SetWindowTextW.USER32(00000000,?), ref: 002A5A88
                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 002A5AA9
                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 002A5AC3
                                                            • GetWindowRect.USER32(?,?), ref: 002A5ACC
                                                            • _wcslen.LIBCMT ref: 002A5B33
                                                            • SetWindowTextW.USER32(?,?), ref: 002A5B6F
                                                            • GetDesktopWindow.USER32 ref: 002A5B75
                                                            • GetWindowRect.USER32(00000000), ref: 002A5B7C
                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 002A5BD3
                                                            • GetClientRect.USER32(?,?), ref: 002A5BE0
                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 002A5C05
                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 002A5C2F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                            • String ID:
                                                            • API String ID: 895679908-0
                                                            • Opcode ID: fdc64102d39f651903c665161bb619c1413ebf208aa53fa73bb0d42cc0967277
                                                            • Instruction ID: 9fe1514ee6e1eded7f18841ec09485715c503fc0ec0b365065363aea6de405cb
                                                            • Opcode Fuzzy Hash: fdc64102d39f651903c665161bb619c1413ebf208aa53fa73bb0d42cc0967277
                                                            • Instruction Fuzzy Hash: 89719E31A10B16AFDB20DFA8CD49AAFBBF5FF48705F104919E142A25A4DB70ED54CB60
                                                            Function 002BFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 002BFE27
                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 002BFE32
                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 002BFE3D
                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 002BFE48
                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 002BFE53
                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 002BFE5E
                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 002BFE69
                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 002BFE74
                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 002BFE7F
                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 002BFE8A
                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 002BFE95
                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 002BFEA0
                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 002BFEAB
                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 002BFEB6
                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 002BFEC1
                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 002BFECC
                                                            • GetCursorInfo.USER32(?), ref: 002BFEDC
                                                            • GetLastError.KERNEL32 ref: 002BFF1E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                            • String ID:
                                                            • API String ID: 3215588206-0
                                                            • Opcode ID: 4589ec6429a8f4f873f340191e782f74d5bc6af4029a4e7db1bb16504096041c
                                                            • Instruction ID: ea1135f49795aa6838de574f4bcaa5979b0878b103f6abbc5e595b0d7e8fbdb0
                                                            • Opcode Fuzzy Hash: 4589ec6429a8f4f873f340191e782f74d5bc6af4029a4e7db1bb16504096041c
                                                            • Instruction Fuzzy Hash: 9C4182B0D0531A6ADB509FBA8C8986EBFE8FF04754B50412AE11CE7681DB78E901CE90
                                                            Function 002A30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[0
                                                            • API String ID: 176396367-3337054162
                                                            • Opcode ID: dcd686ab37e73f9cec15381cb1c9d77c16af437f3324b00182a541fa3903a6d4
                                                            • Instruction ID: f43a2edba16efc44d136692b5e381393a75384f1fe82a3da6204005e2fa5791f
                                                            • Opcode Fuzzy Hash: dcd686ab37e73f9cec15381cb1c9d77c16af437f3324b00182a541fa3903a6d4
                                                            • Instruction Fuzzy Hash: B0E1F832A205169BCB18DF78C4517EEFBB0BF5A710F54411AF856E7240DF70AEA58B90
                                                            Function 002600C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 002600C6
                                                              • Part of subcall function 002600ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0031070C,00000FA0,66FF8226,?,?,?,?,002823B3,000000FF), ref: 0026011C
                                                              • Part of subcall function 002600ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,002823B3,000000FF), ref: 00260127
                                                              • Part of subcall function 002600ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,002823B3,000000FF), ref: 00260138
                                                              • Part of subcall function 002600ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0026014E
                                                              • Part of subcall function 002600ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0026015C
                                                              • Part of subcall function 002600ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0026016A
                                                              • Part of subcall function 002600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00260195
                                                              • Part of subcall function 002600ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 002601A0
                                                            • ___scrt_fastfail.LIBCMT ref: 002600E7
                                                              • Part of subcall function 002600A3: __onexit.LIBCMT ref: 002600A9
                                                            Strings
                                                            • SleepConditionVariableCS, xrefs: 00260154
                                                            • InitializeConditionVariable, xrefs: 00260148
                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00260122
                                                            • kernel32.dll, xrefs: 00260133
                                                            • WakeAllConditionVariable, xrefs: 00260162
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                            • API String ID: 66158676-1714406822
                                                            • Opcode ID: 0a7b7f506b7c10e71c4809e1700a6c348d274585330366cc46b23a9f9f38b0b8
                                                            • Instruction ID: 894025e5e7a4334b38c42a52269d036f4cbcbb1270fea3e337b266b9c8d782c9
                                                            • Opcode Fuzzy Hash: 0a7b7f506b7c10e71c4809e1700a6c348d274585330366cc46b23a9f9f38b0b8
                                                            • Instruction Fuzzy Hash: EB212932A653126BD7155FA4BD4AB6B3398DB0AB51F100127F806D22D1DBB09C90DAA4
                                                            Function 002B44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CharLowerBuffW.USER32(00000000,00000000,002DCC08), ref: 002B4527
                                                            • _wcslen.LIBCMT ref: 002B453B
                                                            • _wcslen.LIBCMT ref: 002B4599
                                                            • _wcslen.LIBCMT ref: 002B45F4
                                                            • _wcslen.LIBCMT ref: 002B463F
                                                            • _wcslen.LIBCMT ref: 002B46A7
                                                              • Part of subcall function 0025F9F2: _wcslen.LIBCMT ref: 0025F9FD
                                                            • GetDriveTypeW.KERNEL32(?,00306BF0,00000061), ref: 002B4743
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                            • API String ID: 2055661098-1000479233
                                                            • Opcode ID: dd16b3511318105810df32f4bf06ee3719a1e6f0602255a0c698d976e3854362
                                                            • Instruction ID: 1b444064819fcd7c41d70fc7740d9595ae3a3d2a7279b600f4c039ff67aeca02
                                                            • Opcode Fuzzy Hash: dd16b3511318105810df32f4bf06ee3719a1e6f0602255a0c698d976e3854362
                                                            • Instruction Fuzzy Hash: 35B1E5716283029FC714EF28C8D1AAAB7E5AFA57A0F50491DF496C7292DB30DC64CB52
                                                            Function 002D911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00259BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00259BB2
                                                            • DragQueryPoint.SHELL32(?,?), ref: 002D9147
                                                              • Part of subcall function 002D7674: ClientToScreen.USER32(?,?), ref: 002D769A
                                                              • Part of subcall function 002D7674: GetWindowRect.USER32(?,?), ref: 002D7710
                                                              • Part of subcall function 002D7674: PtInRect.USER32(?,?,002D8B89), ref: 002D7720
                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 002D91B0
                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 002D91BB
                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 002D91DE
                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 002D9225
                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 002D923E
                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 002D9255
                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 002D9277
                                                            • DragFinish.SHELL32(?), ref: 002D927E
                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 002D9371
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#1
                                                            • API String ID: 221274066-563555431
                                                            • Opcode ID: 82991fcdd2fdd16f408d4ea91819b4792909ba93b688e9f0b27c408a9c01ada0
                                                            • Instruction ID: ed4b4ce526ffb5bac9cf608fa5d51000e7f63958a8931938aecc19af9ec5ec5d
                                                            • Opcode Fuzzy Hash: 82991fcdd2fdd16f408d4ea91819b4792909ba93b688e9f0b27c408a9c01ada0
                                                            • Instruction Fuzzy Hash: 70618B71518301AFC705DF64DC89DAFBBE8EF88750F10091EF595922A1DB309A99CB92
                                                            Function 002CAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 002CB198
                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 002CB1B0
                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 002CB1D4
                                                            • _wcslen.LIBCMT ref: 002CB200
                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002CB214
                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 002CB236
                                                            • _wcslen.LIBCMT ref: 002CB332
                                                              • Part of subcall function 002B05A7: GetStdHandle.KERNEL32(000000F6), ref: 002B05C6
                                                            • _wcslen.LIBCMT ref: 002CB34B
                                                            • _wcslen.LIBCMT ref: 002CB366
                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 002CB3B6
                                                            • GetLastError.KERNEL32(00000000), ref: 002CB407
                                                            • CloseHandle.KERNEL32(?), ref: 002CB439
                                                            • CloseHandle.KERNEL32(00000000), ref: 002CB44A
                                                            • CloseHandle.KERNEL32(00000000), ref: 002CB45C
                                                            • CloseHandle.KERNEL32(00000000), ref: 002CB46E
                                                            • CloseHandle.KERNEL32(?), ref: 002CB4E3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 2178637699-0
                                                            • Opcode ID: 846b6758cc753c3e649c03448c9cc5a29c716ac1023f70de98c39fb507418c51
                                                            • Instruction ID: 683583f5b682f226c2fa14c38e073d6c4f7e107f011052701a48c116ea4087d5
                                                            • Opcode Fuzzy Hash: 846b6758cc753c3e649c03448c9cc5a29c716ac1023f70de98c39fb507418c51
                                                            • Instruction Fuzzy Hash: 73F1AF315283419FC71AEF24C892B6EBBE5AF85710F14865DF8994B2A2CB31DC54CF52
                                                            Function 0024326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetMenuItemCount.USER32(00311990), ref: 00282F8D
                                                            • GetMenuItemCount.USER32(00311990), ref: 0028303D
                                                            • GetCursorPos.USER32(?), ref: 00283081
                                                            • SetForegroundWindow.USER32(00000000), ref: 0028308A
                                                            • TrackPopupMenuEx.USER32(00311990,00000000,?,00000000,00000000,00000000), ref: 0028309D
                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 002830A9
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                            • String ID: 0
                                                            • API String ID: 36266755-4108050209
                                                            • Opcode ID: cf6a603e39b3385385928f70410a94a15eda2ece133ba309555b0b05b3f5ae7a
                                                            • Instruction ID: 85e9507540d848de54af94612bc775c08f487e61dfd7930af524d8fd13f66356
                                                            • Opcode Fuzzy Hash: cf6a603e39b3385385928f70410a94a15eda2ece133ba309555b0b05b3f5ae7a
                                                            • Instruction Fuzzy Hash: 66710674661207BEEB25DF24DC49F9ABF68FF05324F204206FA146A1E1C7B1AD24DB50
                                                            Function 002D6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DestroyWindow.USER32(00000000,?), ref: 002D6DEB
                                                              • Part of subcall function 00246B57: _wcslen.LIBCMT ref: 00246B6A
                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 002D6E5F
                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 002D6E81
                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002D6E94
                                                            • DestroyWindow.USER32(?), ref: 002D6EB5
                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00240000,00000000), ref: 002D6EE4
                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 002D6EFD
                                                            • GetDesktopWindow.USER32 ref: 002D6F16
                                                            • GetWindowRect.USER32(00000000), ref: 002D6F1D
                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 002D6F35
                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 002D6F4D
                                                              • Part of subcall function 00259944: GetWindowLongW.USER32(?,000000EB), ref: 00259952
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                            • String ID: 0$tooltips_class32
                                                            • API String ID: 2429346358-3619404913
                                                            • Opcode ID: da3035bbb21b5e0d749341596fa5a232dc8a8e31fc33eaff5257b1c1a3904ee7
                                                            • Instruction ID: 363b2a18404099e81e9a31b42dd2ead2aeb13678d24a567a4866363d8ef6382e
                                                            • Opcode Fuzzy Hash: da3035bbb21b5e0d749341596fa5a232dc8a8e31fc33eaff5257b1c1a3904ee7
                                                            • Instruction Fuzzy Hash: 81716670514242AFDB25CF18E848EAABBF9FB89304F14451EF99987361C770ED16CB52
                                                            Function 002BC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 002BC4B0
                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 002BC4C3
                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 002BC4D7
                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 002BC4F0
                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 002BC533
                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 002BC549
                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 002BC554
                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 002BC584
                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 002BC5DC
                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 002BC5F0
                                                            • InternetCloseHandle.WININET(00000000), ref: 002BC5FB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                            • String ID:
                                                            • API String ID: 3800310941-3916222277
                                                            • Opcode ID: 6a74a011518b3cf030b14435cda312035037ea897f4f416137a09b38665e6879
                                                            • Instruction ID: c38a61092c7f4f5dedd77503ced978243bc48fdd8384bf537b6ea644730dc4d0
                                                            • Opcode Fuzzy Hash: 6a74a011518b3cf030b14435cda312035037ea897f4f416137a09b38665e6879
                                                            • Instruction Fuzzy Hash: DA515DB0511206BFEB218F60D988AEB7BBCFF08794F60441AF945E6210DB70ED54DB60
                                                            Function 002D856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 002D8592
                                                            • GetFileSize.KERNEL32(00000000,00000000), ref: 002D85A2
                                                            • GlobalAlloc.KERNEL32(00000002,00000000), ref: 002D85AD
                                                            • CloseHandle.KERNEL32(00000000), ref: 002D85BA
                                                            • GlobalLock.KERNEL32(00000000), ref: 002D85C8
                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 002D85D7
                                                            • GlobalUnlock.KERNEL32(00000000), ref: 002D85E0
                                                            • CloseHandle.KERNEL32(00000000), ref: 002D85E7
                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 002D85F8
                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,002DFC38,?), ref: 002D8611
                                                            • GlobalFree.KERNEL32(00000000), ref: 002D8621
                                                            • GetObjectW.GDI32(?,00000018,000000FF), ref: 002D8641
                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 002D8671
                                                            • DeleteObject.GDI32(00000000), ref: 002D8699
                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 002D86AF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                            • String ID:
                                                            • API String ID: 3840717409-0
                                                            • Opcode ID: 43be5baf9125e1e4dc3a50539b4d5b65b22c675260311e5e7093daebdc93f633
                                                            • Instruction ID: cee46ea62e61009388a7d2454ed64c138559e8aaf676d7bb4866b0e6f754f132
                                                            • Opcode Fuzzy Hash: 43be5baf9125e1e4dc3a50539b4d5b65b22c675260311e5e7093daebdc93f633
                                                            • Instruction Fuzzy Hash: 30412975A01206AFDB119FA5EC4CEAE7BBCEF89711F20415AF909E7260DB709D01CB60
                                                            Function 002B14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VariantInit.OLEAUT32(00000000), ref: 002B1502
                                                            • VariantCopy.OLEAUT32(?,?), ref: 002B150B
                                                            • VariantClear.OLEAUT32(?), ref: 002B1517
                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 002B15FB
                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 002B1657
                                                            • VariantInit.OLEAUT32(?), ref: 002B1708
                                                            • SysFreeString.OLEAUT32(?), ref: 002B178C
                                                            • VariantClear.OLEAUT32(?), ref: 002B17D8
                                                            • VariantClear.OLEAUT32(?), ref: 002B17E7
                                                            • VariantInit.OLEAUT32(00000000), ref: 002B1823
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                            • API String ID: 1234038744-3931177956
                                                            • Opcode ID: 35bbfb3f6cb04571d0b1ecc06ad533be99c9d6ee10c3447c7c1a2d7499abdcbd
                                                            • Instruction ID: 3ad983af099b0ddf4da13e75b699c894d4a411be83b956baddf0b2124f54f2af
                                                            • Opcode Fuzzy Hash: 35bbfb3f6cb04571d0b1ecc06ad533be99c9d6ee10c3447c7c1a2d7499abdcbd
                                                            • Instruction Fuzzy Hash: 0BD12472A20106DBDB24AF64E8A5BBDB7B5BF45740FA08056F807AB180DB70DC74DB91
                                                            Function 002CB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                              • Part of subcall function 002CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002CB6AE,?,?), ref: 002CC9B5
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CC9F1
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CCA68
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CCA9E
                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002CB6F4
                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002CB772
                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 002CB80A
                                                            • RegCloseKey.ADVAPI32(?), ref: 002CB87E
                                                            • RegCloseKey.ADVAPI32(?), ref: 002CB89C
                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 002CB8F2
                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 002CB904
                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 002CB922
                                                            • FreeLibrary.KERNEL32(00000000), ref: 002CB983
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 002CB994
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                            • API String ID: 146587525-4033151799
                                                            • Opcode ID: c4d580c888d1fc8dd6a7bfd2a68c807d958e368118c1ae448fed4e2b9a8875ab
                                                            • Instruction ID: f9005c97d737178b139a564f0fa3f8f98ade18f645de136a3e594db0243d15b3
                                                            • Opcode Fuzzy Hash: c4d580c888d1fc8dd6a7bfd2a68c807d958e368118c1ae448fed4e2b9a8875ab
                                                            • Instruction Fuzzy Hash: 4FC1BD30625242AFD715DF14C495F2ABBE5BF84308F24869CF49A8B2A2CB71EC55CF81
                                                            Function 002C255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetDC.USER32(00000000), ref: 002C25D8
                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 002C25E8
                                                            • CreateCompatibleDC.GDI32(?), ref: 002C25F4
                                                            • SelectObject.GDI32(00000000,?), ref: 002C2601
                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 002C266D
                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 002C26AC
                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 002C26D0
                                                            • SelectObject.GDI32(?,?), ref: 002C26D8
                                                            • DeleteObject.GDI32(?), ref: 002C26E1
                                                            • DeleteDC.GDI32(?), ref: 002C26E8
                                                            • ReleaseDC.USER32(00000000,?), ref: 002C26F3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                            • String ID: (
                                                            • API String ID: 2598888154-3887548279
                                                            • Opcode ID: 4bbd5693f8b9be14a1fbac71f5d79168fb74651ba7fd30e26cd1527146163518
                                                            • Instruction ID: 3ce120f519434c4d486898ce67f168d525c67b8d31c12ce3d1aa2cb1779123ca
                                                            • Opcode Fuzzy Hash: 4bbd5693f8b9be14a1fbac71f5d79168fb74651ba7fd30e26cd1527146163518
                                                            • Instruction Fuzzy Hash: 5E61E275D10219EFCB04CFA4D884EAEBBB9FF48310F20851AE955A7250D770A951CFA0
                                                            Function 0027DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • ___free_lconv_mon.LIBCMT ref: 0027DAA1
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D659
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D66B
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D67D
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D68F
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D6A1
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D6B3
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D6C5
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D6D7
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D6E9
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D6FB
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D70D
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D71F
                                                              • Part of subcall function 0027D63C: _free.LIBCMT ref: 0027D731
                                                            • _free.LIBCMT ref: 0027DA96
                                                              • Part of subcall function 002729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000), ref: 002729DE
                                                              • Part of subcall function 002729C8: GetLastError.KERNEL32(00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000,00000000), ref: 002729F0
                                                            • _free.LIBCMT ref: 0027DAB8
                                                            • _free.LIBCMT ref: 0027DACD
                                                            • _free.LIBCMT ref: 0027DAD8
                                                            • _free.LIBCMT ref: 0027DAFA
                                                            • _free.LIBCMT ref: 0027DB0D
                                                            • _free.LIBCMT ref: 0027DB1B
                                                            • _free.LIBCMT ref: 0027DB26
                                                            • _free.LIBCMT ref: 0027DB5E
                                                            • _free.LIBCMT ref: 0027DB65
                                                            • _free.LIBCMT ref: 0027DB82
                                                            • _free.LIBCMT ref: 0027DB9A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                            • String ID:
                                                            • API String ID: 161543041-0
                                                            • Opcode ID: 3aa91a3e0a838cc408c396b392b5f3bc0c1de7fb46518a484069632f6f65309f
                                                            • Instruction ID: a436923ec16ca498dbcb8210d90aabd9335a9d3491266d38267471b02645305b
                                                            • Opcode Fuzzy Hash: 3aa91a3e0a838cc408c396b392b5f3bc0c1de7fb46518a484069632f6f65309f
                                                            • Instruction Fuzzy Hash: 12315A31665206DFEB22AE39E845B5AB7F8FF00310F25E819E54CD7191DF30ACA48B20
                                                            Function 002A365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetClassNameW.USER32(?,?,00000100), ref: 002A369C
                                                            • _wcslen.LIBCMT ref: 002A36A7
                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 002A3797
                                                            • GetClassNameW.USER32(?,?,00000400), ref: 002A380C
                                                            • GetDlgCtrlID.USER32(?), ref: 002A385D
                                                            • GetWindowRect.USER32(?,?), ref: 002A3882
                                                            • GetParent.USER32(?), ref: 002A38A0
                                                            • ScreenToClient.USER32(00000000), ref: 002A38A7
                                                            • GetClassNameW.USER32(?,?,00000100), ref: 002A3921
                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 002A395D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                            • String ID: %s%u
                                                            • API String ID: 4010501982-679674701
                                                            • Opcode ID: 109c632ffef471f5067fecd2ec52c49d873073b5f5821dc00948423d6a020255
                                                            • Instruction ID: c7b2e164bac97651420845c4feeb4f2dd5d07d2d986e02fefcac341bc1b860a4
                                                            • Opcode Fuzzy Hash: 109c632ffef471f5067fecd2ec52c49d873073b5f5821dc00948423d6a020255
                                                            • Instruction Fuzzy Hash: 1891BE71224607AFDB19DF24C885BEAF7A8FF45350F108629F999C2190DF30EA65CB91
                                                            Function 002A4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetClassNameW.USER32(?,?,00000400), ref: 002A4994
                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 002A49DA
                                                            • _wcslen.LIBCMT ref: 002A49EB
                                                            • CharUpperBuffW.USER32(?,00000000), ref: 002A49F7
                                                            • _wcsstr.LIBVCRUNTIME ref: 002A4A2C
                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 002A4A64
                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 002A4A9D
                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 002A4AE6
                                                            • GetClassNameW.USER32(?,?,00000400), ref: 002A4B20
                                                            • GetWindowRect.USER32(?,?), ref: 002A4B8B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                            • String ID: ThumbnailClass
                                                            • API String ID: 1311036022-1241985126
                                                            • Opcode ID: b88d43281b7ca14b34a6feb8bd4e86dd98c9eb0b62050c2f813c87d134d1abad
                                                            • Instruction ID: 2649295e1e79b4fad927d53ad16f1024458ec1eb0f6400db348b81b46dac9709
                                                            • Opcode Fuzzy Hash: b88d43281b7ca14b34a6feb8bd4e86dd98c9eb0b62050c2f813c87d134d1abad
                                                            • Instruction Fuzzy Hash: 9691D0714282069FDB04EF14C885BAAB7E8FFC5314F04846AFD859A096DF70ED65CBA1
                                                            Function 002CCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 002CCC64
                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 002CCC8D
                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 002CCD48
                                                              • Part of subcall function 002CCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 002CCCAA
                                                              • Part of subcall function 002CCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 002CCCBD
                                                              • Part of subcall function 002CCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 002CCCCF
                                                              • Part of subcall function 002CCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 002CCD05
                                                              • Part of subcall function 002CCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 002CCD28
                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 002CCCF3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                            • API String ID: 2734957052-4033151799
                                                            • Opcode ID: ec4b2c1e7ef89c1638f3da223aa8b8356e6825d957d25b693da529b3b2c3dc8f
                                                            • Instruction ID: d4d113b66525ba255b4de12fb9ebc2ce4ee8f5ac7451d529de0daa01c574b49e
                                                            • Opcode Fuzzy Hash: ec4b2c1e7ef89c1638f3da223aa8b8356e6825d957d25b693da529b3b2c3dc8f
                                                            • Instruction Fuzzy Hash: 42317471D0212ABBD7218F50DC88FFFBB7CEF15750F10426AE90AE2240D6749E45DAA0
                                                            Function 002B3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 002B3D40
                                                            • _wcslen.LIBCMT ref: 002B3D6D
                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 002B3D9D
                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 002B3DBE
                                                            • RemoveDirectoryW.KERNEL32(?), ref: 002B3DCE
                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 002B3E55
                                                            • CloseHandle.KERNEL32(00000000), ref: 002B3E60
                                                            • CloseHandle.KERNEL32(00000000), ref: 002B3E6B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                            • String ID: :$\$\??\%s
                                                            • API String ID: 1149970189-3457252023
                                                            • Opcode ID: 109d6ca640eb06386bc5aab809f33d3fd3201c9223e71aa771f2b7463a44402b
                                                            • Instruction ID: 022e341fd80f329fbaf4e22cc289d26439efeb25394e257ab6d653adc7f24a7b
                                                            • Opcode Fuzzy Hash: 109d6ca640eb06386bc5aab809f33d3fd3201c9223e71aa771f2b7463a44402b
                                                            • Instruction Fuzzy Hash: 5831807595021AAADB21DFA0DC49FEB37BCEF89740F6041A6FA05D6060EB709754CB24
                                                            Function 002AE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • timeGetTime.WINMM ref: 002AE6B4
                                                              • Part of subcall function 0025E551: timeGetTime.WINMM(?,?,002AE6D4), ref: 0025E555
                                                            • Sleep.KERNEL32(0000000A), ref: 002AE6E1
                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 002AE705
                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 002AE727
                                                            • SetActiveWindow.USER32 ref: 002AE746
                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 002AE754
                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 002AE773
                                                            • Sleep.KERNEL32(000000FA), ref: 002AE77E
                                                            • IsWindow.USER32 ref: 002AE78A
                                                            • EndDialog.USER32(00000000), ref: 002AE79B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                            • String ID: BUTTON
                                                            • API String ID: 1194449130-3405671355
                                                            • Opcode ID: 11d47f63b42050a7347c52a0b35474ad9131025b93168d9b851e4dfe56fa6e8b
                                                            • Instruction ID: 3dc674f906ad3f7f9784cd916f67f5578f413b59e951f627d047750973c9f849
                                                            • Opcode Fuzzy Hash: 11d47f63b42050a7347c52a0b35474ad9131025b93168d9b851e4dfe56fa6e8b
                                                            • Instruction Fuzzy Hash: 6421C3B0710206AFEF025F20FC8DB667B6DF79A748F214826F515821E1DFB1AC21CA64
                                                            Function 002AE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 002AEA5D
                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 002AEA73
                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 002AEA84
                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 002AEA96
                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 002AEAA7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: SendString$_wcslen
                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                            • API String ID: 2420728520-1007645807
                                                            • Opcode ID: 27768471368e57884f17afcfb80cb180b920655825435bdbff8fd64ee6dc9193
                                                            • Instruction ID: 5dc5bb48257bbdfd6755012ca8e240da7c33d753fab8f88d404842af9a6ef3bd
                                                            • Opcode Fuzzy Hash: 27768471368e57884f17afcfb80cb180b920655825435bdbff8fd64ee6dc9193
                                                            • Instruction Fuzzy Hash: BB117731AA12597AE715E765DC5BEFF6ABCEBD2B00F000425B401A20D5DF700D65C9B0
                                                            Function 002A5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetDlgItem.USER32(?,00000001), ref: 002A5CE2
                                                            • GetWindowRect.USER32(00000000,?), ref: 002A5CFB
                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 002A5D59
                                                            • GetDlgItem.USER32(?,00000002), ref: 002A5D69
                                                            • GetWindowRect.USER32(00000000,?), ref: 002A5D7B
                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 002A5DCF
                                                            • GetDlgItem.USER32(?,000003E9), ref: 002A5DDD
                                                            • GetWindowRect.USER32(00000000,?), ref: 002A5DEF
                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 002A5E31
                                                            • GetDlgItem.USER32(?,000003EA), ref: 002A5E44
                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 002A5E5A
                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 002A5E67
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                            • String ID:
                                                            • API String ID: 3096461208-0
                                                            • Opcode ID: 8ce528b704b7c3f0a0da710b1b7662b7e414d7750f0674d2236df760949f992a
                                                            • Instruction ID: 43bda12fd077ce2815267a9b10ad6b8598b826205f7f4e3e4bfdea9dcf46c0da
                                                            • Opcode Fuzzy Hash: 8ce528b704b7c3f0a0da710b1b7662b7e414d7750f0674d2236df760949f992a
                                                            • Instruction Fuzzy Hash: 13512E71E10616AFDF18CF68DD89AAEBBB9FB49310F208129F515E6290DB709E14CB50
                                                            Function 00258BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00258F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00258BE8,?,00000000,?,?,?,?,00258BBA,00000000,?), ref: 00258FC5
                                                            • DestroyWindow.USER32(?), ref: 00258C81
                                                            • KillTimer.USER32(00000000,?,?,?,?,00258BBA,00000000,?), ref: 00258D1B
                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00296973
                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00258BBA,00000000,?), ref: 002969A1
                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00258BBA,00000000,?), ref: 002969B8
                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00258BBA,00000000), ref: 002969D4
                                                            • DeleteObject.GDI32(00000000), ref: 002969E6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                            • String ID:
                                                            • API String ID: 641708696-0
                                                            • Opcode ID: 600e77df538ab2c8d8cf8250d770bc3179cdd60ad927730d1387321ee490aa3a
                                                            • Instruction ID: 3d39646f04835e5f5fdba2699bb536b0c562d08d7170986e360f294f22a9c5c2
                                                            • Opcode Fuzzy Hash: 600e77df538ab2c8d8cf8250d770bc3179cdd60ad927730d1387321ee490aa3a
                                                            • Instruction Fuzzy Hash: 3761BF31522602DFDF2A9F24D94CBA977F5FB44313F10851AE542A6960CBB1ACA4CF98
                                                            Function 00259838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00259944: GetWindowLongW.USER32(?,000000EB), ref: 00259952
                                                            • GetSysColor.USER32(0000000F), ref: 00259862
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ColorLongWindow
                                                            • String ID:
                                                            • API String ID: 259745315-0
                                                            • Opcode ID: 06051f11403af164b7367b291fdd9b8f83f2b71347727d33fe61d74577e02d82
                                                            • Instruction ID: c31e36e17a883e8e24ef817034638462cd84245f7c9c09b44523cb3b83d52dec
                                                            • Opcode Fuzzy Hash: 06051f11403af164b7367b291fdd9b8f83f2b71347727d33fe61d74577e02d82
                                                            • Instruction Fuzzy Hash: 4141B031525612DFDF205F38AC8CBB93BA5AB06332F644606FDA68B2E1C7319C95DB14
                                                            Function 00278D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .&
                                                            • API String ID: 0-2074860339
                                                            • Opcode ID: 02cb9e026c4156aed761a3ad20f48002d266df3924199fed282e00ec7540a965
                                                            • Instruction ID: d0420dce1b8a32b3276d2d0dce4273937cd46e30d636a3872b490157f6670cdf
                                                            • Opcode Fuzzy Hash: 02cb9e026c4156aed761a3ad20f48002d266df3924199fed282e00ec7540a965
                                                            • Instruction Fuzzy Hash: 0AC1E474D2434A9FDF11DFA8D845BADBBB4AF0A310F148099F918A7392C77089A1CF61
                                                            Function 002A96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,0028F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 002A9717
                                                            • LoadStringW.USER32(00000000,?,0028F7F8,00000001), ref: 002A9720
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,0028F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 002A9742
                                                            • LoadStringW.USER32(00000000,?,0028F7F8,00000001), ref: 002A9745
                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 002A9866
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                            • API String ID: 747408836-2268648507
                                                            • Opcode ID: 4b981b5fa38783add24997603a3da33e5ea9aed6b6d404572bdf723c7c85cf51
                                                            • Instruction ID: 6eb5888d9d00b297843ec770c5801d990019e881dfa3211fae1376fe33003845
                                                            • Opcode Fuzzy Hash: 4b981b5fa38783add24997603a3da33e5ea9aed6b6d404572bdf723c7c85cf51
                                                            • Instruction Fuzzy Hash: 59413F72810209ABDB09EFE5DD96DEEB778AF15740F100065F50572092EE356FA8CFA1
                                                            Function 002A06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00246B57: _wcslen.LIBCMT ref: 00246B6A
                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 002A07A2
                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 002A07BE
                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 002A07DA
                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 002A0804
                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 002A082C
                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 002A0837
                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 002A083C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                            • API String ID: 323675364-22481851
                                                            • Opcode ID: 08c8f8fd6c49b91fbd714d668fe0ce5a81609a713ce29242605e2a06d712aa58
                                                            • Instruction ID: 422f8d487caa507b71175931023e4ecbcfccd3a447bdc737dc469c5cf1ccad1c
                                                            • Opcode Fuzzy Hash: 08c8f8fd6c49b91fbd714d668fe0ce5a81609a713ce29242605e2a06d712aa58
                                                            • Instruction Fuzzy Hash: AB41C572C21229ABDF15EFA4DC999EEB778FF04750F144169E901A31A1EB309E54CFA0
                                                            Function 002C3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VariantInit.OLEAUT32(?), ref: 002C3C5C
                                                            • CoInitialize.OLE32(00000000), ref: 002C3C8A
                                                            • CoUninitialize.OLE32 ref: 002C3C94
                                                            • _wcslen.LIBCMT ref: 002C3D2D
                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 002C3DB1
                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 002C3ED5
                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 002C3F0E
                                                            • CoGetObject.OLE32(?,00000000,002DFB98,?), ref: 002C3F2D
                                                            • SetErrorMode.KERNEL32(00000000), ref: 002C3F40
                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 002C3FC4
                                                            • VariantClear.OLEAUT32(?), ref: 002C3FD8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                            • String ID:
                                                            • API String ID: 429561992-0
                                                            • Opcode ID: 76301d0caca0e5ffe2d54ab431675ed2eef70c6102e501c6a3f9e0bae5e02387
                                                            • Instruction ID: 57bf0082bc6c67c72e58af10921af99240454f4998fcbe321036b0592cd9f4cd
                                                            • Opcode Fuzzy Hash: 76301d0caca0e5ffe2d54ab431675ed2eef70c6102e501c6a3f9e0bae5e02387
                                                            • Instruction Fuzzy Hash: DFC125716182029FD700DF68C884E2BB7E9FF89748F108A1DF98A9B250D771EE15CB52
                                                            Function 002B7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CoInitialize.OLE32(00000000), ref: 002B7AF3
                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 002B7B8F
                                                            • SHGetDesktopFolder.SHELL32(?), ref: 002B7BA3
                                                            • CoCreateInstance.OLE32(002DFD08,00000000,00000001,00306E6C,?), ref: 002B7BEF
                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 002B7C74
                                                            • CoTaskMemFree.OLE32(?,?), ref: 002B7CCC
                                                            • SHBrowseForFolderW.SHELL32(?), ref: 002B7D57
                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 002B7D7A
                                                            • CoTaskMemFree.OLE32(00000000), ref: 002B7D81
                                                            • CoTaskMemFree.OLE32(00000000), ref: 002B7DD6
                                                            • CoUninitialize.OLE32 ref: 002B7DDC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                            • String ID:
                                                            • API String ID: 2762341140-0
                                                            • Opcode ID: 4ff2e3417bd8212bd52885535c3940df13b7ed9dc5a3f18c4bfa88c634be6eea
                                                            • Instruction ID: 6722422d28768d4a999276b6f93de0f72f120773d6240b51966ce9ab016e0b5d
                                                            • Opcode Fuzzy Hash: 4ff2e3417bd8212bd52885535c3940df13b7ed9dc5a3f18c4bfa88c634be6eea
                                                            • Instruction Fuzzy Hash: 39C10975A1410AAFCB14DFA4C888DAEBBB9FF48344B148499E819DB261D730ED55CF90
                                                            Function 002D541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 002D5504
                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002D5515
                                                            • CharNextW.USER32(00000158), ref: 002D5544
                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 002D5585
                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 002D559B
                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002D55AC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CharNext
                                                            • String ID:
                                                            • API String ID: 1350042424-0
                                                            • Opcode ID: ce38682827045c3c9d3fac3e21b988d9dfc80f817e8af03939e0b197d91d02ab
                                                            • Instruction ID: 3ca9f1cd6cbdbde1f494ccd136e8733ba1a47e0277cb81c3a8ef0eeae5973a66
                                                            • Opcode Fuzzy Hash: ce38682827045c3c9d3fac3e21b988d9dfc80f817e8af03939e0b197d91d02ab
                                                            • Instruction Fuzzy Hash: 6261913092162AABDF118F54DC84DFE7BB9FB09360F108147F525A6390D7B48EA0DBA1
                                                            Function 0029FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 0029FAAF
                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 0029FB08
                                                            • VariantInit.OLEAUT32(?), ref: 0029FB1A
                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 0029FB3A
                                                            • VariantCopy.OLEAUT32(?,?), ref: 0029FB8D
                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 0029FBA1
                                                            • VariantClear.OLEAUT32(?), ref: 0029FBB6
                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 0029FBC3
                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0029FBCC
                                                            • VariantClear.OLEAUT32(?), ref: 0029FBDE
                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0029FBE9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                            • String ID:
                                                            • API String ID: 2706829360-0
                                                            • Opcode ID: 7d7812a8ce7de29d7b3ffa33ad19816f921704b5cc83232d600e742f43c6acd0
                                                            • Instruction ID: 4534a845ae25dc3608a543b85ba351c598508ee558c6ff71b10c784449930b31
                                                            • Opcode Fuzzy Hash: 7d7812a8ce7de29d7b3ffa33ad19816f921704b5cc83232d600e742f43c6acd0
                                                            • Instruction Fuzzy Hash: 8D417035E1021A9FCF44DF68D9689AEBBB9FF08344F10806AE905E7261DB30AD55CF90
                                                            Function 002A9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetKeyboardState.USER32(?), ref: 002A9CA1
                                                            • GetAsyncKeyState.USER32(000000A0), ref: 002A9D22
                                                            • GetKeyState.USER32(000000A0), ref: 002A9D3D
                                                            • GetAsyncKeyState.USER32(000000A1), ref: 002A9D57
                                                            • GetKeyState.USER32(000000A1), ref: 002A9D6C
                                                            • GetAsyncKeyState.USER32(00000011), ref: 002A9D84
                                                            • GetKeyState.USER32(00000011), ref: 002A9D96
                                                            • GetAsyncKeyState.USER32(00000012), ref: 002A9DAE
                                                            • GetKeyState.USER32(00000012), ref: 002A9DC0
                                                            • GetAsyncKeyState.USER32(0000005B), ref: 002A9DD8
                                                            • GetKeyState.USER32(0000005B), ref: 002A9DEA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: State$Async$Keyboard
                                                            • String ID:
                                                            • API String ID: 541375521-0
                                                            • Opcode ID: 75643ed9bf8f1ddd21ef2fcba53b10b4a5e90dc7531087e03e6ea9065064010d
                                                            • Instruction ID: b670e1f27493b54a9e5d70c3f734aa40dc7e89871ba9660994f7b5b5f5ec03c1
                                                            • Opcode Fuzzy Hash: 75643ed9bf8f1ddd21ef2fcba53b10b4a5e90dc7531087e03e6ea9065064010d
                                                            • Instruction Fuzzy Hash: 2E41E730514BCB6BFF309E6694043A5BEA1AF17314F44805BCAC6565C2DFA49DE8C792
                                                            Function 002C055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WSAStartup.WSOCK32(00000101,?), ref: 002C05BC
                                                            • inet_addr.WSOCK32(?), ref: 002C061C
                                                            • gethostbyname.WSOCK32(?), ref: 002C0628
                                                            • IcmpCreateFile.IPHLPAPI ref: 002C0636
                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 002C06C6
                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 002C06E5
                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 002C07B9
                                                            • WSACleanup.WSOCK32 ref: 002C07BF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                            • String ID: Ping
                                                            • API String ID: 1028309954-2246546115
                                                            • Opcode ID: 82de923c51b5a959643f04532e214a03e582a57c500ff51722335dec48f11472
                                                            • Instruction ID: ee23862ec7337e70dd3619f83d2c5bdf266695006a1d120e5ec95aeb20a0edca
                                                            • Opcode Fuzzy Hash: 82de923c51b5a959643f04532e214a03e582a57c500ff51722335dec48f11472
                                                            • Instruction Fuzzy Hash: 1F918C35628202DFD724CF15D4C9F1ABBE4AF48318F1486ADE4698B6A2C770ED55CF81
                                                            Function 002C8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$BuffCharLower
                                                            • String ID: cdecl$none$stdcall$winapi
                                                            • API String ID: 707087890-567219261
                                                            • Opcode ID: c340223b3528a1aba99d6c665049287b7c8644de126b58771dd78f1857990ffd
                                                            • Instruction ID: 8deb1bc02f92e73a461b39ebbd9fa4247f9fc93fdf973765b36799aebf665256
                                                            • Opcode Fuzzy Hash: c340223b3528a1aba99d6c665049287b7c8644de126b58771dd78f1857990ffd
                                                            • Instruction Fuzzy Hash: 3D518E31A201179BCB14DF68C950ABEB7A5AF65720B20832DF426A72C5EB31DD60CB90
                                                            Function 002C372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CoInitialize.OLE32 ref: 002C3774
                                                            • CoUninitialize.OLE32 ref: 002C377F
                                                            • CoCreateInstance.OLE32(?,00000000,00000017,002DFB78,?), ref: 002C37D9
                                                            • IIDFromString.OLE32(?,?), ref: 002C384C
                                                            • VariantInit.OLEAUT32(?), ref: 002C38E4
                                                            • VariantClear.OLEAUT32(?), ref: 002C3936
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                            • API String ID: 636576611-1287834457
                                                            • Opcode ID: 74bf576b207a7e77421f810e835dcb764ba1e2a0bc624361efbc953deb4582e9
                                                            • Instruction ID: 3531567f76bf2daaecceff836904b94292ef8d43e8efae0000d3b54da2c78ce4
                                                            • Opcode Fuzzy Hash: 74bf576b207a7e77421f810e835dcb764ba1e2a0bc624361efbc953deb4582e9
                                                            • Instruction Fuzzy Hash: B361A270628302AFD311DF54C888F5AB7E8EF49714F108A1DF9859B291C770EE58CB96
                                                            Function 002B3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 002B33CF
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 002B33F0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: LoadString$_wcslen
                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                            • API String ID: 4099089115-3080491070
                                                            • Opcode ID: 8733ef3358c87d4301a2550ea45bd0a0712104795bdf20065607a1ec99be6587
                                                            • Instruction ID: 2fd40fbaa468d9f314b55cc372215ccf78b99efaf07f7356752415284f84ae3d
                                                            • Opcode Fuzzy Hash: 8733ef3358c87d4301a2550ea45bd0a0712104795bdf20065607a1ec99be6587
                                                            • Instruction Fuzzy Hash: 9151827291020AABDF19EBA0DD46EEEB778AF08340F104565F50572092EB316FB8DF61
                                                            Function 002AB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$BuffCharUpper
                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                            • API String ID: 1256254125-769500911
                                                            • Opcode ID: 3754f1d620e9b4f5cd01cf099ad566dc46d7d0fa4da5fb16f486c1435d221691
                                                            • Instruction ID: 066554f3499bda3737626d78e3dba4b6790094f4ad760e2c6f995420b5568154
                                                            • Opcode Fuzzy Hash: 3754f1d620e9b4f5cd01cf099ad566dc46d7d0fa4da5fb16f486c1435d221691
                                                            • Instruction Fuzzy Hash: 52410E32A210279BCB115F7DCC905BEB7A9AF62F54B244129E461D7286EF31CDA1C790
                                                            Function 002B5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNEL32(00000001), ref: 002B53A0
                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 002B5416
                                                            • GetLastError.KERNEL32 ref: 002B5420
                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 002B54A7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                            • API String ID: 4194297153-14809454
                                                            • Opcode ID: 014bda440d55d97691fb414c515162c38ec091f933369019e5ecf5aaf5ed8b1b
                                                            • Instruction ID: d7828b5332663d68b4c0c70d6bfba718e82b3740b6a236cbb0b1e73de099974b
                                                            • Opcode Fuzzy Hash: 014bda440d55d97691fb414c515162c38ec091f933369019e5ecf5aaf5ed8b1b
                                                            • Instruction Fuzzy Hash: AA31D035A206269FD711DF68C489BEABBF4EF04345F188066E405CF292DB71DDA6CB90
                                                            Function 002D3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateMenu.USER32 ref: 002D3C79
                                                            • SetMenu.USER32(?,00000000), ref: 002D3C88
                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002D3D10
                                                            • IsMenu.USER32(?), ref: 002D3D24
                                                            • CreatePopupMenu.USER32 ref: 002D3D2E
                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 002D3D5B
                                                            • DrawMenuBar.USER32 ref: 002D3D63
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                            • String ID: 0$F
                                                            • API String ID: 161812096-3044882817
                                                            • Opcode ID: 87eac54f374e2f1aec603558c3c33377742fa5c8aa1aca208c48d35edadfc662
                                                            • Instruction ID: edc606ea597ba6f47ebf26d58d03b8b4cd0e6c734ead6d449617d87afe91a7ee
                                                            • Opcode Fuzzy Hash: 87eac54f374e2f1aec603558c3c33377742fa5c8aa1aca208c48d35edadfc662
                                                            • Instruction Fuzzy Hash: 25415DB5A1120AEFDB14CF64E844ADA77B6FF49350F24402AF946A7360D770AE20CF95
                                                            Function 002D3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 002D3A9D
                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 002D3AA0
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D3AC7
                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 002D3AEA
                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 002D3B62
                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 002D3BAC
                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 002D3BC7
                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 002D3BE2
                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 002D3BF6
                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 002D3C13
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$LongWindow
                                                            • String ID:
                                                            • API String ID: 312131281-0
                                                            • Opcode ID: 9b0fd2b12f02cdf89d67a800930e8944e49b55c38637b1db312751e9b9e9ceb8
                                                            • Instruction ID: 8be90159462240f7dee78ef752b4750671e5d20d73c3eb7bc68a46fa373a92cb
                                                            • Opcode Fuzzy Hash: 9b0fd2b12f02cdf89d67a800930e8944e49b55c38637b1db312751e9b9e9ceb8
                                                            • Instruction Fuzzy Hash: AA617875A10208AFDB11DFA8CC81EEEB7B8EB09704F10419AFA15A73A1D774AE51DF50
                                                            Function 002AB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentThreadId.KERNEL32 ref: 002AB151
                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,002AA1E1,?,00000001), ref: 002AB165
                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 002AB16C
                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,002AA1E1,?,00000001), ref: 002AB17B
                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 002AB18D
                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,002AA1E1,?,00000001), ref: 002AB1A6
                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,002AA1E1,?,00000001), ref: 002AB1B8
                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,002AA1E1,?,00000001), ref: 002AB1FD
                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,002AA1E1,?,00000001), ref: 002AB212
                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,002AA1E1,?,00000001), ref: 002AB21D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                            • String ID:
                                                            • API String ID: 2156557900-0
                                                            • Opcode ID: ada0283f5b48e460a9d1598bb0c31e6b4ab85748efe4dc9d71b9347b7ee0985d
                                                            • Instruction ID: 35d8aee7d93570dd63b75735adbbcd14e04a2143823c2307f0ff1b1359e51a75
                                                            • Opcode Fuzzy Hash: ada0283f5b48e460a9d1598bb0c31e6b4ab85748efe4dc9d71b9347b7ee0985d
                                                            • Instruction Fuzzy Hash: BB31CE71920206BFDB129F24EC48BED7BADBB5A351F208016FA06D6191DBB49E00CF60
                                                            Function 00272C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 00272C94
                                                              • Part of subcall function 002729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000), ref: 002729DE
                                                              • Part of subcall function 002729C8: GetLastError.KERNEL32(00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000,00000000), ref: 002729F0
                                                            • _free.LIBCMT ref: 00272CA0
                                                            • _free.LIBCMT ref: 00272CAB
                                                            • _free.LIBCMT ref: 00272CB6
                                                            • _free.LIBCMT ref: 00272CC1
                                                            • _free.LIBCMT ref: 00272CCC
                                                            • _free.LIBCMT ref: 00272CD7
                                                            • _free.LIBCMT ref: 00272CE2
                                                            • _free.LIBCMT ref: 00272CED
                                                            • _free.LIBCMT ref: 00272CFB
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: c66a011114abc398d1655ce219b087a45e3c5c5912ad40135381d556b891eaaf
                                                            • Instruction ID: 1e1c83c216d359ddb67be5470d01ccae69925aaae187ef359f9621c4356a959d
                                                            • Opcode Fuzzy Hash: c66a011114abc398d1655ce219b087a45e3c5c5912ad40135381d556b891eaaf
                                                            • Instruction Fuzzy Hash: 4211C676121108EFCB02EF64D842CDD7BA5FF05350F5594A5FA4C5B222D631EAA49F90
                                                            Function 00241410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00241459
                                                            • OleUninitialize.OLE32(?,00000000), ref: 002414F8
                                                            • UnregisterHotKey.USER32(?), ref: 002416DD
                                                            • DestroyWindow.USER32(?), ref: 002824B9
                                                            • FreeLibrary.KERNEL32(?), ref: 0028251E
                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0028254B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                            • String ID: close all
                                                            • API String ID: 469580280-3243417748
                                                            • Opcode ID: 43edcc1a32dfbeb3879dac0eb00e8b767923821466957e80603df32c42946fda
                                                            • Instruction ID: 243d101d366ef39d9e1546e65580f75cf0d4aa63e5b33c765fed1bdf826c9991
                                                            • Opcode Fuzzy Hash: 43edcc1a32dfbeb3879dac0eb00e8b767923821466957e80603df32c42946fda
                                                            • Instruction Fuzzy Hash: 9DD16A35722212CFCB1DEF14C499A69F7A4BF05700F6442ADE84A6B292DB30AD76CF54
                                                            Function 002B7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 002B7FAD
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 002B7FC1
                                                            • GetFileAttributesW.KERNEL32(?), ref: 002B7FEB
                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 002B8005
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 002B8017
                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 002B8060
                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 002B80B0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CurrentDirectory$AttributesFile
                                                            • String ID: *.*
                                                            • API String ID: 769691225-438819550
                                                            • Opcode ID: 71a3a856f84e55933c91998bbdb1f3c1a4c67f566f2d31d520bcc4aadab25be6
                                                            • Instruction ID: c05db6f74e7b597a342133bbe60ddab8c1a6de5831558c43e9643a14f599c823
                                                            • Opcode Fuzzy Hash: 71a3a856f84e55933c91998bbdb1f3c1a4c67f566f2d31d520bcc4aadab25be6
                                                            • Instruction Fuzzy Hash: 4A81A0715282029BCB24EF14C844AEEB3E8BFC8390F144C5AF889D7250EB75DD69CB52
                                                            Function 00245BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00245C7A
                                                              • Part of subcall function 00245D0A: GetClientRect.USER32(?,?), ref: 00245D30
                                                              • Part of subcall function 00245D0A: GetWindowRect.USER32(?,?), ref: 00245D71
                                                              • Part of subcall function 00245D0A: ScreenToClient.USER32(?,?), ref: 00245D99
                                                            • GetDC.USER32 ref: 002846F5
                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00284708
                                                            • SelectObject.GDI32(00000000,00000000), ref: 00284716
                                                            • SelectObject.GDI32(00000000,00000000), ref: 0028472B
                                                            • ReleaseDC.USER32(?,00000000), ref: 00284733
                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 002847C4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                            • String ID: U
                                                            • API String ID: 4009187628-3372436214
                                                            • Opcode ID: aad55640f35427e9dd8010197ffe76a98df398e1c766e29624971dd0bb513bdc
                                                            • Instruction ID: 09c9be3eb55ed704608f4c714e9d0ddb15d1b2baec19346d53f2a86447746452
                                                            • Opcode Fuzzy Hash: aad55640f35427e9dd8010197ffe76a98df398e1c766e29624971dd0bb513bdc
                                                            • Instruction Fuzzy Hash: 00710438421207DFCF25AF64C984AFA7BB5FF4A320F24422AED915A1A6C3318C61DF50
                                                            Function 002B359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 002B35E4
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • LoadStringW.USER32(00312390,?,00000FFF,?), ref: 002B360A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: LoadString$_wcslen
                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                            • API String ID: 4099089115-2391861430
                                                            • Opcode ID: e027ea28a5cf0a14db550ca259acaa1838d81ca43b65af86436783a5542df5c7
                                                            • Instruction ID: 8e707e2b0a30bcce22e5845329981c0634eb86bd157d46b260ae8a8a087558e8
                                                            • Opcode Fuzzy Hash: e027ea28a5cf0a14db550ca259acaa1838d81ca43b65af86436783a5542df5c7
                                                            • Instruction Fuzzy Hash: FA51707282020ABBDF19EFA0DC46EEEBB78AF04340F144165F51572192DB305AE9DFA1
                                                            Function 002BC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 002BC272
                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 002BC29A
                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 002BC2CA
                                                            • GetLastError.KERNEL32 ref: 002BC322
                                                            • SetEvent.KERNEL32(?), ref: 002BC336
                                                            • InternetCloseHandle.WININET(00000000), ref: 002BC341
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                            • String ID:
                                                            • API String ID: 3113390036-3916222277
                                                            • Opcode ID: 896272809e780d6f2e09e4fa1bd28349fa479bf87679ed82e34faa0efa3b2ccf
                                                            • Instruction ID: 062cd5bd0f652d19064adbbc3bcfd11a725f6ef9016575dacd7187c1659211b6
                                                            • Opcode Fuzzy Hash: 896272809e780d6f2e09e4fa1bd28349fa479bf87679ed82e34faa0efa3b2ccf
                                                            • Instruction Fuzzy Hash: 1C31A0B1610209AFE7219F649C88AEB7BFCEB49780F64851EF486D2200DB34DD54CB60
                                                            Function 002A989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00283AAF,?,?,Bad directive syntax error,002DCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 002A98BC
                                                            • LoadStringW.USER32(00000000,?,00283AAF,?), ref: 002A98C3
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 002A9987
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                            • API String ID: 858772685-4153970271
                                                            • Opcode ID: 1641be4d92ce2ba82a2a213c66aea72aa3cdf5cc808b13d5186bee49f02b8b5f
                                                            • Instruction ID: bbb0dd671bae24506aceba876be144be76de737e40097a32f33d91c653d30744
                                                            • Opcode Fuzzy Hash: 1641be4d92ce2ba82a2a213c66aea72aa3cdf5cc808b13d5186bee49f02b8b5f
                                                            • Instruction Fuzzy Hash: FB218F32C2021AABDF15EF90CC1AEEE7739BF18300F044456F515620A2DA719AB8DF50
                                                            Function 002A209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetParent.USER32 ref: 002A20AB
                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 002A20C0
                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 002A214D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameParentSend
                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                            • API String ID: 1290815626-3381328864
                                                            • Opcode ID: 3e3098fad910507544022e7f2fd7dc5607294e9cb10659852e8d4c022a1a28bf
                                                            • Instruction ID: ad0187cbee8cf7fbbad2328ca0200f94e839241236fecab60fbd371c0b3d6e09
                                                            • Opcode Fuzzy Hash: 3e3098fad910507544022e7f2fd7dc5607294e9cb10659852e8d4c022a1a28bf
                                                            • Instruction Fuzzy Hash: 11110A766A8707FAFA057624EC1ADE7379CCF16324F300116FB08A50D2EEA1AC655E54
                                                            Function 0027CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                            • String ID:
                                                            • API String ID: 1282221369-0
                                                            • Opcode ID: 783eca23bf8ff38e825310c7ca2c4dc3635726fe9586279aa9bad4d38cf6e95b
                                                            • Instruction ID: 11d4dea6dce27c0ba21c610cb7c9620f9da0a3bfa7bdb6c3737c6436a9dade48
                                                            • Opcode Fuzzy Hash: 783eca23bf8ff38e825310c7ca2c4dc3635726fe9586279aa9bad4d38cf6e95b
                                                            • Instruction Fuzzy Hash: F9615C71925302EFDB26AFB4AC81A6E7BA9AF05310F24C16FF94C97281D7319D608B51
                                                            Function 002D50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 002D5186
                                                            • ShowWindow.USER32(?,00000000), ref: 002D51C7
                                                            • ShowWindow.USER32(?,00000005,?,00000000), ref: 002D51CD
                                                            • SetFocus.USER32(?,?,00000005,?,00000000), ref: 002D51D1
                                                              • Part of subcall function 002D6FBA: DeleteObject.GDI32(00000000), ref: 002D6FE6
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D520D
                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002D521A
                                                            • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 002D524D
                                                            • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 002D5287
                                                            • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 002D5296
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                            • String ID:
                                                            • API String ID: 3210457359-0
                                                            • Opcode ID: 8352384064a62d6214319e7d46475ff664cb98de7cdf18aa95094c2164a7bf75
                                                            • Instruction ID: f3377de5f830bca4e1a363d99c6ccdf795171f7b13248222a2d85ac749def613
                                                            • Opcode Fuzzy Hash: 8352384064a62d6214319e7d46475ff664cb98de7cdf18aa95094c2164a7bf75
                                                            • Instruction Fuzzy Hash: 03518130A71A29AEEB249F24CC49BD87B65AB05361F148113F919963E0C7F5DDA8DF40
                                                            Function 00258B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00296890
                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 002968A9
                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 002968B9
                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 002968D1
                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 002968F2
                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00258874,00000000,00000000,00000000,000000FF,00000000), ref: 00296901
                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0029691E
                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00258874,00000000,00000000,00000000,000000FF,00000000), ref: 0029692D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                            • String ID:
                                                            • API String ID: 1268354404-0
                                                            • Opcode ID: 0dd66f417ddb42d81e4a0e65312e35e23b997951e227039ccd3f0c58c13bf3a9
                                                            • Instruction ID: 31ef69cf21e54321618387f08bcbacd3a25a685b89a1d1a806a3c38a509c5e09
                                                            • Opcode Fuzzy Hash: 0dd66f417ddb42d81e4a0e65312e35e23b997951e227039ccd3f0c58c13bf3a9
                                                            • Instruction Fuzzy Hash: 79518D70A20206EFDB20CF24CC59BAA77B9FB48355F104519F956E72A0DBB0ED64DB50
                                                            Function 002BC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 002BC182
                                                            • GetLastError.KERNEL32 ref: 002BC195
                                                            • SetEvent.KERNEL32(?), ref: 002BC1A9
                                                              • Part of subcall function 002BC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 002BC272
                                                              • Part of subcall function 002BC253: GetLastError.KERNEL32 ref: 002BC322
                                                              • Part of subcall function 002BC253: SetEvent.KERNEL32(?), ref: 002BC336
                                                              • Part of subcall function 002BC253: InternetCloseHandle.WININET(00000000), ref: 002BC341
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                            • String ID:
                                                            • API String ID: 337547030-0
                                                            • Opcode ID: 014fe646de10dd0038bdc61d5d05d8b4c8c3ccc8221361a72b6ba9a92a1a97d6
                                                            • Instruction ID: 63a20163afa64a7de31f31726d31c82a8349a90162d204cb36b6b3df33842c6e
                                                            • Opcode Fuzzy Hash: 014fe646de10dd0038bdc61d5d05d8b4c8c3ccc8221361a72b6ba9a92a1a97d6
                                                            • Instruction Fuzzy Hash: 19319471611606AFDB219FA5DC48AB6BBF9FF58380B24441EFD5AC6610D730E824DFA0
                                                            Function 002A25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 002A3A57
                                                              • Part of subcall function 002A3A3D: GetCurrentThreadId.KERNEL32 ref: 002A3A5E
                                                              • Part of subcall function 002A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002A25B3), ref: 002A3A65
                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 002A25BD
                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 002A25DB
                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 002A25DF
                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 002A25E9
                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 002A2601
                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 002A2605
                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 002A260F
                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 002A2623
                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 002A2627
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                            • String ID:
                                                            • API String ID: 2014098862-0
                                                            • Opcode ID: 8ba6e3eea79b57b591eab57fc0cfce32ea48d1f9df537bc57af45c097dfa61ff
                                                            • Instruction ID: c3f353cb1ed54b5bb6b548ac420356964459ca503bfba98cc59862617ae05d71
                                                            • Opcode Fuzzy Hash: 8ba6e3eea79b57b591eab57fc0cfce32ea48d1f9df537bc57af45c097dfa61ff
                                                            • Instruction Fuzzy Hash: 9D01B530A90220BBFB1067689C8EF593F59DB4AB11F200012F318AE0D1CDE19854CAA9
                                                            Function 002A1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,002A1449,?,?,00000000), ref: 002A180C
                                                            • HeapAlloc.KERNEL32(00000000,?,002A1449,?,?,00000000), ref: 002A1813
                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,002A1449,?,?,00000000), ref: 002A1828
                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,002A1449,?,?,00000000), ref: 002A1830
                                                            • DuplicateHandle.KERNEL32(00000000,?,002A1449,?,?,00000000), ref: 002A1833
                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,002A1449,?,?,00000000), ref: 002A1843
                                                            • GetCurrentProcess.KERNEL32(002A1449,00000000,?,002A1449,?,?,00000000), ref: 002A184B
                                                            • DuplicateHandle.KERNEL32(00000000,?,002A1449,?,?,00000000), ref: 002A184E
                                                            • CreateThread.KERNEL32(00000000,00000000,002A1874,00000000,00000000,00000000), ref: 002A1868
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                            • String ID:
                                                            • API String ID: 1957940570-0
                                                            • Opcode ID: 4854c1368dbe10d80ad28a8f9ecfbca3bb04567eb9307ce55a118d56bd46a85f
                                                            • Instruction ID: 3237054ba1ece8239c16d54560679c3e58ca4b0172eef57ed2a06afecff6c3dd
                                                            • Opcode Fuzzy Hash: 4854c1368dbe10d80ad28a8f9ecfbca3bb04567eb9307ce55a118d56bd46a85f
                                                            • Instruction Fuzzy Hash: 8C01BBB5681359BFE710ABA5EC4DF6B3BACEB89B11F104411FA05DB1A1CA74DC10CB20
                                                            Function 00273E80 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 305COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: __alldvrm$_strrchr
                                                            • String ID: }}&$}}&$}}&
                                                            • API String ID: 1036877536-2654340041
                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                            • Instruction ID: 378b9bf9a69a9eefb5b7b1fcba6691ce79bda0228b92910360270290177de2d1
                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                            • Instruction Fuzzy Hash: 44A15871E203869FEB15EF18C8917AEBBE4EF61350F14816DE59D9B281C33889A1CB51
                                                            Function 002CA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002AD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 002AD501
                                                              • Part of subcall function 002AD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 002AD50F
                                                              • Part of subcall function 002AD4DC: CloseHandle.KERNEL32(00000000), ref: 002AD5DC
                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002CA16D
                                                            • GetLastError.KERNEL32 ref: 002CA180
                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 002CA1B3
                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 002CA268
                                                            • GetLastError.KERNEL32(00000000), ref: 002CA273
                                                            • CloseHandle.KERNEL32(00000000), ref: 002CA2C4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                            • String ID: SeDebugPrivilege
                                                            • API String ID: 2533919879-2896544425
                                                            • Opcode ID: 12cd02aea0cf2c93f300023fc70b6c202cdaabc8060bf7a62fb37ccbe08a7582
                                                            • Instruction ID: 4eb1f51c2babb6ff6828cc286ff61690a71867fc7b985c3e496a41f537a566d2
                                                            • Opcode Fuzzy Hash: 12cd02aea0cf2c93f300023fc70b6c202cdaabc8060bf7a62fb37ccbe08a7582
                                                            • Instruction Fuzzy Hash: C561C1706252429FD324DF18C494F15BBE1AF4431CF18858DE86A8BBA3C7B6EC55CB82
                                                            Function 002D3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 002D3925
                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 002D393A
                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 002D3954
                                                            • _wcslen.LIBCMT ref: 002D3999
                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 002D39C6
                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 002D39F4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window_wcslen
                                                            • String ID: SysListView32
                                                            • API String ID: 2147712094-78025650
                                                            • Opcode ID: badc9dbaa836813938b6630e7b950b53be871a1dd09803e7ea8c0a00891c0751
                                                            • Instruction ID: 1aac4cbeed3aa46295eb1fdffa89cd9a72c2fb0b4a6e1d1731c4c8118256d63b
                                                            • Opcode Fuzzy Hash: badc9dbaa836813938b6630e7b950b53be871a1dd09803e7ea8c0a00891c0751
                                                            • Instruction Fuzzy Hash: D6419471A1021AABEF21DF64CC49BEA77A9EF48350F100527F958E7281D7B1DDA4CB90
                                                            Function 002ABC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002ABCFD
                                                            • IsMenu.USER32(00000000), ref: 002ABD1D
                                                            • CreatePopupMenu.USER32 ref: 002ABD53
                                                            • GetMenuItemCount.USER32(01896928), ref: 002ABDA4
                                                            • InsertMenuItemW.USER32(01896928,?,00000001,00000030), ref: 002ABDCC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                            • String ID: 0$2
                                                            • API String ID: 93392585-3793063076
                                                            • Opcode ID: db93b82d9a61c0b1597940dde694cbf452ea838a516e7d13fd203a74e98ecabb
                                                            • Instruction ID: 8cfee6ba5934476acd13dda976c2f245aaca2586af33a286edf7711654b989af
                                                            • Opcode Fuzzy Hash: db93b82d9a61c0b1597940dde694cbf452ea838a516e7d13fd203a74e98ecabb
                                                            • Instruction Fuzzy Hash: C951B570A10606DBDF12CFB8D888BAEBBF4BF47314F24415AE401EB292DB709950CB51
                                                            Function 00262D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _ValidateLocalCookies.LIBCMT ref: 00262D4B
                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00262D53
                                                            • _ValidateLocalCookies.LIBCMT ref: 00262DE1
                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00262E0C
                                                            • _ValidateLocalCookies.LIBCMT ref: 00262E61
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                            • String ID: &H&$csm
                                                            • API String ID: 1170836740-1292234318
                                                            • Opcode ID: e85e2d1fc22f434a7117323019775caacf3e8b1f6a61355cf6e84d809e860ad9
                                                            • Instruction ID: 48b3377b05775cac3e5dc9d613bc20eccd6b2b4968b907a55215e20438a49374
                                                            • Opcode Fuzzy Hash: e85e2d1fc22f434a7117323019775caacf3e8b1f6a61355cf6e84d809e860ad9
                                                            • Instruction Fuzzy Hash: 3641D534A2160ADBCF10DF68C885ADEBBB4BF45314F148155E814AB392D771EAA9CFD0
                                                            Function 002AC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadIconW.USER32(00000000,00007F03), ref: 002AC913
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: IconLoad
                                                            • String ID: blank$info$question$stop$warning
                                                            • API String ID: 2457776203-404129466
                                                            • Opcode ID: fcf7e9599231e2d77b1bd270d20831e1364033009ab31be01f4a55c27943ea72
                                                            • Instruction ID: 83bfc5b524c85fbc972c731841edc140a11b3afe516933ccb346eb7c53646b18
                                                            • Opcode Fuzzy Hash: fcf7e9599231e2d77b1bd270d20831e1364033009ab31be01f4a55c27943ea72
                                                            • Instruction Fuzzy Hash: BA1108356AA307BFE7026B549C93CAB67DCDF16714B30002EF900A62C2DFA45D605665
                                                            Function 002ADE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                            • String ID: 0.0.0.0
                                                            • API String ID: 642191829-3771769585
                                                            • Opcode ID: 2a3aea18b018d2061737a05f16d98e4d7d3778df5da3278c5d557f81c4fde052
                                                            • Instruction ID: 154b2017e992cb02b821520e8372b4213543a21db77420d8e848e189cae2f6de
                                                            • Opcode Fuzzy Hash: 2a3aea18b018d2061737a05f16d98e4d7d3778df5da3278c5d557f81c4fde052
                                                            • Instruction Fuzzy Hash: 78110631924116AFDB24BB30AD4AEEE77ACDF12711F10016AF54696091EF718EA1DE60
                                                            Function 002AED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$LocalTime
                                                            • String ID:
                                                            • API String ID: 952045576-0
                                                            • Opcode ID: 1b3ace55eed46df638c0891830d2cd82ee3628918f5226abe8caa49324793c99
                                                            • Instruction ID: 250033f82dc7126ab1459208f2b8b00f246fe3438f872ec8aded0fd21827684c
                                                            • Opcode Fuzzy Hash: 1b3ace55eed46df638c0891830d2cd82ee3628918f5226abe8caa49324793c99
                                                            • Instruction Fuzzy Hash: 1741B565D2121876DB11FBF4888AACFB7ACAF45310F508462E914E3162FB34D2A5CBE5
                                                            Function 0025F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0029682C,00000004,00000000,00000000), ref: 0025F953
                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,0029682C,00000004,00000000,00000000), ref: 0029F3D1
                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,0029682C,00000004,00000000,00000000), ref: 0029F454
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ShowWindow
                                                            • String ID:
                                                            • API String ID: 1268545403-0
                                                            • Opcode ID: c58c11f3f67ff703fd1bc86f3f998fee9e4c77e54259f9d7c799255fd713b68f
                                                            • Instruction ID: 92c489f091d5982b66c36970048dbd299e1ae29c2760593d703f18a47eb17596
                                                            • Opcode Fuzzy Hash: c58c11f3f67ff703fd1bc86f3f998fee9e4c77e54259f9d7c799255fd713b68f
                                                            • Instruction Fuzzy Hash: 32419231534AC1BACBF58F38DB8C76A7B95AF46322F14403DE94792560C67198A8CB15
                                                            Function 002D2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteObject.GDI32(00000000), ref: 002D2D1B
                                                            • GetDC.USER32(00000000), ref: 002D2D23
                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002D2D2E
                                                            • ReleaseDC.USER32(00000000,00000000), ref: 002D2D3A
                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 002D2D76
                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 002D2D87
                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,002D5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 002D2DC2
                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 002D2DE1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                            • String ID:
                                                            • API String ID: 3864802216-0
                                                            • Opcode ID: 9855db7b8dbea85ca3ddb20bcbd7201f2e9e5a109f05fcec1d3f39aded12535d
                                                            • Instruction ID: 75514c2d963b77870a06f17112467abf06e3d3572b320dd0caffd82b5c98392d
                                                            • Opcode Fuzzy Hash: 9855db7b8dbea85ca3ddb20bcbd7201f2e9e5a109f05fcec1d3f39aded12535d
                                                            • Instruction Fuzzy Hash: 0B31CC72212210BFEB248F10DC8AFEB3FADEF49711F184056FE489A291C6758C50CBA0
                                                            Function 002A5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _memcmp
                                                            • String ID:
                                                            • API String ID: 2931989736-0
                                                            • Opcode ID: 5f9bf5699e6a160dbbe7d0238f312a566a19c89ac6e64b5c95ec9f830259959e
                                                            • Instruction ID: da2e7f9df2b3240c33d47141dc15d68c3b15fb9f33983bdf380d33b68e3b5c7f
                                                            • Opcode Fuzzy Hash: 5f9bf5699e6a160dbbe7d0238f312a566a19c89ac6e64b5c95ec9f830259959e
                                                            • Instruction Fuzzy Hash: C421CC61670A2677D21899114F82FFB735CAF23784F444022FD165A745FF60FD3085A9
                                                            Function 002C4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                            • API String ID: 0-572801152
                                                            • Opcode ID: 1a028b45095751aabe1ac63068815137322a3979a621d249d2fb964289f2a9fc
                                                            • Instruction ID: f80934613c2d731e0705b21ada1aa8a70578b2e7a22a8327d5285c01eb5fd426
                                                            • Opcode Fuzzy Hash: 1a028b45095751aabe1ac63068815137322a3979a621d249d2fb964289f2a9fc
                                                            • Instruction Fuzzy Hash: 43D1A171A1061A9FDF10CF98C884FAEB7B5BF48344F14826DE915AB281D7B0ED95CB90
                                                            Function 00281522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCPInfo.KERNEL32(?,?), ref: 002815CE
                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00281651
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 002816E4
                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 002816FB
                                                              • Part of subcall function 00273820: RtlAllocateHeap.NTDLL(00000000,?,00311444,?,0025FDF5,?,?,0024A976,00000010,00311440,002413FC,?,002413C6,?,00241129), ref: 00273852
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00281777
                                                            • __freea.LIBCMT ref: 002817A2
                                                            • __freea.LIBCMT ref: 002817AE
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                            • String ID:
                                                            • API String ID: 2829977744-0
                                                            • Opcode ID: 9ba644d19d8ecedaba2438349a47110bc55c7b5aa02d2d6a936455a1e6c6293e
                                                            • Instruction ID: e8d5ba0d54dff18832e29480997c2fcbbd6f94eef213f843d092cb59e36d96f0
                                                            • Opcode Fuzzy Hash: 9ba644d19d8ecedaba2438349a47110bc55c7b5aa02d2d6a936455a1e6c6293e
                                                            • Instruction Fuzzy Hash: F591C779E222179ADB20AE74CC41AEEBBBD9F49310F584659E805E71C1D739CC72CB60
                                                            Function 002C4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearInit
                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                            • API String ID: 2610073882-625585964
                                                            • Opcode ID: 59ddb3533c8b9271dd46522646af9ba611331d7b7c6cd1d5e8254a63064db8d4
                                                            • Instruction ID: 38a3b5099c6cb959090b71568d64714c8fc2edc048373f80d74c448fe698f8d2
                                                            • Opcode Fuzzy Hash: 59ddb3533c8b9271dd46522646af9ba611331d7b7c6cd1d5e8254a63064db8d4
                                                            • Instruction Fuzzy Hash: 7A91A070A20215ABDF24DFA4C858FAFBBB8EF46714F10865EF505AB280D7709955CFA0
                                                            Function 002B1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 002B125C
                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 002B1284
                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 002B12A8
                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002B12D8
                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002B135F
                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002B13C4
                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 002B1430
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                            • String ID:
                                                            • API String ID: 2550207440-0
                                                            • Opcode ID: 311a5f8eb6ef423d67a71b1f323574abf3993cc665796bdcd11baf55ac3eb866
                                                            • Instruction ID: dda39e890e6793b5179df2b98e524e170c6fdf179312195981d60b1c813d0630
                                                            • Opcode Fuzzy Hash: 311a5f8eb6ef423d67a71b1f323574abf3993cc665796bdcd11baf55ac3eb866
                                                            • Instruction Fuzzy Hash: 0191E072A20219AFEB009F98C8A4BFE77B5FF45355F50402AE910EB291D774A961CF90
                                                            Function 0025948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ObjectSelect$BeginCreatePath
                                                            • String ID:
                                                            • API String ID: 3225163088-0
                                                            • Opcode ID: ae3529437b8498269d79363a5c340de3672b93c03f056886bbd95c2c61524614
                                                            • Instruction ID: a265c134f9d8307c3618e476372ef350c5fac203ab1c479fa27ee8886aebe5c4
                                                            • Opcode Fuzzy Hash: ae3529437b8498269d79363a5c340de3672b93c03f056886bbd95c2c61524614
                                                            • Instruction Fuzzy Hash: 58914771D2021AEFCB10CFA9CC88AEEBBB8FF49321F144055E915B7251D374A9A5CB64
                                                            Function 002C3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VariantInit.OLEAUT32(?), ref: 002C396B
                                                            • CharUpperBuffW.USER32(?,?), ref: 002C3A7A
                                                            • _wcslen.LIBCMT ref: 002C3A8A
                                                            • VariantClear.OLEAUT32(?), ref: 002C3C1F
                                                              • Part of subcall function 002B0CDF: VariantInit.OLEAUT32(00000000), ref: 002B0D1F
                                                              • Part of subcall function 002B0CDF: VariantCopy.OLEAUT32(?,?), ref: 002B0D28
                                                              • Part of subcall function 002B0CDF: VariantClear.OLEAUT32(?), ref: 002B0D34
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                            • API String ID: 4137639002-1221869570
                                                            • Opcode ID: a545b39c52eb9f5fd98c7e4b8f4731c5b39016dbb6f1d67ded199192416c0229
                                                            • Instruction ID: 8554c1e1d726c7953f45f431ced8fef004af43506e63b70c17f199c181ee8866
                                                            • Opcode Fuzzy Hash: a545b39c52eb9f5fd98c7e4b8f4731c5b39016dbb6f1d67ded199192416c0229
                                                            • Instruction Fuzzy Hash: 86912575A283019FC704EF24C480A6AB7E4BF89314F14896EF8899B351DB31EE55CF92
                                                            Function 002C4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002A000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0029FF41,80070057,?,?,?,002A035E), ref: 002A002B
                                                              • Part of subcall function 002A000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0029FF41,80070057,?,?), ref: 002A0046
                                                              • Part of subcall function 002A000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0029FF41,80070057,?,?), ref: 002A0054
                                                              • Part of subcall function 002A000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0029FF41,80070057,?), ref: 002A0064
                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 002C4C51
                                                            • _wcslen.LIBCMT ref: 002C4D59
                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 002C4DCF
                                                            • CoTaskMemFree.OLE32(?), ref: 002C4DDA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                            • String ID: NULL Pointer assignment
                                                            • API String ID: 614568839-2785691316
                                                            • Opcode ID: 4bb7df203275a94d814c5562aa939deb7e6334329ab96495a32b7cbc59e715bb
                                                            • Instruction ID: fcf34d14f319761579e54578fef3f455d69a2ef28e83d546654852af266cd192
                                                            • Opcode Fuzzy Hash: 4bb7df203275a94d814c5562aa939deb7e6334329ab96495a32b7cbc59e715bb
                                                            • Instruction Fuzzy Hash: 42912771D10219AFDF14EFA4D891EEEB7B8BF08304F10826AE915A7251DB709E64CF60
                                                            Function 002D20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetMenu.USER32(?), ref: 002D2183
                                                            • GetMenuItemCount.USER32(00000000), ref: 002D21B5
                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 002D21DD
                                                            • _wcslen.LIBCMT ref: 002D2213
                                                            • GetMenuItemID.USER32(?,?), ref: 002D224D
                                                            • GetSubMenu.USER32(?,?), ref: 002D225B
                                                              • Part of subcall function 002A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 002A3A57
                                                              • Part of subcall function 002A3A3D: GetCurrentThreadId.KERNEL32 ref: 002A3A5E
                                                              • Part of subcall function 002A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002A25B3), ref: 002A3A65
                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 002D22E3
                                                              • Part of subcall function 002AE97B: Sleep.KERNEL32 ref: 002AE9F3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                            • String ID:
                                                            • API String ID: 4196846111-0
                                                            • Opcode ID: d1b88252a1340968658500aea6e0172f1b4c3bc9819870a93dcea1e7d500b045
                                                            • Instruction ID: 1a45cd1dee86a12ad6505f4fcef41d9511a06538eb2ba68b487af858c2778391
                                                            • Opcode Fuzzy Hash: d1b88252a1340968658500aea6e0172f1b4c3bc9819870a93dcea1e7d500b045
                                                            • Instruction Fuzzy Hash: C671AD35E20205EFCB04DF68C845AAEB7F5EF98310F10849AE816AB351DB34ED558F90
                                                            Function 002D7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsWindow.USER32(01896B30), ref: 002D7F37
                                                            • IsWindowEnabled.USER32(01896B30), ref: 002D7F43
                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 002D801E
                                                            • SendMessageW.USER32(01896B30,000000B0,?,?), ref: 002D8051
                                                            • IsDlgButtonChecked.USER32(?,?), ref: 002D8089
                                                            • GetWindowLongW.USER32(01896B30,000000EC), ref: 002D80AB
                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 002D80C3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                            • String ID:
                                                            • API String ID: 4072528602-0
                                                            • Opcode ID: 7d5fac16401237b3bc4bb253c702f1c7d0ca3844aba3213ce66e5203fbe817a1
                                                            • Instruction ID: f20847ef3b3da490d292ed16f8c701d529c840a561224d7441f666b663099702
                                                            • Opcode Fuzzy Hash: 7d5fac16401237b3bc4bb253c702f1c7d0ca3844aba3213ce66e5203fbe817a1
                                                            • Instruction Fuzzy Hash: E771B034A28206AFEB359F54C884FFABBB9EF19300F14405BE955973A1DB35AC64CB50
                                                            Function 002AAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetParent.USER32(?), ref: 002AAEF9
                                                            • GetKeyboardState.USER32(?), ref: 002AAF0E
                                                            • SetKeyboardState.USER32(?), ref: 002AAF6F
                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 002AAF9D
                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 002AAFBC
                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 002AAFFD
                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 002AB020
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessagePost$KeyboardState$Parent
                                                            • String ID:
                                                            • API String ID: 87235514-0
                                                            • Opcode ID: a8d0ee4bfb8ff96881f73d5febb3c23d43863f32d4b86529fd818dec9a78362a
                                                            • Instruction ID: cd3dc9e17fec6fe83648ce1d39548f6c7f26e7b5a7b7e66e86215d9cd6cd30bc
                                                            • Opcode Fuzzy Hash: a8d0ee4bfb8ff96881f73d5febb3c23d43863f32d4b86529fd818dec9a78362a
                                                            • Instruction Fuzzy Hash: 4F51C5A09247D63EFB3746348C45BBABE995F07304F08858AE1D5858C3CBD99CE4D751
                                                            Function 002AACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetParent.USER32(00000000), ref: 002AAD19
                                                            • GetKeyboardState.USER32(?), ref: 002AAD2E
                                                            • SetKeyboardState.USER32(?), ref: 002AAD8F
                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 002AADBB
                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 002AADD8
                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 002AAE17
                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 002AAE38
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessagePost$KeyboardState$Parent
                                                            • String ID:
                                                            • API String ID: 87235514-0
                                                            • Opcode ID: 6f28e2a7bf6d9ebf69f06f62703aae68930057a0f227b898b75134b96a77bc22
                                                            • Instruction ID: a6169b70fd18a29e2d1262a7b570e355e2c7286ae4e30e452dc320ff08dcd72d
                                                            • Opcode Fuzzy Hash: 6f28e2a7bf6d9ebf69f06f62703aae68930057a0f227b898b75134b96a77bc22
                                                            • Instruction Fuzzy Hash: 3C51E6A19247D63EFB3787348C45B7ABE985F47300F088499E1D5468C3DB94ECA8D762
                                                            Function 0027542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetConsoleCP.KERNEL32(00283CD6,?,?,?,?,?,?,?,?,00275BA3,?,?,00283CD6,?,?), ref: 00275470
                                                            • __fassign.LIBCMT ref: 002754EB
                                                            • __fassign.LIBCMT ref: 00275506
                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00283CD6,00000005,00000000,00000000), ref: 0027552C
                                                            • WriteFile.KERNEL32(?,00283CD6,00000000,00275BA3,00000000,?,?,?,?,?,?,?,?,?,00275BA3,?), ref: 0027554B
                                                            • WriteFile.KERNEL32(?,?,00000001,00275BA3,00000000,?,?,?,?,?,?,?,?,?,00275BA3,?), ref: 00275584
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                            • String ID:
                                                            • API String ID: 1324828854-0
                                                            • Opcode ID: 7567afda409df9bf35999b24de780bb50b3cc67a34892075f919d486f0246e00
                                                            • Instruction ID: 1b38418cce27aaedd8e775bb467ffe092899d8df092b0db84337451d23b63733
                                                            • Opcode Fuzzy Hash: 7567afda409df9bf35999b24de780bb50b3cc67a34892075f919d486f0246e00
                                                            • Instruction Fuzzy Hash: 2A51F470A1161A9FDB10CFA8D845AEEFBF9EF08300F14811AF549E3291D7B0DA51CB60
                                                            Function 002C10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002C304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 002C307A
                                                              • Part of subcall function 002C304E: _wcslen.LIBCMT ref: 002C309B
                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 002C1112
                                                            • WSAGetLastError.WSOCK32 ref: 002C1121
                                                            • WSAGetLastError.WSOCK32 ref: 002C11C9
                                                            • closesocket.WSOCK32(00000000), ref: 002C11F9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                            • String ID:
                                                            • API String ID: 2675159561-0
                                                            • Opcode ID: fea9f2d7a764defd03e11244770d7311a3aa8f81e82dc3ecb81fc56bfafecd2b
                                                            • Instruction ID: ab48704a688c30429bdbf8c3d3098a9eb76b845de85495bbccd0fcfa2c57cf3b
                                                            • Opcode Fuzzy Hash: fea9f2d7a764defd03e11244770d7311a3aa8f81e82dc3ecb81fc56bfafecd2b
                                                            • Instruction Fuzzy Hash: EF411631610205AFDB109F14D849FA9B7E9EF46324F188259FD199B292C7B4ED61CFE0
                                                            Function 002ACF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,002ACF22,?), ref: 002ADDFD
                                                              • Part of subcall function 002ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,002ACF22,?), ref: 002ADE16
                                                            • lstrcmpiW.KERNEL32(?,?), ref: 002ACF45
                                                            • MoveFileW.KERNEL32(?,?), ref: 002ACF7F
                                                            • _wcslen.LIBCMT ref: 002AD005
                                                            • _wcslen.LIBCMT ref: 002AD01B
                                                            • SHFileOperationW.SHELL32(?), ref: 002AD061
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                            • String ID: \*.*
                                                            • API String ID: 3164238972-1173974218
                                                            • Opcode ID: f99380a2e1fdf938746c8f29551b75dffcec5af4b134afb2b72f0580ad0a6a13
                                                            • Instruction ID: f328a0680bcbbb63ac373a5dececf7eb7154529d3905e4bfd8751f42e03868d7
                                                            • Opcode Fuzzy Hash: f99380a2e1fdf938746c8f29551b75dffcec5af4b134afb2b72f0580ad0a6a13
                                                            • Instruction Fuzzy Hash: 7A4187718552195FDF12EFA4D981ADEB7B8AF09340F1000E7E505EB542EF34AA94CF50
                                                            Function 002D2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 002D2E1C
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D2E4F
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D2E84
                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 002D2EB6
                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 002D2EE0
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D2EF1
                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002D2F0B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: LongWindow$MessageSend
                                                            • String ID:
                                                            • API String ID: 2178440468-0
                                                            • Opcode ID: 3491cacb36d916e5c500f1f81a9e733fe811bb6589de26f5b8fb3c6688cdbda3
                                                            • Instruction ID: 67145c6887076dd2708af4e3e0ea3a302ec751e8cf4595a34f50a59126c04edc
                                                            • Opcode Fuzzy Hash: 3491cacb36d916e5c500f1f81a9e733fe811bb6589de26f5b8fb3c6688cdbda3
                                                            • Instruction Fuzzy Hash: 12311630A55152DFDB218F18DC88FA537E4EBAA710F1441A6FA109B2B2CB71FC54DB80
                                                            Function 002A7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002A7769
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002A778F
                                                            • SysAllocString.OLEAUT32(00000000), ref: 002A7792
                                                            • SysAllocString.OLEAUT32(?), ref: 002A77B0
                                                            • SysFreeString.OLEAUT32(?), ref: 002A77B9
                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 002A77DE
                                                            • SysAllocString.OLEAUT32(?), ref: 002A77EC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                            • String ID:
                                                            • API String ID: 3761583154-0
                                                            • Opcode ID: 17ee89e15d67cf296966f3d920af62bc92c8c78c425a5b4d8f5fa4232a28d6ad
                                                            • Instruction ID: db8f53851c5d4e6d611ba473367bb5c03b46dd4bf072a6430b7e189363814ed9
                                                            • Opcode Fuzzy Hash: 17ee89e15d67cf296966f3d920af62bc92c8c78c425a5b4d8f5fa4232a28d6ad
                                                            • Instruction Fuzzy Hash: 4C21C776A1521AAFDF10EFA8DC88CBB73ACEB0A3647108126F904DB150DA70DC41CB64
                                                            Function 002A77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002A7842
                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 002A7868
                                                            • SysAllocString.OLEAUT32(00000000), ref: 002A786B
                                                            • SysAllocString.OLEAUT32 ref: 002A788C
                                                            • SysFreeString.OLEAUT32 ref: 002A7895
                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 002A78AF
                                                            • SysAllocString.OLEAUT32(?), ref: 002A78BD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                            • String ID:
                                                            • API String ID: 3761583154-0
                                                            • Opcode ID: 23b0ae9c34faa97c84177be5224f40a9df9aeadfa23bfcaebef9259adbbf8559
                                                            • Instruction ID: 916565b3c0f122888907ab2fd5f046b3900e472b83747476576d51789f7ef447
                                                            • Opcode Fuzzy Hash: 23b0ae9c34faa97c84177be5224f40a9df9aeadfa23bfcaebef9259adbbf8559
                                                            • Instruction Fuzzy Hash: C121A431A19105AFDB10AFA8DC8CDAA77ECEF093607108125F915CB2A5DA78DC51DB68
                                                            Function 002B04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetStdHandle.KERNEL32(0000000C), ref: 002B04F2
                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 002B052E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CreateHandlePipe
                                                            • String ID: nul
                                                            • API String ID: 1424370930-2873401336
                                                            • Opcode ID: ae57ad8a6672ba62acd806b039991ea13b55e033e057ad0760675a4af51baec8
                                                            • Instruction ID: 1eb06bca8021ea2a1472e7af93f9b22b56b81d338ca04c16dc1c5fa42ee4c23b
                                                            • Opcode Fuzzy Hash: ae57ad8a6672ba62acd806b039991ea13b55e033e057ad0760675a4af51baec8
                                                            • Instruction Fuzzy Hash: FB217CB1910306AFDB319F69DC88ADB77A4BF447A4F604A19E9A1D62E0D7709D60CF20
                                                            Function 002B05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetStdHandle.KERNEL32(000000F6), ref: 002B05C6
                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 002B0601
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CreateHandlePipe
                                                            • String ID: nul
                                                            • API String ID: 1424370930-2873401336
                                                            • Opcode ID: 8c57a7fb62cb92f3ce243c4f74e6f54d55654f24f0d1a3f33f82aa6883add497
                                                            • Instruction ID: 6293ee53ea13c630865656093a112629e4f668ad60c82ffa09de6514d3dbdc08
                                                            • Opcode Fuzzy Hash: 8c57a7fb62cb92f3ce243c4f74e6f54d55654f24f0d1a3f33f82aa6883add497
                                                            • Instruction Fuzzy Hash: 862153759103169BDB219F699C88ADB77E8BF95760F200B19FCA1E72E0D7B09970CB10
                                                            Function 002D40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0024600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0024604C
                                                              • Part of subcall function 0024600E: GetStockObject.GDI32(00000011), ref: 00246060
                                                              • Part of subcall function 0024600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0024606A
                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 002D4112
                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 002D411F
                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 002D412A
                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 002D4139
                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 002D4145
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                            • String ID: Msctls_Progress32
                                                            • API String ID: 1025951953-3636473452
                                                            • Opcode ID: 2af5b11dc1db688796c4b646abf6248730807a74c64a66a2b17c4699a9f558ee
                                                            • Instruction ID: c7752b876f52fe359ad7b25c5a2b7cf55cdda707c9c3e18c6ac69bc975088b5a
                                                            • Opcode Fuzzy Hash: 2af5b11dc1db688796c4b646abf6248730807a74c64a66a2b17c4699a9f558ee
                                                            • Instruction Fuzzy Hash: 561193B115011ABFEF119E64CC85EE77F6DEF08798F004111B718A2190C672DC21DBA4
                                                            Function 0027D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0027D7A3: _free.LIBCMT ref: 0027D7CC
                                                            • _free.LIBCMT ref: 0027D82D
                                                              • Part of subcall function 002729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000), ref: 002729DE
                                                              • Part of subcall function 002729C8: GetLastError.KERNEL32(00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000,00000000), ref: 002729F0
                                                            • _free.LIBCMT ref: 0027D838
                                                            • _free.LIBCMT ref: 0027D843
                                                            • _free.LIBCMT ref: 0027D897
                                                            • _free.LIBCMT ref: 0027D8A2
                                                            • _free.LIBCMT ref: 0027D8AD
                                                            • _free.LIBCMT ref: 0027D8B8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                            • Instruction ID: d5fa235627063894abbfbeca0b3a68839661450e223c6845a78e005d0c1c4d0a
                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                            • Instruction Fuzzy Hash: C8118E71561B04EAD621BFB0CC07FCBFBECAF40700F448825F29DA6092DA34B5698E60
                                                            Function 002ADA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 002ADA74
                                                            • LoadStringW.USER32(00000000), ref: 002ADA7B
                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 002ADA91
                                                            • LoadStringW.USER32(00000000), ref: 002ADA98
                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 002ADADC
                                                            Strings
                                                            • %s (%d) : ==> %s: %s %s, xrefs: 002ADAB9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: HandleLoadModuleString$Message
                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                            • API String ID: 4072794657-3128320259
                                                            • Opcode ID: 0f2f0c09f923e71723c7669456cbb601916014e8f4d43003085344a778050f2d
                                                            • Instruction ID: 001442e044a2c1d7298b8f79103b1756b57768ab4f510ffb15b930c99f59608e
                                                            • Opcode Fuzzy Hash: 0f2f0c09f923e71723c7669456cbb601916014e8f4d43003085344a778050f2d
                                                            • Instruction Fuzzy Hash: B30162F29102197FE7119BA4AD8DEEB736CE709301F500992B746E2041EA749E848F74
                                                            Function 002B096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InterlockedExchange.KERNEL32(0188AFF8,0188AFF8), ref: 002B097B
                                                            • EnterCriticalSection.KERNEL32(0188AFD8,00000000), ref: 002B098D
                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 002B099B
                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 002B09A9
                                                            • CloseHandle.KERNEL32(?), ref: 002B09B8
                                                            • InterlockedExchange.KERNEL32(0188AFF8,000001F6), ref: 002B09C8
                                                            • LeaveCriticalSection.KERNEL32(0188AFD8), ref: 002B09CF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                            • String ID:
                                                            • API String ID: 3495660284-0
                                                            • Opcode ID: ed645e21eb291eaf40de5238a554fa164918fae13268f36dcbf29dd57ba8e3fc
                                                            • Instruction ID: 4f814254a75e2eb27601d0c19c2bfa0c9cdd24de1ac9805dbcbb26a245fbfd3f
                                                            • Opcode Fuzzy Hash: ed645e21eb291eaf40de5238a554fa164918fae13268f36dcbf29dd57ba8e3fc
                                                            • Instruction Fuzzy Hash: 10F0CD31883913ABD7526F94EE8DBD67B25BF05742F501126F501908A1C775A875CF90
                                                            Function 00245D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetClientRect.USER32(?,?), ref: 00245D30
                                                            • GetWindowRect.USER32(?,?), ref: 00245D71
                                                            • ScreenToClient.USER32(?,?), ref: 00245D99
                                                            • GetClientRect.USER32(?,?), ref: 00245ED7
                                                            • GetWindowRect.USER32(?,?), ref: 00245EF8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Rect$Client$Window$Screen
                                                            • String ID:
                                                            • API String ID: 1296646539-0
                                                            • Opcode ID: e1d8968820ba1cf917a01efaa6a2d7dba8c4d43b7c33588080378ef281a31874
                                                            • Instruction ID: 593b556ae2cc2798780c34af7ea24a36ad63543117d667c02ab41e2f93fe586f
                                                            • Opcode Fuzzy Hash: e1d8968820ba1cf917a01efaa6a2d7dba8c4d43b7c33588080378ef281a31874
                                                            • Instruction Fuzzy Hash: A0B16A38A20B5BDBDB14DFA9C4407EAB7F1FF44310F14841AE8A9D7290D734AA61DB54
                                                            Function 002701B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __allrem.LIBCMT ref: 002700BA
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002700D6
                                                            • __allrem.LIBCMT ref: 002700ED
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0027010B
                                                            • __allrem.LIBCMT ref: 00270122
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00270140
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                            • String ID:
                                                            • API String ID: 1992179935-0
                                                            • Opcode ID: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                            • Instruction ID: adf4e8b50a411892b187f43c5047635656fa4e21ce2effd54bbfdc25980fbde2
                                                            • Opcode Fuzzy Hash: c0aa086816e9a6b10c8594d9af3fc1b6618250ddc70608c46d0048b3e4fbc764
                                                            • Instruction Fuzzy Hash: 86812B71A20707DBEB20AF69DC81B6B73E8AF41324F24813AF519D76C1E7B0D9648B50
                                                            Function 002C1D10 Relevance: 9.3, APIs: 6, Instructions: 254networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002C3149: select.WSOCK32(00000000,?,00000000,00000000,?,?,?,00000000,?,?,?,002C101C,00000000,?,?,00000000), ref: 002C3195
                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 002C1DC0
                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 002C1DE1
                                                            • WSAGetLastError.WSOCK32 ref: 002C1DF2
                                                            • inet_ntoa.WSOCK32(?), ref: 002C1E8C
                                                            • htons.WSOCK32(?,?,?,?,?), ref: 002C1EDB
                                                            • _strlen.LIBCMT ref: 002C1F35
                                                              • Part of subcall function 002A39E8: _strlen.LIBCMT ref: 002A39F2
                                                              • Part of subcall function 00246D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000002,?,?,?,?,0025CF58,?,?,?), ref: 00246DBA
                                                              • Part of subcall function 00246D9E: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,0025CF58,?,?,?), ref: 00246DED
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide_strlen$ErrorLasthtonsinet_ntoaselect
                                                            • String ID:
                                                            • API String ID: 1923757996-0
                                                            • Opcode ID: bdc83a7c284b537875483bcfa112bff9313da2d191bc36c7c1ba80d210f4d5f9
                                                            • Instruction ID: bef1f22b6664dafe53057f9f7dfa298e661312c07ec879e6535c92dd74a3dc82
                                                            • Opcode Fuzzy Hash: bdc83a7c284b537875483bcfa112bff9313da2d191bc36c7c1ba80d210f4d5f9
                                                            • Instruction Fuzzy Hash: 56A1E330514341AFC314DF24C886F2AB7E5AF86318F548A4CF45A5B2A3CB71ED66CB92
                                                            Function 002761FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,002682D9,002682D9,?,?,?,0027644F,00000001,00000001,8BE85006), ref: 00276258
                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0027644F,00000001,00000001,8BE85006,?,?,?), ref: 002762DE
                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 002763D8
                                                            • __freea.LIBCMT ref: 002763E5
                                                              • Part of subcall function 00273820: RtlAllocateHeap.NTDLL(00000000,?,00311444,?,0025FDF5,?,?,0024A976,00000010,00311440,002413FC,?,002413C6,?,00241129), ref: 00273852
                                                            • __freea.LIBCMT ref: 002763EE
                                                            • __freea.LIBCMT ref: 00276413
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1414292761-0
                                                            • Opcode ID: 82fc2fabda6b8ad04c1bd0a2aef05da172426189d230a8771ed4d482b8d3e01f
                                                            • Instruction ID: 9a78b60cb2d52e484f26fa30df11e28ab449587d1064aaf0e3c4032eb2f20979
                                                            • Opcode Fuzzy Hash: 82fc2fabda6b8ad04c1bd0a2aef05da172426189d230a8771ed4d482b8d3e01f
                                                            • Instruction Fuzzy Hash: C4510572620617AFEB258FA4CC89EAF77A9EF44B10F148269FC09D6141DB34DC64CB60
                                                            Function 002CBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                              • Part of subcall function 002CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002CB6AE,?,?), ref: 002CC9B5
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CC9F1
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CCA68
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CCA9E
                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002CBCCA
                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002CBD25
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 002CBD6A
                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 002CBD99
                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 002CBDF3
                                                            • RegCloseKey.ADVAPI32(?), ref: 002CBDFF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                            • String ID:
                                                            • API String ID: 1120388591-0
                                                            • Opcode ID: 13f3827d9bd6e60a8ee3f6e068373413262dab1697cec8ad63c06784404c13cc
                                                            • Instruction ID: 411cbce339d1ba8befecbaca33942c26a878f004ee2a33823d79898a2aa3f78a
                                                            • Opcode Fuzzy Hash: 13f3827d9bd6e60a8ee3f6e068373413262dab1697cec8ad63c06784404c13cc
                                                            • Instruction Fuzzy Hash: 2C818F70128241AFD715DF24C886E2ABBE5FF84308F14865DF45A4B2A2DB31ED55CF92
                                                            Function 0029F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VariantInit.OLEAUT32(00000035), ref: 0029F7B9
                                                            • SysAllocString.OLEAUT32(00000001), ref: 0029F860
                                                            • VariantCopy.OLEAUT32(0029FA64,00000000), ref: 0029F889
                                                            • VariantClear.OLEAUT32(0029FA64), ref: 0029F8AD
                                                            • VariantCopy.OLEAUT32(0029FA64,00000000), ref: 0029F8B1
                                                            • VariantClear.OLEAUT32(?), ref: 0029F8BB
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                            • String ID:
                                                            • API String ID: 3859894641-0
                                                            • Opcode ID: 18bc257200aaf4e603889649a3650ae0a335d4b55819ac2689dc29189ed727c4
                                                            • Instruction ID: a081c340ad27c127c3da7084de617683ee461bab03ea22455dc7f8e6356f04f0
                                                            • Opcode Fuzzy Hash: 18bc257200aaf4e603889649a3650ae0a335d4b55819ac2689dc29189ed727c4
                                                            • Instruction Fuzzy Hash: EE51D531630311BADFE4AF65DA95B69B3A8EF45310F248467E805DF291DBB0CC60CB96
                                                            Function 002B910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00247620: _wcslen.LIBCMT ref: 00247625
                                                              • Part of subcall function 00246B57: _wcslen.LIBCMT ref: 00246B6A
                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 002B94E5
                                                            • _wcslen.LIBCMT ref: 002B9506
                                                            • _wcslen.LIBCMT ref: 002B952D
                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 002B9585
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$FileName$OpenSave
                                                            • String ID: X
                                                            • API String ID: 83654149-3081909835
                                                            • Opcode ID: d0ea7d35181588bca5d4ac6bfb58a7eb38b66763326ec95be20cc9b39d4498db
                                                            • Instruction ID: 08b01d06f664d0de9e38bca93a24d2fc1f5d34cc284d3b0839b72126a52c8cbf
                                                            • Opcode Fuzzy Hash: d0ea7d35181588bca5d4ac6bfb58a7eb38b66763326ec95be20cc9b39d4498db
                                                            • Instruction Fuzzy Hash: BFE1C3315283418FD724DF24C481BAAB7E4BF85350F14896DF9899B2A2DB31DD94CF92
                                                            Function 0025920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00259BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00259BB2
                                                            • BeginPaint.USER32(?,?,?), ref: 00259241
                                                            • GetWindowRect.USER32(?,?), ref: 002592A5
                                                            • ScreenToClient.USER32(?,?), ref: 002592C2
                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 002592D3
                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00259321
                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 002971EA
                                                              • Part of subcall function 00259339: BeginPath.GDI32(00000000), ref: 00259357
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                            • String ID:
                                                            • API String ID: 3050599898-0
                                                            • Opcode ID: 2a47a3770804d68250c861e8bafa43b760300e6e8ff9b9070873b2bda5c5e555
                                                            • Instruction ID: 28fbfd66f1eb11cdc2f55905b400386efd3e03529fa1fe4be8ebd476739fc721
                                                            • Opcode Fuzzy Hash: 2a47a3770804d68250c861e8bafa43b760300e6e8ff9b9070873b2bda5c5e555
                                                            • Instruction Fuzzy Hash: 4B41B231525301EFD711DF24DC84FBA7BA8EB59321F140269FAA4C71A1C7709C99DB61
                                                            Function 002B07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 002B080C
                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 002B0847
                                                            • EnterCriticalSection.KERNEL32(?), ref: 002B0863
                                                            • LeaveCriticalSection.KERNEL32(?), ref: 002B08DC
                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 002B08F3
                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 002B0921
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                            • String ID:
                                                            • API String ID: 3368777196-0
                                                            • Opcode ID: 96fe7db201c4b38223f53ba8db2685535af4d32b3f79b0115ccd1e135acf3346
                                                            • Instruction ID: 9d2f3ba3878b4d048549d8460ac545dd01e12007f0df2c3a8e6f7fc19fa7c0f6
                                                            • Opcode Fuzzy Hash: 96fe7db201c4b38223f53ba8db2685535af4d32b3f79b0115ccd1e135acf3346
                                                            • Instruction Fuzzy Hash: 63416771910206EBDF15AF54DCC5AAAB7B9FF04300F1440A9ED04AA297DB30EE64DBA4
                                                            Function 002D81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,0029F3AB,00000000,?,?,00000000,?,0029682C,00000004,00000000,00000000), ref: 002D824C
                                                            • EnableWindow.USER32(?,00000000), ref: 002D8272
                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 002D82D1
                                                            • ShowWindow.USER32(?,00000004), ref: 002D82E5
                                                            • EnableWindow.USER32(?,00000001), ref: 002D830B
                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 002D832F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$Show$Enable$MessageSend
                                                            • String ID:
                                                            • API String ID: 642888154-0
                                                            • Opcode ID: b5e7b3e551c66a36e7bde9d1a8d30a9232b43ebc12bdb9509a3846851ecd8f8c
                                                            • Instruction ID: 300effacf6df68fdccdaa56e036e82d5be1bc4c02997d03569714f226917ccb0
                                                            • Opcode Fuzzy Hash: b5e7b3e551c66a36e7bde9d1a8d30a9232b43ebc12bdb9509a3846851ecd8f8c
                                                            • Instruction Fuzzy Hash: F441D734611681AFDB12CF15DC9DBE47BF4FB0A714F1842A6EA184B362CB319C51CB80
                                                            Function 002A4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsWindowVisible.USER32(?), ref: 002A4C95
                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 002A4CB2
                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 002A4CEA
                                                            • _wcslen.LIBCMT ref: 002A4D08
                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 002A4D10
                                                            • _wcsstr.LIBVCRUNTIME ref: 002A4D1A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                            • String ID:
                                                            • API String ID: 72514467-0
                                                            • Opcode ID: a4e434a85cdf95e0d24c250c77189aa58c43ad1e653586fa095105d9bbbf9e2f
                                                            • Instruction ID: d0d9720480588c0cf33b230b752ab2afd5c8d39fc74de530203b82f4cc8f0f21
                                                            • Opcode Fuzzy Hash: a4e434a85cdf95e0d24c250c77189aa58c43ad1e653586fa095105d9bbbf9e2f
                                                            • Instruction Fuzzy Hash: 4521F931625201BBEB196F39AC4AE7B7B9DDF86750F10403AF809CA191DEA1DC60D6A0
                                                            Function 002B581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00243AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00243A97,?,?,00242E7F,?,?,?,00000000), ref: 00243AC2
                                                            • _wcslen.LIBCMT ref: 002B587B
                                                            • CoInitialize.OLE32(00000000), ref: 002B5995
                                                            • CoCreateInstance.OLE32(002DFCF8,00000000,00000001,002DFB68,?), ref: 002B59AE
                                                            • CoUninitialize.OLE32 ref: 002B59CC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                            • String ID: .lnk
                                                            • API String ID: 3172280962-24824748
                                                            • Opcode ID: ce2bbb78efefb7f8459ad94c1ecfc631a6beb44071da8c93b2d887d0ccac8933
                                                            • Instruction ID: 3524c46d9716f725e55330ff087756b0acebf112d1017938d9ebb8e551be19c1
                                                            • Opcode Fuzzy Hash: ce2bbb78efefb7f8459ad94c1ecfc631a6beb44071da8c93b2d887d0ccac8933
                                                            • Instruction Fuzzy Hash: 0BD17371A287119FC704DF24C480A6ABBE1EF89754F10885DF88A9B361DB31EC55CF92
                                                            Function 002A175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002A0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 002A0FCA
                                                              • Part of subcall function 002A0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 002A0FD6
                                                              • Part of subcall function 002A0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 002A0FE5
                                                              • Part of subcall function 002A0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 002A0FEC
                                                              • Part of subcall function 002A0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 002A1002
                                                            • GetLengthSid.ADVAPI32(?,00000000,002A1335), ref: 002A17AE
                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 002A17BA
                                                            • HeapAlloc.KERNEL32(00000000), ref: 002A17C1
                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 002A17DA
                                                            • GetProcessHeap.KERNEL32(00000000,00000000,002A1335), ref: 002A17EE
                                                            • HeapFree.KERNEL32(00000000), ref: 002A17F5
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                            • String ID:
                                                            • API String ID: 3008561057-0
                                                            • Opcode ID: a3b6ddf8d1d66782fc61443b67822fc18885b26795cd13fd80418db4b0df5453
                                                            • Instruction ID: 98b835128f722c0e1edc21ee9ea6f65006c8738a6916c20f7572e714fc353c17
                                                            • Opcode Fuzzy Hash: a3b6ddf8d1d66782fc61443b67822fc18885b26795cd13fd80418db4b0df5453
                                                            • Instruction Fuzzy Hash: 9911B131921216FFDB109FA4DC49FAEBBA9EB46365F204019F44597190CB359D60CF60
                                                            Function 002A14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 002A14FF
                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 002A1506
                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 002A1515
                                                            • CloseHandle.KERNEL32(00000004), ref: 002A1520
                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 002A154F
                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 002A1563
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                            • String ID:
                                                            • API String ID: 1413079979-0
                                                            • Opcode ID: 09816180791f38b911fca1b5062e67a50790f6b51785a8a4784beef5083fe5fb
                                                            • Instruction ID: 04b141491175f6dac46cd89983b9809eeab052740ab14e2e1eccf44bb3862678
                                                            • Opcode Fuzzy Hash: 09816180791f38b911fca1b5062e67a50790f6b51785a8a4784beef5083fe5fb
                                                            • Instruction Fuzzy Hash: 4311977290124EABDF118FA8ED09FDE7BA9EF49714F144025FA05A20A0C771CE60DB60
                                                            Function 00263382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,00263379,00262FE5), ref: 00263390
                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0026339E
                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 002633B7
                                                            • SetLastError.KERNEL32(00000000,?,00263379,00262FE5), ref: 00263409
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorLastValue___vcrt_
                                                            • String ID:
                                                            • API String ID: 3852720340-0
                                                            • Opcode ID: c211fc68f905ed7ab344f29ab607a875b9898ea9d5df56612ae5ca470ff33b04
                                                            • Instruction ID: 7984da65dbfca2eaea6fbaca72a13ee264ffbcdcc83d2f496a6835954a04c147
                                                            • Opcode Fuzzy Hash: c211fc68f905ed7ab344f29ab607a875b9898ea9d5df56612ae5ca470ff33b04
                                                            • Instruction Fuzzy Hash: 4201FC3363A312BEE6156B74BC955672B9CDB05375730036BF510812F0EF618DB19984
                                                            Function 00272D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,00275686,00283CD6,?,00000000,?,00275B6A,?,?,?,?,?,0026E6D1,?,00308A48), ref: 00272D78
                                                            • _free.LIBCMT ref: 00272DAB
                                                            • _free.LIBCMT ref: 00272DD3
                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0026E6D1,?,00308A48,00000010,00244F4A,?,?,00000000,00283CD6), ref: 00272DE0
                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,0026E6D1,?,00308A48,00000010,00244F4A,?,?,00000000,00283CD6), ref: 00272DEC
                                                            • _abort.LIBCMT ref: 00272DF2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free$_abort
                                                            • String ID:
                                                            • API String ID: 3160817290-0
                                                            • Opcode ID: 44d9930f54a45a51d343ffd8704cc94cd38c78a8d83e31fc42e4f1cd7b6be6de
                                                            • Instruction ID: 062d2b6fcafb5413074377d99a309c3ed0f2106be048efa84491bdcf5968ff3c
                                                            • Opcode Fuzzy Hash: 44d9930f54a45a51d343ffd8704cc94cd38c78a8d83e31fc42e4f1cd7b6be6de
                                                            • Instruction Fuzzy Hash: 08F02D31936502F7C63337387C0AE5A1659AFC1760F34C11DF82C921D6DF708C695520
                                                            Function 002D8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00259639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00259693
                                                              • Part of subcall function 00259639: SelectObject.GDI32(?,00000000), ref: 002596A2
                                                              • Part of subcall function 00259639: BeginPath.GDI32(?), ref: 002596B9
                                                              • Part of subcall function 00259639: SelectObject.GDI32(?,00000000), ref: 002596E2
                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 002D8A4E
                                                            • LineTo.GDI32(?,00000003,00000000), ref: 002D8A62
                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 002D8A70
                                                            • LineTo.GDI32(?,00000000,00000003), ref: 002D8A80
                                                            • EndPath.GDI32(?), ref: 002D8A90
                                                            • StrokePath.GDI32(?), ref: 002D8AA0
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                            • String ID:
                                                            • API String ID: 43455801-0
                                                            • Opcode ID: 225b82aa36c7419ba9e542cba97ef1cc1d98847a014d601f9e143692a4b2fb0c
                                                            • Instruction ID: e1fabb115b090fa7d68dd39a4a2da1d9e25e54beb80f0e46a59c2c86043744dd
                                                            • Opcode Fuzzy Hash: 225b82aa36c7419ba9e542cba97ef1cc1d98847a014d601f9e143692a4b2fb0c
                                                            • Instruction Fuzzy Hash: 06111B7641114DFFDF129F90EC88EEA7F6CEB08351F108012BA199A1A1C7719D55DFA0
                                                            Function 002A51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetDC.USER32(00000000), ref: 002A5218
                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 002A5229
                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 002A5230
                                                            • ReleaseDC.USER32(00000000,00000000), ref: 002A5238
                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 002A524F
                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 002A5261
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CapsDevice$Release
                                                            • String ID:
                                                            • API String ID: 1035833867-0
                                                            • Opcode ID: ddcb99ce4d604b51d6cc83a02c0b732021afd39e9ea8fa1565f1d5fa8770831e
                                                            • Instruction ID: 6c380469b46e38a9e90c84e807438b4677f4b7f67bf58280297d2facdcd0cb33
                                                            • Opcode Fuzzy Hash: ddcb99ce4d604b51d6cc83a02c0b732021afd39e9ea8fa1565f1d5fa8770831e
                                                            • Instruction Fuzzy Hash: 89014F75E01719BBEB109FA59C49B5EBFB8EF48751F144066FA04A7681DA70DC10CFA0
                                                            Function 00241BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00241BF4
                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00241BFC
                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00241C07
                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00241C12
                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00241C1A
                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00241C22
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Virtual
                                                            • String ID:
                                                            • API String ID: 4278518827-0
                                                            • Opcode ID: fa72df712e2e255a18e9a929b24f609e96f3406e0beeb5e7c7c5307a0c6deea6
                                                            • Instruction ID: 006b30ec740f310be24caf50a79b57730de8e3f730f97915879193e22b03ebec
                                                            • Opcode Fuzzy Hash: fa72df712e2e255a18e9a929b24f609e96f3406e0beeb5e7c7c5307a0c6deea6
                                                            • Instruction Fuzzy Hash: ED0167B0902B5ABDE3008F6A8C85B52FFA8FF59354F00411BA15C4BA42C7F5AC64CBE5
                                                            Function 002AEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 002AEB30
                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 002AEB46
                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 002AEB55
                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 002AEB64
                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 002AEB6E
                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 002AEB75
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                            • String ID:
                                                            • API String ID: 839392675-0
                                                            • Opcode ID: eb3c0c5a1d64ec156fea85ad131bf671370d9ea21ae91d472455efbd9de52cde
                                                            • Instruction ID: bf8737f664aeb16361ec5990834f1124d7bb5f1c0de451edd69424b200f8daa0
                                                            • Opcode Fuzzy Hash: eb3c0c5a1d64ec156fea85ad131bf671370d9ea21ae91d472455efbd9de52cde
                                                            • Instruction Fuzzy Hash: 3AF03672542155BBDB215B52AC0DEEF7B7CEFC6B11F100159F501D1091D7A05E01C6B5
                                                            Function 00297439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetClientRect.USER32(?), ref: 00297452
                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00297469
                                                            • GetWindowDC.USER32(?), ref: 00297475
                                                            • GetPixel.GDI32(00000000,?,?), ref: 00297484
                                                            • ReleaseDC.USER32(?,00000000), ref: 00297496
                                                            • GetSysColor.USER32(00000005), ref: 002974B0
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                            • String ID:
                                                            • API String ID: 272304278-0
                                                            • Opcode ID: 784e3b0f91cd0049239af5ea15ddb6f397f0bdec675c531ac9c76c08c6a411ac
                                                            • Instruction ID: 9518fc92213f047d219e1e48b54df505bf92cc79f237e0a9a567d7aab94aefcf
                                                            • Opcode Fuzzy Hash: 784e3b0f91cd0049239af5ea15ddb6f397f0bdec675c531ac9c76c08c6a411ac
                                                            • Instruction Fuzzy Hash: A901AD31825216EFDB115FA4EC0CBEE7BB9FF04311F600165F925A21A1CB311E51EB50
                                                            Function 002A1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 002A187F
                                                            • UnloadUserProfile.USERENV(?,?), ref: 002A188B
                                                            • CloseHandle.KERNEL32(?), ref: 002A1894
                                                            • CloseHandle.KERNEL32(?), ref: 002A189C
                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 002A18A5
                                                            • HeapFree.KERNEL32(00000000), ref: 002A18AC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                            • String ID:
                                                            • API String ID: 146765662-0
                                                            • Opcode ID: bd50a5b09bb7eda8201a53a1e8dc5104f6654ac2faeb7e19597fcb01fd11f301
                                                            • Instruction ID: 7c4ef9e6a26ba62d8b4eafc7413a9900143fde111ddf673a8bdf4612af48cbe8
                                                            • Opcode Fuzzy Hash: bd50a5b09bb7eda8201a53a1e8dc5104f6654ac2faeb7e19597fcb01fd11f301
                                                            • Instruction Fuzzy Hash: F7E0E536845152FBDB016FA1FD0C90ABF39FF49B22B208222F229810B0CB329820DF50
                                                            Function 0024BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __Init_thread_footer.LIBCMT ref: 0024BEB3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID: D%1$D%1$D%1$D%1D%1
                                                            • API String ID: 1385522511-672437169
                                                            • Opcode ID: 232849805f9110e312abaaefb630ffeba87659ffe9451f39428dfee37a1b700e
                                                            • Instruction ID: 85cf03b9aa6be32efd6da16c7b36c8693946ba9c278e723081c800bf40ed83b0
                                                            • Opcode Fuzzy Hash: 232849805f9110e312abaaefb630ffeba87659ffe9451f39428dfee37a1b700e
                                                            • Instruction Fuzzy Hash: FD914B75A20206CFCB19CF69C0D06AAB7F2FF59310F24816AD945AB350E771E9A1DF90
                                                            Function 002C7B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00260242: EnterCriticalSection.KERNEL32(0031070C,00311884,?,?,0025198B,00312518,?,?,?,002412F9,00000000), ref: 0026024D
                                                              • Part of subcall function 00260242: LeaveCriticalSection.KERNEL32(0031070C,?,0025198B,00312518,?,?,?,002412F9,00000000), ref: 0026028A
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                              • Part of subcall function 002600A3: __onexit.LIBCMT ref: 002600A9
                                                            • __Init_thread_footer.LIBCMT ref: 002C7BFB
                                                              • Part of subcall function 002601F8: EnterCriticalSection.KERNEL32(0031070C,?,?,00258747,00312514), ref: 00260202
                                                              • Part of subcall function 002601F8: LeaveCriticalSection.KERNEL32(0031070C,?,00258747,00312514), ref: 00260235
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                            • String ID: +T)$5$G$Variable must be of type 'Object'.
                                                            • API String ID: 535116098-680624732
                                                            • Opcode ID: e0207a95c4300e3c814d37b3bbf82ededb27444b09e81a9a3d00015cbc048b17
                                                            • Instruction ID: 56ff90a2fb844f979c0c09afca7a27340f9099310186ecf0eab2a5afc4220bcc
                                                            • Opcode Fuzzy Hash: e0207a95c4300e3c814d37b3bbf82ededb27444b09e81a9a3d00015cbc048b17
                                                            • Instruction Fuzzy Hash: 04918E74A2420AAFCB14EF54D891EADB7B1FF49300F10825DF8069B291DB71AEA5CF51
                                                            Function 002AC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00247620: _wcslen.LIBCMT ref: 00247625
                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002AC6EE
                                                            • _wcslen.LIBCMT ref: 002AC735
                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 002AC79C
                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 002AC7CA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                            • String ID: 0
                                                            • API String ID: 1227352736-4108050209
                                                            • Opcode ID: 3a86134ff92f6a98a88efda4dc41de8688a4f6faab5ed2e3cbfd65cae44a776e
                                                            • Instruction ID: d7e3c639f3991c9cac218ab84c0196aaf04f98802bf53722358ba5f1b7e28418
                                                            • Opcode Fuzzy Hash: 3a86134ff92f6a98a88efda4dc41de8688a4f6faab5ed2e3cbfd65cae44a776e
                                                            • Instruction Fuzzy Hash: 2851C2716243029BD715DF28CC45AABB7ECAF8A710F240A29F995D21D0DF74D864CF92
                                                            Function 002A719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 002A7206
                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 002A723C
                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 002A724D
                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 002A72CF
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                            • String ID: DllGetClassObject
                                                            • API String ID: 753597075-1075368562
                                                            • Opcode ID: f167605086f6d1c947cb7ad53598c0ba87fea0e431b66fc2ce7fbf7276164a6a
                                                            • Instruction ID: 52b1795c7f7e3ac8faac58c4d2ab24da0d3d39983676a6faecc607c2b81a3261
                                                            • Opcode Fuzzy Hash: f167605086f6d1c947cb7ad53598c0ba87fea0e431b66fc2ce7fbf7276164a6a
                                                            • Instruction Fuzzy Hash: 2B416071A142059FEB15CF54CC84B9A7BB9EF49310F2480AABD059F20ADBB0DD55CBA4
                                                            Function 002D3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 002D3E35
                                                            • IsMenu.USER32(?), ref: 002D3E4A
                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 002D3E92
                                                            • DrawMenuBar.USER32 ref: 002D3EA5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Menu$Item$DrawInfoInsert
                                                            • String ID: 0
                                                            • API String ID: 3076010158-4108050209
                                                            • Opcode ID: f82ae92bd5b62e40a3d6fad890e8d865394d7b1dd0a84467890a36394c81fc7e
                                                            • Instruction ID: 59277267b8446e32affba7c6f732c415909823faf1f621a268a004169771af20
                                                            • Opcode Fuzzy Hash: f82ae92bd5b62e40a3d6fad890e8d865394d7b1dd0a84467890a36394c81fc7e
                                                            • Instruction Fuzzy Hash: 1A414C75A2120AEFDB10DF50E884ADAB7B9FF49354F04412AE915A7390D730AE64CF91
                                                            Function 002A1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                              • Part of subcall function 002A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002A3CCA
                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 002A1E66
                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 002A1E79
                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 002A1EA9
                                                              • Part of subcall function 00246B57: _wcslen.LIBCMT ref: 00246B6A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$_wcslen$ClassName
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 2081771294-1403004172
                                                            • Opcode ID: 7ff94b61f150b6f6d3153ec378ff89171ea227d26e4b28dadbd1852f43341d58
                                                            • Instruction ID: 81b47a9b9fed80e824600de045ad81f7c9de391d9ff259068a08dd41eef4f9a4
                                                            • Opcode Fuzzy Hash: 7ff94b61f150b6f6d3153ec378ff89171ea227d26e4b28dadbd1852f43341d58
                                                            • Instruction Fuzzy Hash: 06212171A20104ABDB18ABA4DD4ACFFB7B9DF46360F10411AF821A71E1DF344D398A60
                                                            Function 002CC9EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: HKEY_LOCAL_MACHINE$HKLM
                                                            • API String ID: 176396367-4004644295
                                                            • Opcode ID: f50c68bf498d78016eaf889cb1be62c9d62e895d08a836d3213b45fc01efce12
                                                            • Instruction ID: f08842fa4ad6855318d0788beff0a134bde404cdc84a6028c574c0f2b99854c1
                                                            • Opcode Fuzzy Hash: f50c68bf498d78016eaf889cb1be62c9d62e895d08a836d3213b45fc01efce12
                                                            • Instruction Fuzzy Hash: EC310973A2056B4BCB21EF2CC854ABF33915B61750B35422DE849AB345E671CDA1C7A0
                                                            Function 002D2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 002D2F8D
                                                            • LoadLibraryW.KERNEL32(?), ref: 002D2F94
                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 002D2FA9
                                                            • DestroyWindow.USER32(?), ref: 002D2FB1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                            • String ID: SysAnimate32
                                                            • API String ID: 3529120543-1011021900
                                                            • Opcode ID: 12e60782559970b199361ea680581d0feab899c553637658ef3fb4253c662219
                                                            • Instruction ID: 46ba221da6f498940e38a7dda0087ce134b6d8864966399023e72f58794bb002
                                                            • Opcode Fuzzy Hash: 12e60782559970b199361ea680581d0feab899c553637658ef3fb4253c662219
                                                            • Instruction Fuzzy Hash: 6B21DE71624206EFEB104F64DC84EBB37BDEF69324F104A1AF950D2690C771DC659B60
                                                            Function 00264D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00264D1E,002728E9,?,00264CBE,002728E9,003088B8,0000000C,00264E15,002728E9,00000002), ref: 00264D8D
                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00264DA0
                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00264D1E,002728E9,?,00264CBE,002728E9,003088B8,0000000C,00264E15,002728E9,00000002,00000000), ref: 00264DC3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                            • String ID: CorExitProcess$mscoree.dll
                                                            • API String ID: 4061214504-1276376045
                                                            • Opcode ID: e3b8508f7e0b9f8c77806af2edda89c21ff5bb64b7dbbac6782df6430434d347
                                                            • Instruction ID: c51ba67421b7c4b3ffe4345fe3368f05f3e9580681a3bcab65e8142b418c7a6e
                                                            • Opcode Fuzzy Hash: e3b8508f7e0b9f8c77806af2edda89c21ff5bb64b7dbbac6782df6430434d347
                                                            • Instruction Fuzzy Hash: F7F0AF30E5121AFBDB159F91EC49BAEBBB8EF44751F1001A5F809A2260CF709E90DA90
                                                            Function 00244E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00244EDD,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244E9C
                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00244EAE
                                                            • FreeLibrary.KERNEL32(00000000,?,?,00244EDD,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244EC0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Library$AddressFreeLoadProc
                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                            • API String ID: 145871493-3689287502
                                                            • Opcode ID: 6bf92148b49249312de66b6192529d5fee9de98eb6e08d81c10eb1f050a327be
                                                            • Instruction ID: f825350ec18f18bc9561f6178311eb75a1a95ee32c296a31c0682b7c957efcb2
                                                            • Opcode Fuzzy Hash: 6bf92148b49249312de66b6192529d5fee9de98eb6e08d81c10eb1f050a327be
                                                            • Instruction Fuzzy Hash: A5E08635F135339BD2262B257C1CB5B6658AF82B627150116FC04D2250DF60CE11C0A0
                                                            Function 00244E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00283CDE,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244E62
                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00244E74
                                                            • FreeLibrary.KERNEL32(00000000,?,?,00283CDE,?,00311418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00244E87
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Library$AddressFreeLoadProc
                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                            • API String ID: 145871493-1355242751
                                                            • Opcode ID: 6a7d62973ddf50403c836bb49f106e0f157592773d3d1b8e08ab07e2877f622f
                                                            • Instruction ID: 98beb4121f35b3d59ef2c89d1064b68a3ca137bf80f68ae3ba574118970a9653
                                                            • Opcode Fuzzy Hash: 6a7d62973ddf50403c836bb49f106e0f157592773d3d1b8e08ab07e2877f622f
                                                            • Instruction Fuzzy Hash: 89D01235A13633579A262F257C1CE8B6B1CAF86B553150617F909E3155CF60CD11C5E0
                                                            Function 002B2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 002B2C05
                                                            • DeleteFileW.KERNEL32(?), ref: 002B2C87
                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 002B2C9D
                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 002B2CAE
                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 002B2CC0
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: File$Delete$Copy
                                                            • String ID:
                                                            • API String ID: 3226157194-0
                                                            • Opcode ID: 7a3488886c50101bf06e1b6bf6bc44b4028026bbb8f7217b1d50b891f30c056b
                                                            • Instruction ID: f41625e443a58465a1d1f4d0c1abc1c2b8b38971c99fbc5433951514d881f425
                                                            • Opcode Fuzzy Hash: 7a3488886c50101bf06e1b6bf6bc44b4028026bbb8f7217b1d50b891f30c056b
                                                            • Instruction Fuzzy Hash: F6B16072D2022DABDF15DFA4CC85EDEBB7DEF08340F1040A6F509E6151EA709A588F61
                                                            Function 002CA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentProcessId.KERNEL32 ref: 002CA427
                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 002CA435
                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 002CA468
                                                            • CloseHandle.KERNEL32(?), ref: 002CA63D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                            • String ID:
                                                            • API String ID: 3488606520-0
                                                            • Opcode ID: 83f984dd8172936d4d81f3aa0d3fa218b4a950bbc71bba4b9fe183be6af1bd35
                                                            • Instruction ID: 1403c20e01c15d35da70b855ef1075d0b20dadf80acc2815acb0a42d94396df9
                                                            • Opcode Fuzzy Hash: 83f984dd8172936d4d81f3aa0d3fa218b4a950bbc71bba4b9fe183be6af1bd35
                                                            • Instruction Fuzzy Hash: C6A1DF716143019FD724DF28C886F2AB7E5AF84714F14895DF99A9B392CBB0EC15CB82
                                                            Function 002AE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002ADDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,002ACF22,?), ref: 002ADDFD
                                                              • Part of subcall function 002ADDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,002ACF22,?), ref: 002ADE16
                                                              • Part of subcall function 002AE199: GetFileAttributesW.KERNEL32(?,002ACF95), ref: 002AE19A
                                                            • lstrcmpiW.KERNEL32(?,?), ref: 002AE473
                                                            • MoveFileW.KERNEL32(?,?), ref: 002AE4AC
                                                            • _wcslen.LIBCMT ref: 002AE5EB
                                                            • _wcslen.LIBCMT ref: 002AE603
                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 002AE650
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                            • String ID:
                                                            • API String ID: 3183298772-0
                                                            • Opcode ID: d28f8f0018b77ae5ee535d53e8ad7f140263425f12eedd24da246ca45540571e
                                                            • Instruction ID: a9dcd10bfa3345cb0ca7364aa626b0aa48d399039c271055ec2ff95a74801d86
                                                            • Opcode Fuzzy Hash: d28f8f0018b77ae5ee535d53e8ad7f140263425f12eedd24da246ca45540571e
                                                            • Instruction Fuzzy Hash: E05193B24183855BCB24EBA4DC819DBB3DCAF85340F00491EF689D3191EF74A5998B66
                                                            Function 002CB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                              • Part of subcall function 002CC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,002CB6AE,?,?), ref: 002CC9B5
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CC9F1
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CCA68
                                                              • Part of subcall function 002CC998: _wcslen.LIBCMT ref: 002CCA9E
                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 002CBAA5
                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 002CBB00
                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 002CBB63
                                                            • RegCloseKey.ADVAPI32(?,?), ref: 002CBBA6
                                                            • RegCloseKey.ADVAPI32(00000000), ref: 002CBBB3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                            • String ID:
                                                            • API String ID: 826366716-0
                                                            • Opcode ID: 5d818689860d7ce3d7023c494dd03ebdc7ce7769bf58017be0b1e04acdb54124
                                                            • Instruction ID: 03c8199a703227b1e6ddaf7e1c9f202850db06ae729c5664b7b33fec0d671e54
                                                            • Opcode Fuzzy Hash: 5d818689860d7ce3d7023c494dd03ebdc7ce7769bf58017be0b1e04acdb54124
                                                            • Instruction Fuzzy Hash: 7361A031228242AFC719DF14C495F2ABBE5FF84308F14865DF4998B2A2CB31ED55CB92
                                                            Function 002A8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • VariantInit.OLEAUT32(?), ref: 002A8BCD
                                                            • VariantClear.OLEAUT32 ref: 002A8C3E
                                                            • VariantClear.OLEAUT32 ref: 002A8C9D
                                                            • VariantClear.OLEAUT32(?), ref: 002A8D10
                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 002A8D3B
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Variant$Clear$ChangeInitType
                                                            • String ID:
                                                            • API String ID: 4136290138-0
                                                            • Opcode ID: 756bd95cb28f2d5471e0d00ae1aa694f0cb243703c2fee4bffca6bc4763032b5
                                                            • Instruction ID: a1f7b15f001e293e838fc89297c85125afd354657e6e3a96b79f058a14f04f2f
                                                            • Opcode Fuzzy Hash: 756bd95cb28f2d5471e0d00ae1aa694f0cb243703c2fee4bffca6bc4763032b5
                                                            • Instruction Fuzzy Hash: DA518D71A1061ADFCB14CF28C884AAAB7F5FF89310B118559E905DB350EB30E911CF90
                                                            Function 002B8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 002B8BAE
                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 002B8BDA
                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 002B8C32
                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 002B8C57
                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 002B8C5F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: PrivateProfile$SectionWrite$String
                                                            • String ID:
                                                            • API String ID: 2832842796-0
                                                            • Opcode ID: 9cfff188ee676b0bd66bca2408d5697c4eca603d86d6fcc56c3cbbb2c54d09b8
                                                            • Instruction ID: c0b172b5d56cd175d5776cbd8e5d34e748be7cffb3ac2ff499219bce031c972f
                                                            • Opcode Fuzzy Hash: 9cfff188ee676b0bd66bca2408d5697c4eca603d86d6fcc56c3cbbb2c54d09b8
                                                            • Instruction Fuzzy Hash: 78515A75A102159FCB09DF64C885AAEBBF5FF48314F088459E849AB362CB35ED61CF90
                                                            Function 002C8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 002C8F40
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 002C8FD0
                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 002C8FEC
                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 002C9032
                                                            • FreeLibrary.KERNEL32(00000000), ref: 002C9052
                                                              • Part of subcall function 0025F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,002B1043,?,753CE610), ref: 0025F6E6
                                                              • Part of subcall function 0025F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,0029FA64,00000000,00000000,?,?,002B1043,?,753CE610,?,0029FA64), ref: 0025F70D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                            • String ID:
                                                            • API String ID: 666041331-0
                                                            • Opcode ID: b87786433bab3320a6cbd2a61e85cf1da02911f2349c753ecc66aa48e71f2701
                                                            • Instruction ID: d3aff9433fe8ed53b8ae71279a3fc8b8b13835d366db2563959c07cd21a2ecc9
                                                            • Opcode Fuzzy Hash: b87786433bab3320a6cbd2a61e85cf1da02911f2349c753ecc66aa48e71f2701
                                                            • Instruction Fuzzy Hash: 3D515834A10206DFC705DF68C484DADBBB1FF49314B5481A9E80A9B762DB31ED96CF90
                                                            Function 002D6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 002D6C33
                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 002D6C4A
                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 002D6C73
                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,002BAB79,00000000,00000000), ref: 002D6C98
                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 002D6CC7
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$Long$MessageSendShow
                                                            • String ID:
                                                            • API String ID: 3688381893-0
                                                            • Opcode ID: e621b39cff67b1e99f7b200503f2745deea72f1bb5b6dcb0ee936d63c20b6ebe
                                                            • Instruction ID: 2c736919dfa29ffa6e5f1616a4b88a5c6b194e380c10b11ecf50d66e55cd0080
                                                            • Opcode Fuzzy Hash: e621b39cff67b1e99f7b200503f2745deea72f1bb5b6dcb0ee936d63c20b6ebe
                                                            • Instruction Fuzzy Hash: 9F41C235A34105AFD724CF28CC5CFA97BA9EB09360F14422BE995A73E0C371AD60CA80
                                                            Function 00272051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _free
                                                            • String ID:
                                                            • API String ID: 269201875-0
                                                            • Opcode ID: f82a555985fadab66c63aee6ddf4d11e9f4451100fb446dfcfe73f0a0ed3ecf2
                                                            • Instruction ID: 88d96a3c02cc0bc2746a9b8acb2edcb99e4c0bf104c26e2eb47ff876b24d17b4
                                                            • Opcode Fuzzy Hash: f82a555985fadab66c63aee6ddf4d11e9f4451100fb446dfcfe73f0a0ed3ecf2
                                                            • Instruction Fuzzy Hash: 7241E232A20200DFCB24DF78C881A5EB3F5EF89314F158569EA19EB352D631ED15CB90
                                                            Function 0025912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCursorPos.USER32(?), ref: 00259141
                                                            • ScreenToClient.USER32(00000000,?), ref: 0025915E
                                                            • GetAsyncKeyState.USER32(00000001), ref: 00259183
                                                            • GetAsyncKeyState.USER32(00000002), ref: 0025919D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AsyncState$ClientCursorScreen
                                                            • String ID:
                                                            • API String ID: 4210589936-0
                                                            • Opcode ID: 43809f78e0f0ebd7184177a544d37a440d54a03db362e27a74babb5dcb259c71
                                                            • Instruction ID: fc11919d3d29ea7c0213304de64cabe849a2799214d21c43e151f991a32e4d88
                                                            • Opcode Fuzzy Hash: 43809f78e0f0ebd7184177a544d37a440d54a03db362e27a74babb5dcb259c71
                                                            • Instruction Fuzzy Hash: 26417F3192861BEBDF059F64C848BEEB774FB05321F208216E829A3290C7705DA4CF95
                                                            Function 002B3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetInputState.USER32 ref: 002B38CB
                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 002B3922
                                                            • TranslateMessage.USER32(?), ref: 002B394B
                                                            • DispatchMessageW.USER32(?), ref: 002B3955
                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 002B3966
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                            • String ID:
                                                            • API String ID: 2256411358-0
                                                            • Opcode ID: fa893e6c867dcb1f12ba5bbb190bb6b976db2228d11fd049d70d139f2b3c081d
                                                            • Instruction ID: 47a8d4725ad59903aedf2be4540c1e7c87e923bafc4aef3ba39999efb816331f
                                                            • Opcode Fuzzy Hash: fa893e6c867dcb1f12ba5bbb190bb6b976db2228d11fd049d70d139f2b3c081d
                                                            • Instruction Fuzzy Hash: FF31A670924743EEEB36CF349C48BF677A8AB09384F14456DE562821A0E7F4AA95CB11
                                                            Function 002BCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,002BC21E,00000000), ref: 002BCF38
                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 002BCF6F
                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,002BC21E,00000000), ref: 002BCFB4
                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,002BC21E,00000000), ref: 002BCFC8
                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,002BC21E,00000000), ref: 002BCFF2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                            • String ID:
                                                            • API String ID: 3191363074-0
                                                            • Opcode ID: aea8074b6333d768220a876dda92008b43e11fcaaa667464d3261a89bbc75251
                                                            • Instruction ID: 71a7cdbae90de56a7fc8ee34c86aaa4a9c58600b0acf86f48b17d1ac9c989b17
                                                            • Opcode Fuzzy Hash: aea8074b6333d768220a876dda92008b43e11fcaaa667464d3261a89bbc75251
                                                            • Instruction Fuzzy Hash: E3317F71A20206AFDB20DFA5D9889BBBBF9EB04391B20446FF516D2511D730ED50DB60
                                                            Function 002A1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetWindowRect.USER32(?,?), ref: 002A1915
                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 002A19C1
                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 002A19C9
                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 002A19DA
                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 002A19E2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessagePostSleep$RectWindow
                                                            • String ID:
                                                            • API String ID: 3382505437-0
                                                            • Opcode ID: 3c0876b40bceb98cd73bbbe99d07646e3858bd0479c24fab0ed33b6d3b34d733
                                                            • Instruction ID: e3b0f5f298181d073c68dac187b903ba5ec65e685ee1031c5c50e0b39de79072
                                                            • Opcode Fuzzy Hash: 3c0876b40bceb98cd73bbbe99d07646e3858bd0479c24fab0ed33b6d3b34d733
                                                            • Instruction Fuzzy Hash: 5E31B17191021AEFCB04CFA8DD99ADE3BB5EB45325F104229F925AB2D1CB70DD64CB90
                                                            Function 002D5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 002D5745
                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 002D579D
                                                            • _wcslen.LIBCMT ref: 002D57AF
                                                            • _wcslen.LIBCMT ref: 002D57BA
                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 002D5816
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$_wcslen
                                                            • String ID:
                                                            • API String ID: 763830540-0
                                                            • Opcode ID: 2d7b76685efe816bb5b220150ac1a32dc8167d88e9c1a4a889a2473883529111
                                                            • Instruction ID: fca63c849a6074c56a18d3fb37d3eb6ec6278189b948d0c77ccd1c2f317941bd
                                                            • Opcode Fuzzy Hash: 2d7b76685efe816bb5b220150ac1a32dc8167d88e9c1a4a889a2473883529111
                                                            • Instruction Fuzzy Hash: C4219331924629DADB209F64CC84AEDB7B8FF44320F108217F929EA280D7B08D95CF50
                                                            Function 002C0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • IsWindow.USER32(00000000), ref: 002C0951
                                                            • GetForegroundWindow.USER32 ref: 002C0968
                                                            • GetDC.USER32(00000000), ref: 002C09A4
                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 002C09B0
                                                            • ReleaseDC.USER32(00000000,00000003), ref: 002C09E8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$ForegroundPixelRelease
                                                            • String ID:
                                                            • API String ID: 4156661090-0
                                                            • Opcode ID: a35478719857071237f42ce858e403e828abd52f7f4a04716c5d0a66f57c3f3c
                                                            • Instruction ID: 10031c97cc6121bc83c9b606731ce342a3b04b6b4d716efc639e517457b46d2b
                                                            • Opcode Fuzzy Hash: a35478719857071237f42ce858e403e828abd52f7f4a04716c5d0a66f57c3f3c
                                                            • Instruction Fuzzy Hash: 35215E35A10214AFD704EF65D888AAEBBF9EF44740F148069E84A97762CA70EC14CB90
                                                            Function 0027CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetEnvironmentStringsW.KERNEL32 ref: 0027CDC6
                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0027CDE9
                                                              • Part of subcall function 00273820: RtlAllocateHeap.NTDLL(00000000,?,00311444,?,0025FDF5,?,?,0024A976,00000010,00311440,002413FC,?,002413C6,?,00241129), ref: 00273852
                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0027CE0F
                                                            • _free.LIBCMT ref: 0027CE22
                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0027CE31
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                            • String ID:
                                                            • API String ID: 336800556-0
                                                            • Opcode ID: e48ee91757de8773a5edb0e3bbd5f39e1bf5078cfb9a6d8e563f6abb695fecab
                                                            • Instruction ID: 9cac06e96f745422c9e927fd3b72a05aad444f95d4ef1373228537f18e0f48d5
                                                            • Opcode Fuzzy Hash: e48ee91757de8773a5edb0e3bbd5f39e1bf5078cfb9a6d8e563f6abb695fecab
                                                            • Instruction Fuzzy Hash: 1701D872A126167F27211AB66C4CC7B6A6DDFC6BA1335812EF90DC7200DA708D2181B0
                                                            Function 00259639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00259693
                                                            • SelectObject.GDI32(?,00000000), ref: 002596A2
                                                            • BeginPath.GDI32(?), ref: 002596B9
                                                            • SelectObject.GDI32(?,00000000), ref: 002596E2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ObjectSelect$BeginCreatePath
                                                            • String ID:
                                                            • API String ID: 3225163088-0
                                                            • Opcode ID: 55b8daf88d88d01233815f84f9f68839e9bb7ca410289bf96fd5051c3bde52a1
                                                            • Instruction ID: 4d52c8aa3438b4a25322b9cd77a6a0b59bf89eab86ae51c0e418bf8c1a90893b
                                                            • Opcode Fuzzy Hash: 55b8daf88d88d01233815f84f9f68839e9bb7ca410289bf96fd5051c3bde52a1
                                                            • Instruction Fuzzy Hash: FB219871822306DFDB129F14EC197E97B6DBB04316F108216F924961B0D3749CA9CFD8
                                                            Function 002A5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _memcmp
                                                            • String ID:
                                                            • API String ID: 2931989736-0
                                                            • Opcode ID: a5062952bae6604fc5b954eb1be2bf4d32b760d22f00035cf5ec9c25ce689738
                                                            • Instruction ID: a8e934d6c32692318b4e886e8ba760f55a5cc7eb2618326c6e602c12535b31e5
                                                            • Opcode Fuzzy Hash: a5062952bae6604fc5b954eb1be2bf4d32b760d22f00035cf5ec9c25ce689738
                                                            • Instruction Fuzzy Hash: 5501F9612B1A25FBD21895109E42FBBB34C9B233A4F044062FD16BA341FB60FD7086A4
                                                            Function 00272DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • GetLastError.KERNEL32(?,?,?,0026F2DE,00273863,00311444,?,0025FDF5,?,?,0024A976,00000010,00311440,002413FC,?,002413C6), ref: 00272DFD
                                                            • _free.LIBCMT ref: 00272E32
                                                            • _free.LIBCMT ref: 00272E59
                                                            • SetLastError.KERNEL32(00000000,00241129), ref: 00272E66
                                                            • SetLastError.KERNEL32(00000000,00241129), ref: 00272E6F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$_free
                                                            • String ID:
                                                            • API String ID: 3170660625-0
                                                            • Opcode ID: 819f7d12ca0c1048ff0aa2d832378431118f476ebaf63584e4f526d8bac2d746
                                                            • Instruction ID: 6cc041fdc65a8f987230156ea986a944d992b7d705978a5caac1839c1a62a933
                                                            • Opcode Fuzzy Hash: 819f7d12ca0c1048ff0aa2d832378431118f476ebaf63584e4f526d8bac2d746
                                                            • Instruction Fuzzy Hash: F901F432636602F7C6176B387C49D2B265DABC53A5B34C12AF82DA22D3EF709C694420
                                                            Function 002A000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,0029FF41,80070057,?,?,?,002A035E), ref: 002A002B
                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0029FF41,80070057,?,?), ref: 002A0046
                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0029FF41,80070057,?,?), ref: 002A0054
                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0029FF41,80070057,?), ref: 002A0064
                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,0029FF41,80070057,?,?), ref: 002A0070
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                            • String ID:
                                                            • API String ID: 3897988419-0
                                                            • Opcode ID: 5c8e8ed43ba843901424e4a0fd86215f47ddcec0c932711797003a8d95474834
                                                            • Instruction ID: 93d9a4f94e8108d92e5576d8fade7d879618d878080aeac1ff428c252434ecf6
                                                            • Opcode Fuzzy Hash: 5c8e8ed43ba843901424e4a0fd86215f47ddcec0c932711797003a8d95474834
                                                            • Instruction Fuzzy Hash: CA01DF72A11216FFDB114F68EC88FAA7BAEEB48351F204125F901D2210DB70DD00DBA0
                                                            Function 002A10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 002A1114
                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,002A0B9B,?,?,?), ref: 002A1120
                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,002A0B9B,?,?,?), ref: 002A112F
                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,002A0B9B,?,?,?), ref: 002A1136
                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 002A114D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 842720411-0
                                                            • Opcode ID: 0d64c4d742918889eff6b9aebb99e236008c6e10edad185d3dff75773e790ded
                                                            • Instruction ID: a2ed038846a589c13205ddb2666b2f603ef3c3989ff2cbfeb4aa601098f0241a
                                                            • Opcode Fuzzy Hash: 0d64c4d742918889eff6b9aebb99e236008c6e10edad185d3dff75773e790ded
                                                            • Instruction Fuzzy Hash: 7E011D75501216BFDB114F65EC4DA6A3B6EEF86374B204425FA45D7350DA31DC10DA60
                                                            Function 002A0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 002A0FCA
                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 002A0FD6
                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 002A0FE5
                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 002A0FEC
                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 002A1002
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 44706859-0
                                                            • Opcode ID: 749aa7d0c492d1a4209209e2c7282f9bc0dbaece2877f9fdc78e156d95a7ef1c
                                                            • Instruction ID: 631df5bce026bfa1a86dcd6c7a953e79e9948138dc7a8004aed3b2c26f651ef0
                                                            • Opcode Fuzzy Hash: 749aa7d0c492d1a4209209e2c7282f9bc0dbaece2877f9fdc78e156d95a7ef1c
                                                            • Instruction Fuzzy Hash: 0AF04935641312EBDB215FA4AC4DF563BADEF8A762F214426FA49C6291CA70DC60CA60
                                                            Function 002A1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 002A102A
                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 002A1036
                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002A1045
                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 002A104C
                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002A1062
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                            • String ID:
                                                            • API String ID: 44706859-0
                                                            • Opcode ID: c839cfb2edd0cb81848a77a3496dc1a3ad4d0383151e910d4759d606e141ff9b
                                                            • Instruction ID: 1ecf7f9763a4b8fd98816e58b96195c15273fc7038da2d8b4df7421c1cd2e3eb
                                                            • Opcode Fuzzy Hash: c839cfb2edd0cb81848a77a3496dc1a3ad4d0383151e910d4759d606e141ff9b
                                                            • Instruction Fuzzy Hash: 31F04935641322EBDB215FA4EC4DF563BADEF8A761F210426FA49C6290CA70DC60CA60
                                                            Function 002B030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CloseHandle.KERNEL32(?,?,?,?,002B017D,?,002B32FC,?,00000001,00282592,?), ref: 002B0324
                                                            • CloseHandle.KERNEL32(?,?,?,?,002B017D,?,002B32FC,?,00000001,00282592,?), ref: 002B0331
                                                            • CloseHandle.KERNEL32(?,?,?,?,002B017D,?,002B32FC,?,00000001,00282592,?), ref: 002B033E
                                                            • CloseHandle.KERNEL32(?,?,?,?,002B017D,?,002B32FC,?,00000001,00282592,?), ref: 002B034B
                                                            • CloseHandle.KERNEL32(?,?,?,?,002B017D,?,002B32FC,?,00000001,00282592,?), ref: 002B0358
                                                            • CloseHandle.KERNEL32(?,?,?,?,002B017D,?,002B32FC,?,00000001,00282592,?), ref: 002B0365
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CloseHandle
                                                            • String ID:
                                                            • API String ID: 2962429428-0
                                                            • Opcode ID: 9f88de708b209b66589b5f71ad9bdbb0e3839d0e7dde9b71aface994ad631aa4
                                                            • Instruction ID: 7e19cff4305ac742e80a0b6c8f05b1fd37b96f33adacc6ef40fd1e39992dd53a
                                                            • Opcode Fuzzy Hash: 9f88de708b209b66589b5f71ad9bdbb0e3839d0e7dde9b71aface994ad631aa4
                                                            • Instruction Fuzzy Hash: AE01DC72800B068FCB31AF66D8C0847FBF9BE603453148A7FD19252931C3B0A9A8CE80
                                                            Function 0027D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 0027D752
                                                              • Part of subcall function 002729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000), ref: 002729DE
                                                              • Part of subcall function 002729C8: GetLastError.KERNEL32(00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000,00000000), ref: 002729F0
                                                            • _free.LIBCMT ref: 0027D764
                                                            • _free.LIBCMT ref: 0027D776
                                                            • _free.LIBCMT ref: 0027D788
                                                            • _free.LIBCMT ref: 0027D79A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 96990e7510818324bc9681ceded493304ff8f0549931eeb7db24a423e027ce71
                                                            • Instruction ID: 830bec6fc7e5548f023cb68eafa7e1e8f9de02f9cfd62e7afc80659cecf7d640
                                                            • Opcode Fuzzy Hash: 96990e7510818324bc9681ceded493304ff8f0549931eeb7db24a423e027ce71
                                                            • Instruction Fuzzy Hash: C3F0EC32566205EBC626EB68F9C6C16B7EDBF44710FA8A906F14DE7542C730FC908A64
                                                            Function 002A5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetDlgItem.USER32(?,000003E9), ref: 002A5C58
                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 002A5C6F
                                                            • MessageBeep.USER32(00000000), ref: 002A5C87
                                                            • KillTimer.USER32(?,0000040A), ref: 002A5CA3
                                                            • EndDialog.USER32(?,00000001), ref: 002A5CBD
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                            • String ID:
                                                            • API String ID: 3741023627-0
                                                            • Opcode ID: ea4e415df9a7c95aae6a4413200e1efccb58876bfbc1b65b899e15dc1b8a5349
                                                            • Instruction ID: 6d8f564583b5b0d78a104bac899943060bcd09aaaca08264330d309a8b6f156f
                                                            • Opcode Fuzzy Hash: ea4e415df9a7c95aae6a4413200e1efccb58876bfbc1b65b899e15dc1b8a5349
                                                            • Instruction Fuzzy Hash: 8A016D30911B15ABEB205B10ED4EFA777BDBB01B05F00166AA682A14E5DBF4AD94CA90
                                                            Function 002722A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _free.LIBCMT ref: 002722BE
                                                              • Part of subcall function 002729C8: RtlFreeHeap.NTDLL(00000000,00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000), ref: 002729DE
                                                              • Part of subcall function 002729C8: GetLastError.KERNEL32(00000000,?,0027D7D1,00000000,00000000,00000000,00000000,?,0027D7F8,00000000,00000007,00000000,?,0027DBF5,00000000,00000000), ref: 002729F0
                                                            • _free.LIBCMT ref: 002722D0
                                                            • _free.LIBCMT ref: 002722E3
                                                            • _free.LIBCMT ref: 002722F4
                                                            • _free.LIBCMT ref: 00272305
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _free$ErrorFreeHeapLast
                                                            • String ID:
                                                            • API String ID: 776569668-0
                                                            • Opcode ID: 6520c962a9a595661048af76a351469298d2edda4934995a8aa22bfb291f6161
                                                            • Instruction ID: 713cc315defc0f8ba8fb25e787ec78a4b9b49be42369cf7d914189290ffbc1cf
                                                            • Opcode Fuzzy Hash: 6520c962a9a595661048af76a351469298d2edda4934995a8aa22bfb291f6161
                                                            • Instruction Fuzzy Hash: 70F01D74423111CBC727AF64AC029887A6CB71C750F19EA07F518D22B1C77508B69EA5
                                                            Function 002595C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • EndPath.GDI32(?), ref: 002595D4
                                                            • StrokeAndFillPath.GDI32(?,?,002971F7,00000000,?,?,?), ref: 002595F0
                                                            • SelectObject.GDI32(?,00000000), ref: 00259603
                                                            • DeleteObject.GDI32 ref: 00259616
                                                            • StrokePath.GDI32(?), ref: 00259631
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                            • String ID:
                                                            • API String ID: 2625713937-0
                                                            • Opcode ID: 3e6ab44f21a55aeede9aeb2917bea8a81de2df6161555bdfef7e93bc08f1d605
                                                            • Instruction ID: c0e3f5679ac1ed7b47d095b89b28bcb2c328cbdfa1b0c71f01ffc8976dd5e2e6
                                                            • Opcode Fuzzy Hash: 3e6ab44f21a55aeede9aeb2917bea8a81de2df6161555bdfef7e93bc08f1d605
                                                            • Instruction Fuzzy Hash: C0F03C31426206EBDB135F65ED1C7E43B69EB04323F14C215FA29550F0C73089A9DFA4
                                                            Function 00270F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: __freea$_free
                                                            • String ID: a/p$am/pm
                                                            • API String ID: 3432400110-3206640213
                                                            • Opcode ID: dc2110ab3135846f580939f653c9cfb3c06cb76bb717e829f877635da6ec6ef5
                                                            • Instruction ID: fce7f1321638e84d813cef8c4a8ea5784a4c01bfc855c3b05d7a97c5aa214328
                                                            • Opcode Fuzzy Hash: dc2110ab3135846f580939f653c9cfb3c06cb76bb717e829f877635da6ec6ef5
                                                            • Instruction Fuzzy Hash: 3ED1F231930207CADB289F6CC895BFAB7B4EF06700F248199E90DAB651D3759DB0CB91
                                                            Function 002C61D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00260242: EnterCriticalSection.KERNEL32(0031070C,00311884,?,?,0025198B,00312518,?,?,?,002412F9,00000000), ref: 0026024D
                                                              • Part of subcall function 00260242: LeaveCriticalSection.KERNEL32(0031070C,?,0025198B,00312518,?,?,?,002412F9,00000000), ref: 0026028A
                                                              • Part of subcall function 002600A3: __onexit.LIBCMT ref: 002600A9
                                                            • __Init_thread_footer.LIBCMT ref: 002C6238
                                                              • Part of subcall function 002601F8: EnterCriticalSection.KERNEL32(0031070C,?,?,00258747,00312514), ref: 00260202
                                                              • Part of subcall function 002601F8: LeaveCriticalSection.KERNEL32(0031070C,?,00258747,00312514), ref: 00260235
                                                              • Part of subcall function 002B359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 002B35E4
                                                              • Part of subcall function 002B359C: LoadStringW.USER32(00312390,?,00000FFF,?), ref: 002B360A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                            • String ID: x#1$x#1$x#1
                                                            • API String ID: 1072379062-2537622668
                                                            • Opcode ID: 27c33a49c654596a82e48cc842ca434cc0a46550d5cb294ecdaa67171e8c8e02
                                                            • Instruction ID: 0d5dfc7f24bdffe5a9e83d1db829d4b6248e1f3969c6faf6749a82aa5dfc10b4
                                                            • Opcode Fuzzy Hash: 27c33a49c654596a82e48cc842ca434cc0a46550d5cb294ecdaa67171e8c8e02
                                                            • Instruction Fuzzy Hash: 50C1AD71A20106AFCB24DF58C894EBEB7B9EF48340F10816DF9059B291DB70ED65CB90
                                                            Function 00275AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: JO$
                                                            • API String ID: 0-3383649823
                                                            • Opcode ID: 8e608117ba0174d52fb54d80ed4a7e2810455dc212df24c92ccbd58db8cb15f5
                                                            • Instruction ID: 56cdfb05916f0c3d1154e16c6b564bb24b4c2f4bfbb454396ad68aef1618e683
                                                            • Opcode Fuzzy Hash: 8e608117ba0174d52fb54d80ed4a7e2810455dc212df24c92ccbd58db8cb15f5
                                                            • Instruction Fuzzy Hash: 1751D071D2062A9FCF119FA4C945FBEFBB8AF05314F14805AF808A7291D7B19961CF61
                                                            Function 00278A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 00278B6E
                                                            • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 00278B7A
                                                            • __dosmaperr.LIBCMT ref: 00278B81
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                            • String ID: .&
                                                            • API String ID: 2434981716-2074860339
                                                            • Opcode ID: b4adfa4357e29762f5be87ccf082fad1deb787ac6dcd0725e8f3b993fe3d8bb9
                                                            • Instruction ID: 056874295ab8f5213636936fd6fcf23209eea0f43c8f07360c53bbbdf1c2a54f
                                                            • Opcode Fuzzy Hash: b4adfa4357e29762f5be87ccf082fad1deb787ac6dcd0725e8f3b993fe3d8bb9
                                                            • Instruction Fuzzy Hash: A041AE70624156AFDB259F24C899A797FE5DB85308F28C1A9F88CC7142DE71CC628790
                                                            Function 002A2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002AB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002A21D0,?,?,00000034,00000800,?,00000034), ref: 002AB42D
                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 002A2760
                                                              • Part of subcall function 002AB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,002A21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 002AB3F8
                                                              • Part of subcall function 002AB32A: GetWindowThreadProcessId.USER32(?,?), ref: 002AB355
                                                              • Part of subcall function 002AB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,002A2194,00000034,?,?,00001004,00000000,00000000), ref: 002AB365
                                                              • Part of subcall function 002AB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,002A2194,00000034,?,?,00001004,00000000,00000000), ref: 002AB37B
                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 002A27CD
                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 002A281A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                            • String ID: @
                                                            • API String ID: 4150878124-2766056989
                                                            • Opcode ID: 497ebcdc93769cca04913cf099c7bd1783d688d9ba4fcd46cd726c9dbc31ee02
                                                            • Instruction ID: a876a4eb14f3d263a7f1f89da7fa76dd278babbbe11e8b133beb065f9d73828e
                                                            • Opcode Fuzzy Hash: 497ebcdc93769cca04913cf099c7bd1783d688d9ba4fcd46cd726c9dbc31ee02
                                                            • Instruction Fuzzy Hash: 30413D72900219AFDB15DFA4CD45AEEBBB8EF0A300F104095FA55B7181DB706E99CFA0
                                                            Function 0027172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\random.exe,00000104), ref: 00271769
                                                            • _free.LIBCMT ref: 00271834
                                                            • _free.LIBCMT ref: 0027183E
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _free$FileModuleName
                                                            • String ID: C:\Users\user\Desktop\random.exe
                                                            • API String ID: 2506810119-3854685432
                                                            • Opcode ID: c8ccde57aee4bba63bd2412efb1d118a6bc2b3894a3c08bd15b2b1790b0ae25d
                                                            • Instruction ID: b94dccefb332b7023157bcfb3abbd14cc8ad25d1533b148c2f5c87af65f70463
                                                            • Opcode Fuzzy Hash: c8ccde57aee4bba63bd2412efb1d118a6bc2b3894a3c08bd15b2b1790b0ae25d
                                                            • Instruction Fuzzy Hash: 7C319D71A10219EBDB26DF999881DDEBBBCEF89310F148166E90897211D7B08E61CB91
                                                            Function 002AC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 002AC306
                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 002AC34C
                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00311990,01896928), ref: 002AC395
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Menu$Delete$InfoItem
                                                            • String ID: 0
                                                            • API String ID: 135850232-4108050209
                                                            • Opcode ID: 25162831d2c5441ffddd29cc253c4c4fd830e95b6754f3987bc99b306f68d8f1
                                                            • Instruction ID: 11c6b15d4b7a3a032f1dd4c3d55febb0269ddd0c43e930dd726cbc8d0af0bf84
                                                            • Opcode Fuzzy Hash: 25162831d2c5441ffddd29cc253c4c4fd830e95b6754f3987bc99b306f68d8f1
                                                            • Instruction Fuzzy Hash: 7041D631218302DFDB24DF24D844B1ABBE4EF86310F20869EF965972D1DB70E954CB52
                                                            Function 002D4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,002DCC08,00000000,?,?,?,?), ref: 002D44AA
                                                            • GetWindowLongW.USER32 ref: 002D44C7
                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002D44D7
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$Long
                                                            • String ID: SysTreeView32
                                                            • API String ID: 847901565-1698111956
                                                            • Opcode ID: 7b4645bcd4ed0f299c5b53e2f2ad1407502ffd737e4adeaf37cea1fc9a7ca419
                                                            • Instruction ID: 031a711f13db346047a2b725e5d961caf1e2fa347c51246e6a1add98554601c3
                                                            • Opcode Fuzzy Hash: 7b4645bcd4ed0f299c5b53e2f2ad1407502ffd737e4adeaf37cea1fc9a7ca419
                                                            • Instruction Fuzzy Hash: 49318231220606AFDF219F38EC45BDA77A9EB49334F204716F975922D0D770ECA09B50
                                                            Function 002A6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SysReAllocString.OLEAUT32(?,?), ref: 002A6EED
                                                            • VariantCopyInd.OLEAUT32(?,?), ref: 002A6F08
                                                            • VariantClear.OLEAUT32(?), ref: 002A6F12
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Variant$AllocClearCopyString
                                                            • String ID: *j*
                                                            • API String ID: 2173805711-2385662175
                                                            • Opcode ID: 3b47f459bd0ff82541659ed927773d756fd25cf9237000bacc33e17cbd10d85d
                                                            • Instruction ID: 8a5a012766a0b0e70b1c254fcaebad72ec425ab3a203a0af9af73b9130c1b7ed
                                                            • Opcode Fuzzy Hash: 3b47f459bd0ff82541659ed927773d756fd25cf9237000bacc33e17cbd10d85d
                                                            • Instruction Fuzzy Hash: 3F31A171624216DFCB09AFA4E8599BD7776EF46300B240499F9038B6A1CB709D31DBD0
                                                            Function 002C304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002C335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,002C3077,?,?), ref: 002C3378
                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 002C307A
                                                            • _wcslen.LIBCMT ref: 002C309B
                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 002C3106
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                            • String ID: 255.255.255.255
                                                            • API String ID: 946324512-2422070025
                                                            • Opcode ID: 4cfc3044510ac6a7acd2a732d4d66f802ff44293dc873c9d2d2381178697b597
                                                            • Instruction ID: 7c59d30e971752b62a0059e91c9d07c3ce467ebf46f1d83dbfd8410b26841957
                                                            • Opcode Fuzzy Hash: 4cfc3044510ac6a7acd2a732d4d66f802ff44293dc873c9d2d2381178697b597
                                                            • Instruction Fuzzy Hash: 3631E7366102429FCB10CF28C485FAA77E0EF14318F28CA5DE9158B392DB72DE55CB61
                                                            Function 002D3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 002D3F40
                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 002D3F54
                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 002D3F78
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$Window
                                                            • String ID: SysMonthCal32
                                                            • API String ID: 2326795674-1439706946
                                                            • Opcode ID: d8367478558b7eb269c30b2450093b1d6e70603c471c2207632032f305f9022c
                                                            • Instruction ID: ffde6f573d727d741f3e0fa05c1dce9ce28cbc00bb80dc1631187b5672029fee
                                                            • Opcode Fuzzy Hash: d8367478558b7eb269c30b2450093b1d6e70603c471c2207632032f305f9022c
                                                            • Instruction Fuzzy Hash: 84218D32620219BFDF25CF50DC46FEA3B79EB48714F110215FA156B2D0D6B5AD64CB90
                                                            Function 002D4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 002D4705
                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 002D4713
                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 002D471A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$DestroyWindow
                                                            • String ID: msctls_updown32
                                                            • API String ID: 4014797782-2298589950
                                                            • Opcode ID: c591a0fa5f6b1b6a175e8215ae8520fe7e5e67f7e057fc956408ce5cb1bf4163
                                                            • Instruction ID: fba54cf5809903a8279c571f0acee74e7bc8291226311446c25baf57efd0d1c5
                                                            • Opcode Fuzzy Hash: c591a0fa5f6b1b6a175e8215ae8520fe7e5e67f7e057fc956408ce5cb1bf4163
                                                            • Instruction Fuzzy Hash: C92162B5611205AFEB11EF64DCC1DB777ADEB5A394B14405AFA0097391CB71EC21CAA0
                                                            Function 002A95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                            • API String ID: 176396367-2734436370
                                                            • Opcode ID: bce4df539be0256bcbe01a53f273288ab86a4c0510ccf374ce7e8f40f9ab5c28
                                                            • Instruction ID: 226319a2848771e7bc4d6a5228359ded6aa3d800c0821a6fd4fa81e019ff2dd5
                                                            • Opcode Fuzzy Hash: bce4df539be0256bcbe01a53f273288ab86a4c0510ccf374ce7e8f40f9ab5c28
                                                            • Instruction Fuzzy Hash: B821383253421267D335AE2A9C02FB7739C9F57700F504426FA4997181EF919DF1C695
                                                            Function 002D37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 002D3840
                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 002D3850
                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 002D3876
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend$MoveWindow
                                                            • String ID: Listbox
                                                            • API String ID: 3315199576-2633736733
                                                            • Opcode ID: 6ac249f8934b7dab7ef31681895f496f2e2a2c30ae2f5e865a5245bc016d04ba
                                                            • Instruction ID: 02c08400eeaee0a467ab5b67147b47fb696b8dbb5ea7258fc75f39bd726b69ea
                                                            • Opcode Fuzzy Hash: 6ac249f8934b7dab7ef31681895f496f2e2a2c30ae2f5e865a5245bc016d04ba
                                                            • Instruction Fuzzy Hash: EB21B072620119BBEF11CF54DC45FAB776EEF89750F108115F9049B290C671DC619BA1
                                                            Function 002B49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNEL32(00000001), ref: 002B4A08
                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 002B4A5C
                                                            • SetErrorMode.KERNEL32(00000000,?,?,002DCC08), ref: 002B4AD0
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorMode$InformationVolume
                                                            • String ID: %lu
                                                            • API String ID: 2507767853-685833217
                                                            • Opcode ID: 210c98c9a0e16150e8d439085ae14e431dbccba4781a697578f7acc61bbd24b5
                                                            • Instruction ID: cf55d44c11d0df9d98154750f53a5bcfc734b60d2b1488a474d0276cae3dbdc7
                                                            • Opcode Fuzzy Hash: 210c98c9a0e16150e8d439085ae14e431dbccba4781a697578f7acc61bbd24b5
                                                            • Instruction Fuzzy Hash: 2B318E70A10209AFDB10DF54C985EAA7BF8EF08308F1480A5E909DB252D771EE56CF61
                                                            Function 002D41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 002D424F
                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 002D4264
                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 002D4271
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID: msctls_trackbar32
                                                            • API String ID: 3850602802-1010561917
                                                            • Opcode ID: 498c3ddba82fc9c00f53b475720c377caba3ce7ff9d65f93508da2b5d9719cf4
                                                            • Instruction ID: 1b4f80e868b813f2c2b26c186529d402018c120d549dd1f5d8c5945e39a6dce9
                                                            • Opcode Fuzzy Hash: 498c3ddba82fc9c00f53b475720c377caba3ce7ff9d65f93508da2b5d9719cf4
                                                            • Instruction Fuzzy Hash: F211E331250209BFEF216E28CC0AFAB3BACEF95B54F114115FA55E2190D671DC219B10
                                                            Function 002A2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00246B57: _wcslen.LIBCMT ref: 00246B6A
                                                              • Part of subcall function 002A2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 002A2DC5
                                                              • Part of subcall function 002A2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 002A2DD6
                                                              • Part of subcall function 002A2DA7: GetCurrentThreadId.KERNEL32 ref: 002A2DDD
                                                              • Part of subcall function 002A2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 002A2DE4
                                                            • GetFocus.USER32 ref: 002A2F78
                                                              • Part of subcall function 002A2DEE: GetParent.USER32(00000000), ref: 002A2DF9
                                                            • GetClassNameW.USER32(?,?,00000100), ref: 002A2FC3
                                                            • EnumChildWindows.USER32(?,002A303B), ref: 002A2FEB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                            • String ID: %s%d
                                                            • API String ID: 1272988791-1110647743
                                                            • Opcode ID: 89c50f1180992e98cc7d7e29121612b27cb775f620f237d337b8d6e8d9003440
                                                            • Instruction ID: 2b9c3964a80b79971baf35da72aaf990b2367f2bcdaff4cb675b95940848c678
                                                            • Opcode Fuzzy Hash: 89c50f1180992e98cc7d7e29121612b27cb775f620f237d337b8d6e8d9003440
                                                            • Instruction Fuzzy Hash: DD11A271610206ABCF14BF649C89EEE776AAF86308F144075FD09AB292DE709959CF60
                                                            Function 002D5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 002D58C1
                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 002D58EE
                                                            • DrawMenuBar.USER32(?), ref: 002D58FD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Menu$InfoItem$Draw
                                                            • String ID: 0
                                                            • API String ID: 3227129158-4108050209
                                                            • Opcode ID: 9ec36aedd1261dbe3fc75f4a6e8ece480fdccd55b6b017f2cfae944c85426d64
                                                            • Instruction ID: e872a1a6f1f574efbce3647b1bdebb0270dfb3d340c8dade92b026b98681c565
                                                            • Opcode Fuzzy Hash: 9ec36aedd1261dbe3fc75f4a6e8ece480fdccd55b6b017f2cfae944c85426d64
                                                            • Instruction Fuzzy Hash: A301C431520219EFDB109F11EC45BEEBBB4FF45361F10809AE848D6251DB708EA4DF61
                                                            Function 0029D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 0029D3BF
                                                            • FreeLibrary.KERNEL32 ref: 0029D3E5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: AddressFreeLibraryProc
                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                            • API String ID: 3013587201-2590602151
                                                            • Opcode ID: 224394890ad16d5ff1de7333ba56b94d4439ccfca19532b18ed98a3f613cdde3
                                                            • Instruction ID: 2dd2e92b496be8e7b3e78cc7518b07f19311c42a855a9d1be70defd1d4fe2a32
                                                            • Opcode Fuzzy Hash: 224394890ad16d5ff1de7333ba56b94d4439ccfca19532b18ed98a3f613cdde3
                                                            • Instruction Fuzzy Hash: A7F05C65C3571387DF791F208D0C9993314AF10702B608686E812E1099CBB0CDA1EA45
                                                            Function 002A007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 026d4293b1cd12ce58a03afe9f410522e3b89ae2df7bf10d472c3112f214f7c1
                                                            • Instruction ID: 5bab5dbd63029e4d6b4098d65fbdc2754d6754f70d8e49900a1790b62581fc9e
                                                            • Opcode Fuzzy Hash: 026d4293b1cd12ce58a03afe9f410522e3b89ae2df7bf10d472c3112f214f7c1
                                                            • Instruction Fuzzy Hash: 75C15C75A10206EFDB14CFA4C894BAEB7B5FF49304F208598E905EB251DB71ED91CB90
                                                            Function 002C342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                            • String ID:
                                                            • API String ID: 1998397398-0
                                                            • Opcode ID: ae483c71f68574847fc3ee77544f67deeb2a9ab34d9e897f7c6f08f0a525dc42
                                                            • Instruction ID: 1682bf268e557cfee5d294e2f9c7040bbe50bb1251da5dd61df97daddf9e781b
                                                            • Opcode Fuzzy Hash: ae483c71f68574847fc3ee77544f67deeb2a9ab34d9e897f7c6f08f0a525dc42
                                                            • Instruction Fuzzy Hash: ABA145756242119FC705DF28C885E2AB7E4EF88710F14895DF98A9B362DB30EE15CF91
                                                            Function 002A0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,002DFC08,?), ref: 002A05F0
                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,002DFC08,?), ref: 002A0608
                                                            • CLSIDFromProgID.OLE32(?,?,00000000,002DCC40,000000FF,?,00000000,00000800,00000000,?,002DFC08,?), ref: 002A062D
                                                            • _memcmp.LIBVCRUNTIME ref: 002A064E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FromProg$FreeTask_memcmp
                                                            • String ID:
                                                            • API String ID: 314563124-0
                                                            • Opcode ID: a0a6f3ef0a04a436a35bc2a7d81a3f815e2eb7c9132a5dfaabd5edb7ae4f3541
                                                            • Instruction ID: e550b6a2bb75061d250c073beb9545580626b167439503c756b67d7fe70accff
                                                            • Opcode Fuzzy Hash: a0a6f3ef0a04a436a35bc2a7d81a3f815e2eb7c9132a5dfaabd5edb7ae4f3541
                                                            • Instruction Fuzzy Hash: 3B813C71A1010AEFCB04DF94C984EEEB7B9FF89315F204199E516AB250DB71AE16CF60
                                                            Function 00281391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _free
                                                            • String ID:
                                                            • API String ID: 269201875-0
                                                            • Opcode ID: f183b9c36791c38aba80c211e7015a73c79ece0744fdf98a09943b7d4e109d64
                                                            • Instruction ID: 15ba4d05c91678359a704d4bd72eee41cc36ec58b0785716e17432218e69635c
                                                            • Opcode Fuzzy Hash: f183b9c36791c38aba80c211e7015a73c79ece0744fdf98a09943b7d4e109d64
                                                            • Instruction Fuzzy Hash: 05413E39A32111ABDF217FB89C46ABE3BACEF45330F144225F819D61D1E67448B35B61
                                                            Function 002D6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetWindowRect.USER32(?,?), ref: 002D62E2
                                                            • ScreenToClient.USER32(?,?), ref: 002D6315
                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 002D6382
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$ClientMoveRectScreen
                                                            • String ID:
                                                            • API String ID: 3880355969-0
                                                            • Opcode ID: 6359ba66a946a024880407c99191830a3e2b0c042aa0901fefa7cfdebabf02bc
                                                            • Instruction ID: 66be7ec23c9fddb4931cef39a9380cbf55ff65976d0793b6036b458c382d5a60
                                                            • Opcode Fuzzy Hash: 6359ba66a946a024880407c99191830a3e2b0c042aa0901fefa7cfdebabf02bc
                                                            • Instruction Fuzzy Hash: F2514C74A1020AEFCF14DF68D8889AE7BB5EF55760F20829AF91597390D730ED51CB90
                                                            Function 002C1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 002C1AFD
                                                            • WSAGetLastError.WSOCK32 ref: 002C1B0B
                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 002C1B8A
                                                            • WSAGetLastError.WSOCK32 ref: 002C1B94
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorLast$socket
                                                            • String ID:
                                                            • API String ID: 1881357543-0
                                                            • Opcode ID: 51493707506629cbaf0e0e8ea1dcf1b8f09ef461d5ea607c9b1b065c9d339531
                                                            • Instruction ID: d1f0e200ed91c70051f223005d4147a410799833269f605058c7c8af89d23b2a
                                                            • Opcode Fuzzy Hash: 51493707506629cbaf0e0e8ea1dcf1b8f09ef461d5ea607c9b1b065c9d339531
                                                            • Instruction Fuzzy Hash: 7941AE34610201AFE724AF24C886F2977E5AB45718F54858CF91A9F3D3D772DD628F90
                                                            Function 0027B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 002051dcb50e38695904c97d3a7bff697d31fd50c8c1736cd0e5984471a99e68
                                                            • Instruction ID: 7c500ecc38b67108cad586681d3a50a2e2031bf8ea7ee4d2255d55928b6b0a42
                                                            • Opcode Fuzzy Hash: 002051dcb50e38695904c97d3a7bff697d31fd50c8c1736cd0e5984471a99e68
                                                            • Instruction Fuzzy Hash: C8411B75A20304BFD7259F38CC51B6ABBF9EB88710F10852AF549DB2C2D77199718B80
                                                            Function 002B56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 002B5783
                                                            • GetLastError.KERNEL32(?,00000000), ref: 002B57A9
                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 002B57CE
                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 002B57FA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                            • String ID:
                                                            • API String ID: 3321077145-0
                                                            • Opcode ID: fbb24730b90c6034be2aa05cb5cbfa1d715333d5c75560380dcab77fc6fd7b82
                                                            • Instruction ID: 2b41aceb7382983875ff1ea71f695ac62620d1cf364f40844c1e1a37279ea40a
                                                            • Opcode Fuzzy Hash: fbb24730b90c6034be2aa05cb5cbfa1d715333d5c75560380dcab77fc6fd7b82
                                                            • Instruction Fuzzy Hash: F0411A35610621DFCB15DF15C544A5ABBE2EF89720B198888EC5AAF362CB34FD50CF91
                                                            Function 0027D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,00266D71,00000000,00000000,002682D9,?,002682D9,?,00000001,00266D71,?,00000001,002682D9,002682D9), ref: 0027D910
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0027D999
                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0027D9AB
                                                            • __freea.LIBCMT ref: 0027D9B4
                                                              • Part of subcall function 00273820: RtlAllocateHeap.NTDLL(00000000,?,00311444,?,0025FDF5,?,?,0024A976,00000010,00311440,002413FC,?,002413C6,?,00241129), ref: 00273852
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                            • String ID:
                                                            • API String ID: 2652629310-0
                                                            • Opcode ID: a8cd0503f3d65c5bb160c5407f2bbc6adac558659af39424a8f36d489fb2ab68
                                                            • Instruction ID: 9c259bcd8086a5fedc69a7970ad13a5c36fbd8e4eb9d1237902b56e4a758cce8
                                                            • Opcode Fuzzy Hash: a8cd0503f3d65c5bb160c5407f2bbc6adac558659af39424a8f36d489fb2ab68
                                                            • Instruction Fuzzy Hash: 3331CD72A2021AEBDB259F64DC45EAE7BB5EF40310F158269FD08D6290EB35CD60CB90
                                                            Function 002D52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 002D5352
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D5375
                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 002D5382
                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 002D53A8
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                            • String ID:
                                                            • API String ID: 3340791633-0
                                                            • Opcode ID: 96604ab61b31e9c6852e151cde9b0223a44f4a359f6067c10c46b222775fd38e
                                                            • Instruction ID: b812515d28399aaa9c788ca3cc0136803f2dd96d41348fbb801d913d97b7bb29
                                                            • Opcode Fuzzy Hash: 96604ab61b31e9c6852e151cde9b0223a44f4a359f6067c10c46b222775fd38e
                                                            • Instruction Fuzzy Hash: F731C534A75A29EFEBB49E14CC05BE87765AB04390F584183FA10963E1C7F49DB0DB81
                                                            Function 002AAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 002AABF1
                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 002AAC0D
                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 002AAC74
                                                            • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 002AACC6
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: KeyboardState$InputMessagePostSend
                                                            • String ID:
                                                            • API String ID: 432972143-0
                                                            • Opcode ID: 032a9328ee463bcac0f173ebf2dcc99975d30450cd1f6095dc12541f765d4d8d
                                                            • Instruction ID: a1e04b0f0a5597db6dd22dc817d8e7a852a871f352b64faecb7c778dc87a3f97
                                                            • Opcode Fuzzy Hash: 032a9328ee463bcac0f173ebf2dcc99975d30450cd1f6095dc12541f765d4d8d
                                                            • Instruction Fuzzy Hash: 2E311830A20619AFFF258F6588087FA7BA7AF86330F14421BE481921D1CB7589A5C792
                                                            Function 002D7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • ClientToScreen.USER32(?,?), ref: 002D769A
                                                            • GetWindowRect.USER32(?,?), ref: 002D7710
                                                            • PtInRect.USER32(?,?,002D8B89), ref: 002D7720
                                                            • MessageBeep.USER32(00000000), ref: 002D778C
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                            • String ID:
                                                            • API String ID: 1352109105-0
                                                            • Opcode ID: be4471733d2aac3eb5ce1d6a27468346da13521991fc64ef1bbad6642e51e0b0
                                                            • Instruction ID: ec309ad4e3acd7f63de794b78e39c204c9ccc3d62379f34a0de751da062e1d6e
                                                            • Opcode Fuzzy Hash: be4471733d2aac3eb5ce1d6a27468346da13521991fc64ef1bbad6642e51e0b0
                                                            • Instruction Fuzzy Hash: 3C419C34A192159FEB02CF58D894EA9B7F8BB48314F1485AAE5249B361E334ED51CF90
                                                            Function 002D16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetForegroundWindow.USER32 ref: 002D16EB
                                                              • Part of subcall function 002A3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 002A3A57
                                                              • Part of subcall function 002A3A3D: GetCurrentThreadId.KERNEL32 ref: 002A3A5E
                                                              • Part of subcall function 002A3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,002A25B3), ref: 002A3A65
                                                            • GetCaretPos.USER32(?), ref: 002D16FF
                                                            • ClientToScreen.USER32(00000000,?), ref: 002D174C
                                                            • GetForegroundWindow.USER32 ref: 002D1752
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                            • String ID:
                                                            • API String ID: 2759813231-0
                                                            • Opcode ID: 146d2abc4cee5f6e1042b9e709a1fac4dcc47c554d44cec17314c7a9940a9bb5
                                                            • Instruction ID: 9c017bd82c825c5a6999f0165e6247e19170ccc1fa2543bdce85587c60bdc7b2
                                                            • Opcode Fuzzy Hash: 146d2abc4cee5f6e1042b9e709a1fac4dcc47c554d44cec17314c7a9940a9bb5
                                                            • Instruction Fuzzy Hash: 21317071D11209AFD704EFA9C885CAEBBF9EF48304B5080AAE415E7611E7319E55CFA0
                                                            Function 002AD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 002AD501
                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 002AD50F
                                                            • Process32NextW.KERNEL32(00000000,?), ref: 002AD52F
                                                            • CloseHandle.KERNEL32(00000000), ref: 002AD5DC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                            • String ID:
                                                            • API String ID: 420147892-0
                                                            • Opcode ID: 34b2fa10824c8dfcacf29cfac7915b11284dba977f7acbd82a1560cccbbb4e31
                                                            • Instruction ID: f7906c1647492051f196835b587082be0cd8f9e1177ddca64a95539b3bf4a466
                                                            • Opcode Fuzzy Hash: 34b2fa10824c8dfcacf29cfac7915b11284dba977f7acbd82a1560cccbbb4e31
                                                            • Instruction Fuzzy Hash: 9931C4715183019FD304EF54D885AAFBBF8EF99344F50092DF586821A2EF71D954CB92
                                                            Function 002D8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00259BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00259BB2
                                                            • GetCursorPos.USER32(?), ref: 002D9001
                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00297711,?,?,?,?,?), ref: 002D9016
                                                            • GetCursorPos.USER32(?), ref: 002D905E
                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00297711,?,?,?), ref: 002D9094
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                            • String ID:
                                                            • API String ID: 2864067406-0
                                                            • Opcode ID: dcf8898dfb79012b88b978f8c9807432bc5416fa25cefab64378f72fc794d2f5
                                                            • Instruction ID: e3dc564b6eea7f0db992637ada0a64bbd5d59d82ed46a3002ef570295b2a28ff
                                                            • Opcode Fuzzy Hash: dcf8898dfb79012b88b978f8c9807432bc5416fa25cefab64378f72fc794d2f5
                                                            • Instruction Fuzzy Hash: 4821D135610018EFCB269F94EC58EFA7BB9EF89352F148166F90597261C3319DA0DFA0
                                                            Function 002AD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNEL32(?,002DCB68), ref: 002AD2FB
                                                            • GetLastError.KERNEL32 ref: 002AD30A
                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 002AD319
                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,002DCB68), ref: 002AD376
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                            • String ID:
                                                            • API String ID: 2267087916-0
                                                            • Opcode ID: 62b1b97f62f88fd833a97d00de01ed6c7160bcda67e5a6917d328462c94bb140
                                                            • Instruction ID: 88e16915d1aca91f8a58c403f7f789ab2ab8a62e99d253e331b9dc3cd52534f3
                                                            • Opcode Fuzzy Hash: 62b1b97f62f88fd833a97d00de01ed6c7160bcda67e5a6917d328462c94bb140
                                                            • Instruction Fuzzy Hash: EF2191705652029F8B00EF28D88546EB7E4AF57324F204A5EF89AC72A1DB30DD55CF93
                                                            Function 002A1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 002A102A
                                                              • Part of subcall function 002A1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 002A1036
                                                              • Part of subcall function 002A1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002A1045
                                                              • Part of subcall function 002A1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 002A104C
                                                              • Part of subcall function 002A1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 002A1062
                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 002A15BE
                                                            • _memcmp.LIBVCRUNTIME ref: 002A15E1
                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 002A1617
                                                            • HeapFree.KERNEL32(00000000), ref: 002A161E
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                            • String ID:
                                                            • API String ID: 1592001646-0
                                                            • Opcode ID: 56146b57fdc0bca84a2d39a87fbb0b93fa63b23f56643e191d278510406c939c
                                                            • Instruction ID: c0edfd536247caad0d1f933f02e17815b487ddc351ba904aa26cc515f54d0e15
                                                            • Opcode Fuzzy Hash: 56146b57fdc0bca84a2d39a87fbb0b93fa63b23f56643e191d278510406c939c
                                                            • Instruction Fuzzy Hash: 0D21B031E5010AEFDF00DFA4C948BEEB7B8EF41364F184459E441AB240EB30AE28CB50
                                                            Function 002D2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetWindowLongW.USER32(?,000000EC), ref: 002D280A
                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002D2824
                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 002D2832
                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 002D2840
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$Long$AttributesLayered
                                                            • String ID:
                                                            • API String ID: 2169480361-0
                                                            • Opcode ID: 0e21aeba5975d39a9eca712cce47bde0d722bc61d1892ff18164435534ae0635
                                                            • Instruction ID: 672226bb6510724beca8d261ed7f76ce9f2ccde923b29a1d972accc8832ee135
                                                            • Opcode Fuzzy Hash: 0e21aeba5975d39a9eca712cce47bde0d722bc61d1892ff18164435534ae0635
                                                            • Instruction Fuzzy Hash: CA212431215112EFE7149B24D844F6AB795EF55324F24814AF416CB3E2C771FC56CBA0
                                                            Function 002A78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 002A8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,002A790A,?,000000FF,?,002A8754,00000000,?,0000001C,?,?), ref: 002A8D8C
                                                              • Part of subcall function 002A8D7D: lstrcpyW.KERNEL32(00000000,?,?,002A790A,?,000000FF,?,002A8754,00000000,?,0000001C,?,?,00000000), ref: 002A8DB2
                                                              • Part of subcall function 002A8D7D: lstrcmpiW.KERNEL32(00000000,?,002A790A,?,000000FF,?,002A8754,00000000,?,0000001C,?,?), ref: 002A8DE3
                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,002A8754,00000000,?,0000001C,?,?,00000000), ref: 002A7923
                                                            • lstrcpyW.KERNEL32(00000000,?,?,002A8754,00000000,?,0000001C,?,?,00000000), ref: 002A7949
                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,002A8754,00000000,?,0000001C,?,?,00000000), ref: 002A7984
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: lstrcmpilstrcpylstrlen
                                                            • String ID: cdecl
                                                            • API String ID: 4031866154-3896280584
                                                            • Opcode ID: 532c6086553546a8d3861d85615d4fe0a7579848a2f4b48ac21f1c82b936250d
                                                            • Instruction ID: a759fbf565fbdd700ed562899a73c59a306ebbb9322febaa52047897263e998b
                                                            • Opcode Fuzzy Hash: 532c6086553546a8d3861d85615d4fe0a7579848a2f4b48ac21f1c82b936250d
                                                            • Instruction Fuzzy Hash: 3C11B13A211243ABDB159F38DC45E7B77A9EF86350B50402BE946C72A4EF319821CBA5
                                                            Function 002D7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetWindowLongW.USER32(?,000000F0), ref: 002D7D0B
                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 002D7D2A
                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 002D7D42
                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,002BB7AD,00000000), ref: 002D7D6B
                                                              • Part of subcall function 00259BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00259BB2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$Long
                                                            • String ID:
                                                            • API String ID: 847901565-0
                                                            • Opcode ID: 84a39c67c1e37eb095ac702641eec5472a354f389301b8bfc74950869021800e
                                                            • Instruction ID: 667e2c3a977fd49cac01041e7ab075472b6a8c0e1858604203335cc8e3533f46
                                                            • Opcode Fuzzy Hash: 84a39c67c1e37eb095ac702641eec5472a354f389301b8bfc74950869021800e
                                                            • Instruction Fuzzy Hash: A111E7316256169FCB109F28DC04AA63BA9AF45370F218326F935D72F0E734CD60CB80
                                                            Function 002D5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 002D56BB
                                                            • _wcslen.LIBCMT ref: 002D56CD
                                                            • _wcslen.LIBCMT ref: 002D56D8
                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 002D5816
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend_wcslen
                                                            • String ID:
                                                            • API String ID: 455545452-0
                                                            • Opcode ID: 9a8811aecaaef2d869d6f41c176aeb97820afaa07f12f8955dc935601523691f
                                                            • Instruction ID: dd5271c49e9a0fe6b5afdf4fcbd32e1417be0145d6fff5794bda885e321a2249
                                                            • Opcode Fuzzy Hash: 9a8811aecaaef2d869d6f41c176aeb97820afaa07f12f8955dc935601523691f
                                                            • Instruction Fuzzy Hash: 7C11D671A2062996DB209F65CC85AEE77ACFF10760F10402BF915D6281EBF0CDA4CFA0
                                                            Function 00271D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 481107d568f70a3170e0bde96c80d94796371b980e4364421675b5bd0055551d
                                                            • Instruction ID: 7f1f478e377ce6c00fdab62c50fdce6e5016e391b07b896360b67c155298bc52
                                                            • Opcode Fuzzy Hash: 481107d568f70a3170e0bde96c80d94796371b980e4364421675b5bd0055551d
                                                            • Instruction Fuzzy Hash: 750171B262A6177EE6211A787CC1F67661CDF413B4F348326F529911D1DB708C709960
                                                            Function 002A1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 002A1A47
                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002A1A59
                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002A1A6F
                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 002A1A8A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID:
                                                            • API String ID: 3850602802-0
                                                            • Opcode ID: 5fdcb8ccf659a763d4524215bd45f3360192e24ed1b3f5a7ecac652106b0439b
                                                            • Instruction ID: 21222049abf1a658a45a3b6ace6b25c3c4e71ff0b6263f464b6e9218b26762dc
                                                            • Opcode Fuzzy Hash: 5fdcb8ccf659a763d4524215bd45f3360192e24ed1b3f5a7ecac652106b0439b
                                                            • Instruction Fuzzy Hash: BB113C3AD01219FFEB10DBA4CD85FADBB78EB04750F200091E600B7294DA716E60DB94
                                                            Function 002AE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentThreadId.KERNEL32 ref: 002AE1FD
                                                            • MessageBoxW.USER32(?,?,?,?), ref: 002AE230
                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 002AE246
                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 002AE24D
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                            • String ID:
                                                            • API String ID: 2880819207-0
                                                            • Opcode ID: fc005829b2469ad187f87f6f602ef2c33fdd8b9ed16463e89efdf278edaec20e
                                                            • Instruction ID: bf621e9457378d416968ac9e5adce58c00ae262642d56310a2fe1b8cc65dbe31
                                                            • Opcode Fuzzy Hash: fc005829b2469ad187f87f6f602ef2c33fdd8b9ed16463e89efdf278edaec20e
                                                            • Instruction Fuzzy Hash: 51112B76D14259BBCB019FA8EC09BDE7FACDB46320F108656F924D3291D6B0CD1087B0
                                                            Function 0026D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNEL32(00000000,?,0026CFF9,00000000,00000004,00000000), ref: 0026D218
                                                            • GetLastError.KERNEL32 ref: 0026D224
                                                            • __dosmaperr.LIBCMT ref: 0026D22B
                                                            • ResumeThread.KERNEL32(00000000), ref: 0026D249
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                            • String ID:
                                                            • API String ID: 173952441-0
                                                            • Opcode ID: fa224ec6d2392f335c81ab296de253d14f22838d1b5fb4f15992e78b11ee1fba
                                                            • Instruction ID: 0e5c5700d1ff63328eadd5d40be7917a18c037499534aa96ec6717afc93ae108
                                                            • Opcode Fuzzy Hash: fa224ec6d2392f335c81ab296de253d14f22838d1b5fb4f15992e78b11ee1fba
                                                            • Instruction Fuzzy Hash: 28012B36D251097BCB105F65DC09BAA7B58DF81330F204255FC24910D1CB70CDA1CAA0
                                                            Function 0024600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0024604C
                                                            • GetStockObject.GDI32(00000011), ref: 00246060
                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 0024606A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CreateMessageObjectSendStockWindow
                                                            • String ID:
                                                            • API String ID: 3970641297-0
                                                            • Opcode ID: e56886aa57dcb5a35c0ad73bb72cb5b44d87ab7301cb189d31de302144a8ffa4
                                                            • Instruction ID: 4c46616a73567ce13768db8f0148b9d2c1a0bd45bff58d5ae75456a8d3728353
                                                            • Opcode Fuzzy Hash: e56886aa57dcb5a35c0ad73bb72cb5b44d87ab7301cb189d31de302144a8ffa4
                                                            • Instruction Fuzzy Hash: F811C0B251250ABFEF165FA4DC48EEABB6DFF093A5F105202FA1452010C732DC60DBA1
                                                            Function 00263B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00263B56
                                                              • Part of subcall function 00263AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00263AD2
                                                              • Part of subcall function 00263AA3: ___AdjustPointer.LIBCMT ref: 00263AED
                                                            • _UnwindNestedFrames.LIBCMT ref: 00263B6B
                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00263B7C
                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00263BA4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                            • String ID:
                                                            • API String ID: 737400349-0
                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                            • Instruction ID: bd815e28189c12bbcf5d349911b58bdbde1a8073c91bcd530ce1a5b42eee6d4e
                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                            • Instruction Fuzzy Hash: E901E932110149BBDF12AE95CC46EEB7B69EF59758F044014FE4856121C732E9B1EFA0
                                                            Function 00273073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,002413C6,00000000,00000000,?,0027301A,002413C6,00000000,00000000,00000000,?,0027328B,00000006,FlsSetValue), ref: 002730A5
                                                            • GetLastError.KERNEL32(?,0027301A,002413C6,00000000,00000000,00000000,?,0027328B,00000006,FlsSetValue,002E2290,FlsSetValue,00000000,00000364,?,00272E46), ref: 002730B1
                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0027301A,002413C6,00000000,00000000,00000000,?,0027328B,00000006,FlsSetValue,002E2290,FlsSetValue,00000000), ref: 002730BF
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: LibraryLoad$ErrorLast
                                                            • String ID:
                                                            • API String ID: 3177248105-0
                                                            • Opcode ID: 5057ad7b64d713e815e3b8ccb7baf2fc9c1827c2be7cfa7e1ddfcbfbdfb55328
                                                            • Instruction ID: 4877a740ca1f65ed70c74dc24b8c4440e913fba638205b13ce50080c551297d5
                                                            • Opcode Fuzzy Hash: 5057ad7b64d713e815e3b8ccb7baf2fc9c1827c2be7cfa7e1ddfcbfbdfb55328
                                                            • Instruction Fuzzy Hash: 9601D432772223ABCB218E79AC489577B98AF45B61B208721F909E7180D731DD11D6E0
                                                            Function 002A7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 002A747F
                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 002A7497
                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 002A74AC
                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 002A74CA
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                            • String ID:
                                                            • API String ID: 1352324309-0
                                                            • Opcode ID: 5dad50c36e39920af7b4a3a71a45e19791aff0ea6ff071325eaa8194d4196272
                                                            • Instruction ID: 3b49c7001048479e090c447ecb2418e5bb469f047b3f0cdf3c138cb8486d0d78
                                                            • Opcode Fuzzy Hash: 5dad50c36e39920af7b4a3a71a45e19791aff0ea6ff071325eaa8194d4196272
                                                            • Instruction Fuzzy Hash: 3D11A1B561A3119FF7208F14EC08B927BFCEB05B00F10856AA656D6151DBB0E914DF64
                                                            Function 002AB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,002AACD3,?,00008000), ref: 002AB0C4
                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,002AACD3,?,00008000), ref: 002AB0E9
                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,002AACD3,?,00008000), ref: 002AB0F3
                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,002AACD3,?,00008000), ref: 002AB126
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CounterPerformanceQuerySleep
                                                            • String ID:
                                                            • API String ID: 2875609808-0
                                                            • Opcode ID: 17ae305a9d0069825df37cb129adbb211493e73f72e333cc6efd04b261d90486
                                                            • Instruction ID: 83748d6c72146f746fff843d813c3c59b1130c713737a3e57e7553178cace6a5
                                                            • Opcode Fuzzy Hash: 17ae305a9d0069825df37cb129adbb211493e73f72e333cc6efd04b261d90486
                                                            • Instruction Fuzzy Hash: DB115B31C2162DE7CF05AFE4E9696EEBB78FF0A711F1140A6D945B2182CF709A60CB51
                                                            Function 002D7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetWindowRect.USER32(?,?), ref: 002D7E33
                                                            • ScreenToClient.USER32(?,?), ref: 002D7E4B
                                                            • ScreenToClient.USER32(?,?), ref: 002D7E6F
                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 002D7E8A
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                            • String ID:
                                                            • API String ID: 357397906-0
                                                            • Opcode ID: 5712117b6faaf3b149eb2e5b9163695c05d05c72a19b2753939aed57a8d46f0d
                                                            • Instruction ID: ccde9a2a8ea66cfa03294fc5d2e70cd68b4b8325da5daa377d11dd8d97e91d1c
                                                            • Opcode Fuzzy Hash: 5712117b6faaf3b149eb2e5b9163695c05d05c72a19b2753939aed57a8d46f0d
                                                            • Instruction Fuzzy Hash: 041156B9D0024AAFDB41DF98D884AEEBBF9FF08310F505156E915E3210D735AA54CF90
                                                            Function 002A2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 002A2DC5
                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 002A2DD6
                                                            • GetCurrentThreadId.KERNEL32 ref: 002A2DDD
                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 002A2DE4
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                            • String ID:
                                                            • API String ID: 2710830443-0
                                                            • Opcode ID: 573f2969d1b1849e5cd291406f70f6028b89b09a4f9159c041087b54cdcc7ee0
                                                            • Instruction ID: 3b3befe2cdb185daf557e7132178c2faf2ec4cd8847535ad32474469035c5ecf
                                                            • Opcode Fuzzy Hash: 573f2969d1b1849e5cd291406f70f6028b89b09a4f9159c041087b54cdcc7ee0
                                                            • Instruction Fuzzy Hash: DBE06D71912626BBDB202B66AC0DEEB3F6CEF83BA1F100016B505D10819AA4C844C6F0
                                                            Function 002D8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00259639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00259693
                                                              • Part of subcall function 00259639: SelectObject.GDI32(?,00000000), ref: 002596A2
                                                              • Part of subcall function 00259639: BeginPath.GDI32(?), ref: 002596B9
                                                              • Part of subcall function 00259639: SelectObject.GDI32(?,00000000), ref: 002596E2
                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 002D8887
                                                            • LineTo.GDI32(?,?,?), ref: 002D8894
                                                            • EndPath.GDI32(?), ref: 002D88A4
                                                            • StrokePath.GDI32(?), ref: 002D88B2
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                            • String ID:
                                                            • API String ID: 1539411459-0
                                                            • Opcode ID: fdb06033dc8c26c5b751f1f323253ddabc1be53a95d718cd818ece6df2778288
                                                            • Instruction ID: 4544c72642fbcd9e1dfd501639c4b206b8b465b3c323f9b4f9fd8f78927179e3
                                                            • Opcode Fuzzy Hash: fdb06033dc8c26c5b751f1f323253ddabc1be53a95d718cd818ece6df2778288
                                                            • Instruction Fuzzy Hash: 8CF09A3641225AFADB121F94AC0DFCA3B19AF0A311F108002FA11610E1C7745920DFE9
                                                            Function 002598B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetSysColor.USER32(00000008), ref: 002598CC
                                                            • SetTextColor.GDI32(?,?), ref: 002598D6
                                                            • SetBkMode.GDI32(?,00000001), ref: 002598E9
                                                            • GetStockObject.GDI32(00000005), ref: 002598F1
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Color$ModeObjectStockText
                                                            • String ID:
                                                            • API String ID: 4037423528-0
                                                            • Opcode ID: 61805679114c514a62d7894b92437bc57a3928cf1b3c5325c00c279e2aae2f4a
                                                            • Instruction ID: 471fe36a30e8b2c3de16f46b5db0aca5523efc8c36eca9891a56411ace6b4b59
                                                            • Opcode Fuzzy Hash: 61805679114c514a62d7894b92437bc57a3928cf1b3c5325c00c279e2aae2f4a
                                                            • Instruction Fuzzy Hash: CCE06D31655292AADF215F74BC0DBE83F20AB12336F24821AFAFA580E1C3718A50DB10
                                                            Function 002A162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetCurrentThread.KERNEL32 ref: 002A1634
                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,002A11D9), ref: 002A163B
                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,002A11D9), ref: 002A1648
                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,002A11D9), ref: 002A164F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CurrentOpenProcessThreadToken
                                                            • String ID:
                                                            • API String ID: 3974789173-0
                                                            • Opcode ID: ad37aab951757deb34a7b42a6cc80592ccee7e81b6a0e1dcac9bc99fe4473146
                                                            • Instruction ID: a3d89cc2e9740db067ec6717937901ee6fe5a694bf052709e01eb21dea31d88e
                                                            • Opcode Fuzzy Hash: ad37aab951757deb34a7b42a6cc80592ccee7e81b6a0e1dcac9bc99fe4473146
                                                            • Instruction Fuzzy Hash: FFE08631A03213DBD7201FE0BE0DB463B7CAF45BA2F244809F785C9080DA344850C750
                                                            Function 0029D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetDesktopWindow.USER32 ref: 0029D858
                                                            • GetDC.USER32(00000000), ref: 0029D862
                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0029D882
                                                            • ReleaseDC.USER32(?), ref: 0029D8A3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                            • String ID:
                                                            • API String ID: 2889604237-0
                                                            • Opcode ID: 68073569dc4961262661bf04dfcf0d4382e453e0bca9d0b616a386609ba90963
                                                            • Instruction ID: 982a374514b5afc31e5dd681a7296c48e0b2e3d07056afdac35bfa544242fa8b
                                                            • Opcode Fuzzy Hash: 68073569dc4961262661bf04dfcf0d4382e453e0bca9d0b616a386609ba90963
                                                            • Instruction Fuzzy Hash: A3E01AB0C21206DFCF419FA0E80C66DBBB5FB48311F24800AE856E7250C7798915EF80
                                                            Function 0029D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetDesktopWindow.USER32 ref: 0029D86C
                                                            • GetDC.USER32(00000000), ref: 0029D876
                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 0029D882
                                                            • ReleaseDC.USER32(?), ref: 0029D8A3
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                            • String ID:
                                                            • API String ID: 2889604237-0
                                                            • Opcode ID: ccd4811b90f141d3b3c247c8ceb91966516b75f63039670b023d8cbd69935b16
                                                            • Instruction ID: 107614c529fde374e16e8d8ac5963099be5db1aa49d5ab765abd0a1a2effcc68
                                                            • Opcode Fuzzy Hash: ccd4811b90f141d3b3c247c8ceb91966516b75f63039670b023d8cbd69935b16
                                                            • Instruction Fuzzy Hash: 04E01A70C11201DFCB509FA0E80C66DBBB5FB48311B24800AE956E7250C7399915DF80
                                                            Function 002B4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00247620: _wcslen.LIBCMT ref: 00247625
                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 002B4ED4
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Connection_wcslen
                                                            • String ID: *$LPT
                                                            • API String ID: 1725874428-3443410124
                                                            • Opcode ID: 30ff48cc7f82e095bee3f3344d34bf1651da5c51359088c867f75d1a7306b492
                                                            • Instruction ID: e7bdbb61277b4ad8f65b312db11c91300f0231ed7ed4f66698e30f5eb6e7fdac
                                                            • Opcode Fuzzy Hash: 30ff48cc7f82e095bee3f3344d34bf1651da5c51359088c867f75d1a7306b492
                                                            • Instruction Fuzzy Hash: 0F916E75A102159FCB14EF58C4C4EAABBF1BF48344F198099E80A9F7A2C771ED95CB90
                                                            Function 0026E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __startOneArgErrorHandling.LIBCMT ref: 0026E30D
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ErrorHandling__start
                                                            • String ID: pow
                                                            • API String ID: 3213639722-2276729525
                                                            • Opcode ID: 1c11fa40a9b272c6d41025f44e17b2f91d598945bfcac60f3e14258f54139ea4
                                                            • Instruction ID: 3adac00bef188616c7253ae35ea3921c3e64087790681edaa44e1af0ced19135
                                                            • Opcode Fuzzy Hash: 1c11fa40a9b272c6d41025f44e17b2f91d598945bfcac60f3e14258f54139ea4
                                                            • Instruction Fuzzy Hash: 67517C75A3C10396CF257F14C9453B93B98EB40740F30C9A9E49A863E9DF308CF59A86
                                                            Function 002C7771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CharUpperBuffW.USER32(0029569E,00000000,?,002DCC08,?,00000000,00000000), ref: 002C78DD
                                                              • Part of subcall function 00246B57: _wcslen.LIBCMT ref: 00246B6A
                                                            • CharUpperBuffW.USER32(0029569E,00000000,?,002DCC08,00000000,?,00000000,00000000), ref: 002C783B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: BuffCharUpper$_wcslen
                                                            • String ID: <s0
                                                            • API String ID: 3544283678-4043038591
                                                            • Opcode ID: 74ea389b5e103b61abf4c5467e9cd38992f92a50328d965733c3f2b2c885753a
                                                            • Instruction ID: e7eaaa438370978cf65ca6fc955530fb547915bbfb75c430e525ebd8ea7f82e8
                                                            • Opcode Fuzzy Hash: 74ea389b5e103b61abf4c5467e9cd38992f92a50328d965733c3f2b2c885753a
                                                            • Instruction Fuzzy Hash: 46615C36934119AACF09EFA4CC95EFDB378BF14700B544229E642A7091EB705A69DFA0
                                                            Function 0025E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #
                                                            • API String ID: 0-1885708031
                                                            • Opcode ID: 632539c598919050be5c74f7fc280ee6860c5043b2512ca23f2c847ccd037cc6
                                                            • Instruction ID: 32bb227e572b703581850879a7d7aab9c73f39cbb214e307789f6e50ffb2649e
                                                            • Opcode Fuzzy Hash: 632539c598919050be5c74f7fc280ee6860c5043b2512ca23f2c847ccd037cc6
                                                            • Instruction Fuzzy Hash: FF512331924246DFDF18DFA8C4816FABBA8EF25310F254015EC91DB2D0D6309EA6CBA1
                                                            Function 0025F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Sleep.KERNEL32(00000000), ref: 0025F2A2
                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 0025F2BB
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: GlobalMemorySleepStatus
                                                            • String ID: @
                                                            • API String ID: 2783356886-2766056989
                                                            • Opcode ID: e212caf84d36d188c79f611f4f6f966fc783ff4a44fccdfd20a4787e095afbe5
                                                            • Instruction ID: 9ba108392854042399d253116b7591fc8bbd03652f443c78ed811bf69eacf1d9
                                                            • Opcode Fuzzy Hash: e212caf84d36d188c79f611f4f6f966fc783ff4a44fccdfd20a4787e095afbe5
                                                            • Instruction Fuzzy Hash: 265164714197449BD320AF54E88ABABBBF8FB84300F81885DF5D9410A5EB318939CB67
                                                            Function 002C5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 002C57E0
                                                            • _wcslen.LIBCMT ref: 002C57EC
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: BuffCharUpper_wcslen
                                                            • String ID: CALLARGARRAY
                                                            • API String ID: 157775604-1150593374
                                                            • Opcode ID: 4b5ef81c5b932d694efc45ce4cb924423d321d8a8354b43408d917ed37cfb704
                                                            • Instruction ID: 1065c69055c346a0519643a9a9533eb7089585320c9bc44429c03587db553ed4
                                                            • Opcode Fuzzy Hash: 4b5ef81c5b932d694efc45ce4cb924423d321d8a8354b43408d917ed37cfb704
                                                            • Instruction Fuzzy Hash: 73419D31A2011A9FCB14DFA8C885DAEBBB5EF59350B14426DE505A7291E730EDE1CFA0
                                                            Function 002BD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • _wcslen.LIBCMT ref: 002BD130
                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 002BD13A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CrackInternet_wcslen
                                                            • String ID: |
                                                            • API String ID: 596671847-2343686810
                                                            • Opcode ID: 5bce841b826a8acacf19cad784ee13907472327a42e45992673a1f05dd07b4d2
                                                            • Instruction ID: f705917654e955235bf0aed3a63ad3ba61c20af77c226c3ef73aac5cb29739a4
                                                            • Opcode Fuzzy Hash: 5bce841b826a8acacf19cad784ee13907472327a42e45992673a1f05dd07b4d2
                                                            • Instruction Fuzzy Hash: CF311971D21219ABCF15EFA4CC85EEEBFB9FF05340F100019E819A6166E731AA66DF50
                                                            Function 002D356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • DestroyWindow.USER32(?,?,?,?), ref: 002D3621
                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 002D365C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$DestroyMove
                                                            • String ID: static
                                                            • API String ID: 2139405536-2160076837
                                                            • Opcode ID: 98b5a5c64665ce1670544254aeedbc2bb9495a4d563d6718a13a3f339583eb54
                                                            • Instruction ID: c6a958b7c295ebcecfed87e3171cd0725ede861084a8b42d19e364ba52770781
                                                            • Opcode Fuzzy Hash: 98b5a5c64665ce1670544254aeedbc2bb9495a4d563d6718a13a3f339583eb54
                                                            • Instruction Fuzzy Hash: B031B271120205AEDB10DF28DC40EFB73ADFF88720F10861AF8A597280DA31EDA1CB65
                                                            Function 002D4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 002D461F
                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 002D4634
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID: '
                                                            • API String ID: 3850602802-1997036262
                                                            • Opcode ID: 601186716835286e96793afce42be8375656db83dbf118e859d57b8b9db5342a
                                                            • Instruction ID: 332d0065171d606f24103002d70bd630c5e5374a304d43d3d3318fa0a5db5a78
                                                            • Opcode Fuzzy Hash: 601186716835286e96793afce42be8375656db83dbf118e859d57b8b9db5342a
                                                            • Instruction Fuzzy Hash: 17314574A1020A9FDB14DFA9D980BDABBB9FF19300F50406AE905AB381D770ED11CF90
                                                            Function 002D31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 002D327C
                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 002D3287
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: MessageSend
                                                            • String ID: Combobox
                                                            • API String ID: 3850602802-2096851135
                                                            • Opcode ID: fd2a93134da279295a01a9ea5d1ea9d29317addd1cb46ec8c95a0948ddef0b63
                                                            • Instruction ID: f2d9de1ae86f4299ec68207d14140602d0e0e3ceca3308622c81a65f95358528
                                                            • Opcode Fuzzy Hash: fd2a93134da279295a01a9ea5d1ea9d29317addd1cb46ec8c95a0948ddef0b63
                                                            • Instruction Fuzzy Hash: E2112671B201097FEF15DE54DC88EFB375AEB84360F104126F91897390C631DD608B60
                                                            Function 002D3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0024600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0024604C
                                                              • Part of subcall function 0024600E: GetStockObject.GDI32(00000011), ref: 00246060
                                                              • Part of subcall function 0024600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0024606A
                                                            • GetWindowRect.USER32(00000000,?), ref: 002D377A
                                                            • GetSysColor.USER32(00000012), ref: 002D3794
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                            • String ID: static
                                                            • API String ID: 1983116058-2160076837
                                                            • Opcode ID: 895f8ccdeeb632ba48071ebcc8f0fdc7eaef34bd684693fe808c54d192b38207
                                                            • Instruction ID: 53d9779b4768dbdbacf87e8906bd870f56672ff71faecb46f1e852fbc385507b
                                                            • Opcode Fuzzy Hash: 895f8ccdeeb632ba48071ebcc8f0fdc7eaef34bd684693fe808c54d192b38207
                                                            • Instruction Fuzzy Hash: 16116AB262020AAFEF00DFA8CC46EEA7BB8FB08304F004516F955E2250D735EC60DB60
                                                            Function 002BCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 002BCD7D
                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 002BCDA6
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Internet$OpenOption
                                                            • String ID: <local>
                                                            • API String ID: 942729171-4266983199
                                                            • Opcode ID: ffc299e1d6f10cd0013a98f393bda78a527004fa355de907eefeaf74d7914b1c
                                                            • Instruction ID: b043666c4ded5571892c9253713dfc2eb5b009c0381a5d6d3bc3bbc225f5f401
                                                            • Opcode Fuzzy Hash: ffc299e1d6f10cd0013a98f393bda78a527004fa355de907eefeaf74d7914b1c
                                                            • Instruction Fuzzy Hash: 3811C6796256337AD7384F668C49EE7BE6CEF527E4F60423AB15983080D7709860D6F0
                                                            Function 002D3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetWindowTextLengthW.USER32(00000000), ref: 002D34AB
                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 002D34BA
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: LengthMessageSendTextWindow
                                                            • String ID: edit
                                                            • API String ID: 2978978980-2167791130
                                                            • Opcode ID: 6d6e3442a57a7235088a0f4b7f949ccdf6aea0834d8c36bc51452828fb2d574c
                                                            • Instruction ID: f426cc3edfad593d06581f72a27e53ab3bbe06df1984b59e83abd3a948a280db
                                                            • Opcode Fuzzy Hash: 6d6e3442a57a7235088a0f4b7f949ccdf6aea0834d8c36bc51452828fb2d574c
                                                            • Instruction Fuzzy Hash: F711BF71120109AFEB128E64EC44AFB376AEB05374F608326F960932D0C779DC619B52
                                                            Function 002A6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            • CharUpperBuffW.USER32(?,?,?), ref: 002A6CB6
                                                            • _wcslen.LIBCMT ref: 002A6CC2
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen$BuffCharUpper
                                                            • String ID: STOP
                                                            • API String ID: 1256254125-2411985666
                                                            • Opcode ID: d2d6d35d3a1876aa6a0b769cfadc0ba689f3b279e226a130c269135cfc2d930d
                                                            • Instruction ID: 3bf598ee0e75c7e687ab81fe4cafa4fad362f2c7a97f77a18841ac717deaa122
                                                            • Opcode Fuzzy Hash: d2d6d35d3a1876aa6a0b769cfadc0ba689f3b279e226a130c269135cfc2d930d
                                                            • Instruction Fuzzy Hash: 6C0108326305278BCB119FFDDC888BF33A5EE667607150526E46292195EF31D960CA50
                                                            Function 002A1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                              • Part of subcall function 002A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002A3CCA
                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 002A1D4C
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend_wcslen
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 624084870-1403004172
                                                            • Opcode ID: ccd41dc02fc960eee8ab5c6bda00f5b51f7c6d92e0a0c2968f82205891cb5a6f
                                                            • Instruction ID: 22b7d6a6ad5eca33a12720d678427b1ce6ca097c43a4156df1fcf95461d9b798
                                                            • Opcode Fuzzy Hash: ccd41dc02fc960eee8ab5c6bda00f5b51f7c6d92e0a0c2968f82205891cb5a6f
                                                            • Instruction Fuzzy Hash: 7601B575A61615ABCB08EFA4CC558FF7769EB47360F14061AF832572C1EE3059388AA0
                                                            Function 002A1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                              • Part of subcall function 002A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002A3CCA
                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 002A1C46
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend_wcslen
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 624084870-1403004172
                                                            • Opcode ID: 785499294c10ef88bb1e9d7d8ee9976439be515b771b10c2ab880da6976b88ee
                                                            • Instruction ID: 2cf5de374b292c2c3bcd9f2805a9ac93eec30999102d9b77dc580cc04ab46cf0
                                                            • Opcode Fuzzy Hash: 785499294c10ef88bb1e9d7d8ee9976439be515b771b10c2ab880da6976b88ee
                                                            • Instruction Fuzzy Hash: BC01A775AE110567CB08EB90DD559FF77A99B16360F14001BF406672C2EE609E38CAB2
                                                            Function 002A1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                              • Part of subcall function 002A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002A3CCA
                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 002A1CC8
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend_wcslen
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 624084870-1403004172
                                                            • Opcode ID: 90bf46ae3a4d3e1ef61ecc80b8ac927e20a6dc156f7020c922674b34eb8e9d6a
                                                            • Instruction ID: 5be2493690eb271dd810672c97703287d3a9e2fa4f81caadba67758cce36cc77
                                                            • Opcode Fuzzy Hash: 90bf46ae3a4d3e1ef61ecc80b8ac927e20a6dc156f7020c922674b34eb8e9d6a
                                                            • Instruction Fuzzy Hash: 2201DB75AA121567CF08EB94CE51AFF77AD9B12360F140017B80173281EE609F38CAB2
                                                            Function 0025A4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __Init_thread_footer.LIBCMT ref: 0025A529
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer_wcslen
                                                            • String ID: ,%1$3y)
                                                            • API String ID: 2551934079-3949178966
                                                            • Opcode ID: 072f90eff95ecdadaed970a111daea2ee9975b968cca0961b5e026c51e733912
                                                            • Instruction ID: 6298b051163a7bc0a99d107309c10183c4aa8a94b6f8dc002eaa72b4cf6c2555
                                                            • Opcode Fuzzy Hash: 072f90eff95ecdadaed970a111daea2ee9975b968cca0961b5e026c51e733912
                                                            • Instruction Fuzzy Hash: 44012B31B3061187C509F7A8D89BEAE7354DB0E711F900155FD02572C3EE705DA98E9B
                                                            Function 002A1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 00249CB3: _wcslen.LIBCMT ref: 00249CBD
                                                              • Part of subcall function 002A3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 002A3CCA
                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 002A1DD3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ClassMessageNameSend_wcslen
                                                            • String ID: ComboBox$ListBox
                                                            • API String ID: 624084870-1403004172
                                                            • Opcode ID: 1518ce5ea353925938ebb0a697c3808c917e26b6f2cf13cadac5142dc7223486
                                                            • Instruction ID: 96b7834cd1f565bae2c45ab29915e5423df7dd5eaa482e336620350094e1f9d1
                                                            • Opcode Fuzzy Hash: 1518ce5ea353925938ebb0a697c3808c917e26b6f2cf13cadac5142dc7223486
                                                            • Instruction Fuzzy Hash: 79F0A971A6161567D708F7A4DD55AFF7768AB07360F040916F422632C1DE6059288AA0
                                                            Function 002D8172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00313018,0031305C), ref: 002D81BF
                                                            • CloseHandle.KERNEL32 ref: 002D81D1
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CloseCreateHandleProcess
                                                            • String ID: \01
                                                            • API String ID: 3712363035-343881743
                                                            • Opcode ID: 5664d2656efd2acf20ae0e699e60b5621a77cce86a4896ecd1bf690cc3eb411e
                                                            • Instruction ID: 13ff4543af858d023590eaca6792d97a6914c12838434c78b81a3d87ab9d8cbb
                                                            • Opcode Fuzzy Hash: 5664d2656efd2acf20ae0e699e60b5621a77cce86a4896ecd1bf690cc3eb411e
                                                            • Instruction Fuzzy Hash: C6F05EF1650300BAE7216B61AC49FF73A9CDB0C750F004461BB09D52A2D6758F6486B8
                                                            Function 002C747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: _wcslen
                                                            • String ID: 3, 3, 16, 1
                                                            • API String ID: 176396367-3042988571
                                                            • Opcode ID: 35900365e3e891a8713e6b2e82c03be9cb3df4644649ef3576642dfae500ac9e
                                                            • Instruction ID: ac01c89b6ff508c1f243dadf2002cbc2d77634e5ee0f8fb656fae3053bb99319
                                                            • Opcode Fuzzy Hash: 35900365e3e891a8713e6b2e82c03be9cb3df4644649ef3576642dfae500ac9e
                                                            • Instruction Fuzzy Hash: 81E0AB0627662010A23522399CC1F7F469ADFC5350320182FF8C0C2266EA808CF187B0
                                                            Function 002A0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 002A0B23
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Message
                                                            • String ID: AutoIt$Error allocating memory.
                                                            • API String ID: 2030045667-4017498283
                                                            • Opcode ID: a7b0157bc1abd0020cf86f2557d8cb4cbb8d6cd3529e239fc66950b76ca6f874
                                                            • Instruction ID: f03b2ec8ea6840edd11a4a531498861ba598c3a845878426c84dc6e094aff490
                                                            • Opcode Fuzzy Hash: a7b0157bc1abd0020cf86f2557d8cb4cbb8d6cd3529e239fc66950b76ca6f874
                                                            • Instruction Fuzzy Hash: 53E0D83126530926D2143794BD07FC9BB848F06B21F200427FB88555C38AE228B08AAD
                                                            Function 00260D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 0025F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00260D71,?,?,?,0024100A), ref: 0025F7CE
                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0024100A), ref: 00260D75
                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0024100A), ref: 00260D84
                                                            Strings
                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00260D7F
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                            • API String ID: 55579361-631824599
                                                            • Opcode ID: d4fc76f9515bda719e7018b5b8fdc8a85db8e00744f6ab84eae97b9a97ed4b43
                                                            • Instruction ID: 6ab7d8cd2b15476c8cbbc8c42af7078af0826af7f5bba54067f13a0d92be89e4
                                                            • Opcode Fuzzy Hash: d4fc76f9515bda719e7018b5b8fdc8a85db8e00744f6ab84eae97b9a97ed4b43
                                                            • Instruction Fuzzy Hash: 2BE092746103028BE3709FB8E548743BBE4EF04745F008A2EE882C6755DBB0E894DF91
                                                            Function 0025E398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __Init_thread_footer.LIBCMT ref: 0025E3D5
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Init_thread_footer
                                                            • String ID: 0%1$8%1
                                                            • API String ID: 1385522511-1110057731
                                                            • Opcode ID: d36853ca623308d352ba242f841fe8d3921366cd44fbef738d1578616a7419a5
                                                            • Instruction ID: 1f16032038011448b99f1b4a3a23823eb2776ede4769381f3d9a096be35ed362
                                                            • Opcode Fuzzy Hash: d36853ca623308d352ba242f841fe8d3921366cd44fbef738d1578616a7419a5
                                                            • Instruction Fuzzy Hash: 0FE0DF314309109BCA0EAB18B9E4EEAB35BAB0E321B1141E4E80287191DB7029A59A48
                                                            Function 002B3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 002B302F
                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 002B3044
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: Temp$FileNamePath
                                                            • String ID: aut
                                                            • API String ID: 3285503233-3010740371
                                                            • Opcode ID: 6324ba68713b1e4db9a2c0a576eb7fe51a0cd4132e3ada654729d58be1720a83
                                                            • Instruction ID: c3d5aabdeaeed847735cab85409fe267ddcdaad1034ed8a0a7f87e24f01a9653
                                                            • Opcode Fuzzy Hash: 6324ba68713b1e4db9a2c0a576eb7fe51a0cd4132e3ada654729d58be1720a83
                                                            • Instruction Fuzzy Hash: 56D05B7190131467DA20A794AC0EFC73B6CD704750F000252BA55D20D1DAB09944CAD0
                                                            Function 0029D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: LocalTime
                                                            • String ID: %.3d$X64
                                                            • API String ID: 481472006-1077770165
                                                            • Opcode ID: a856871ec571c8df441c7ae5f4375631c5bf53f052a522191d94f84030927ad8
                                                            • Instruction ID: 2fafa94a3150f671343bd82188112cf867cfd822417839b4a15f68de98ff4226
                                                            • Opcode Fuzzy Hash: a856871ec571c8df441c7ae5f4375631c5bf53f052a522191d94f84030927ad8
                                                            • Instruction Fuzzy Hash: 85D01265C39109EACF9097D0DD498B9B37CAB18301F608452FC0691081D674D528BB61
                                                            Function 002D2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 002D232C
                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 002D233F
                                                              • Part of subcall function 002AE97B: Sleep.KERNEL32 ref: 002AE9F3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FindMessagePostSleepWindow
                                                            • String ID: Shell_TrayWnd
                                                            • API String ID: 529655941-2988720461
                                                            • Opcode ID: 0fa7e1e5433057c3686984db65ece3c96fb77481fc862c75c1744881b26ffdbf
                                                            • Instruction ID: f523172cdbbdaf2a9f23e4f16dbcc79ea770a0707630040b2de95f1dda28938e
                                                            • Opcode Fuzzy Hash: 0fa7e1e5433057c3686984db65ece3c96fb77481fc862c75c1744881b26ffdbf
                                                            • Instruction Fuzzy Hash: ADD0A932792311B7EA68A330AC0FFC67A089B40B00F100902B205AA0D0C9A0A801CA44
                                                            Function 002D2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 002D236C
                                                            • PostMessageW.USER32(00000000), ref: 002D2373
                                                              • Part of subcall function 002AE97B: Sleep.KERNEL32 ref: 002AE9F3
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: FindMessagePostSleepWindow
                                                            • String ID: Shell_TrayWnd
                                                            • API String ID: 529655941-2988720461
                                                            • Opcode ID: 16addc94eadc29765feb82d3af4438bdb1e97313baeaadb52c29582ed9100ee3
                                                            • Instruction ID: 254504f1df18a265f49f53c4e9668bb982b699485a7838f8323c14d9796e1e86
                                                            • Opcode Fuzzy Hash: 16addc94eadc29765feb82d3af4438bdb1e97313baeaadb52c29582ed9100ee3
                                                            • Instruction Fuzzy Hash: DAD0A932782311BBEA68A330AC0FFC676089B40B00F100902B201AA0D0C9A0A801CA48
                                                            Function 0027BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 0027BE93
                                                            • GetLastError.KERNEL32 ref: 0027BEA1
                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0027BEFC
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.2904637781.0000000000241000.00000020.00000001.01000000.00000003.sdmp, Offset: 00240000, based on PE: true
                                                            • Associated: 00000000.00000002.2904612553.0000000000240000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904725576.0000000000302000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904791969.000000000030C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                            • Associated: 00000000.00000002.2904820209.0000000000314000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_240000_random.jbxd
                                                            Similarity
                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                            • String ID:
                                                            • API String ID: 1717984340-0
                                                            • Opcode ID: dbf9b6e6db7fbffffdb01cb03de9885516ff7d431b33418ed70f73fa238112f6
                                                            • Instruction ID: f2be75873d769da57525c3d4989ec1675061334c5cfc5d16a6e12148dc06ff5a
                                                            • Opcode Fuzzy Hash: dbf9b6e6db7fbffffdb01cb03de9885516ff7d431b33418ed70f73fa238112f6
                                                            • Instruction Fuzzy Hash: 14410735625217AFCF228F64DC54BBA7BA4EF41B10F24816AF95D972A1DB308C20CF52